一种ICS异常检测的优化GAN模型  被引量：2

作　　者：顾兆军[1] 刘婷婷[1,2] 隋翯 GU Zhaojun;LIU Tingting;SUI He(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;College of Aeronautical Engineering,Civil Aviation University of China,Tianjin 300300,China)

机构地区：[1]中国民航大学信息安全测评中心,天津300300 [2]中国民航大学计算机科学与技术学院,天津300300 [3]中国民航大学航空工程学院,天津300300

出　　处：《西安电子科技大学学报》2022年第2期173-181,236,共10页Journal of Xidian University

基　　金：中央高校基本科研业务费中国民航大学专项(3122019072);民航安全能力建设资金项目(PESA2019073);中国民航大学信息安全测评中心开放基金(ISECCA-202004)。

摘　　要：工业控制系统异常检测大多面临类不平衡问题,从而导致检测模型准确率下降和泛化能力变差。根据生成式对抗网络,提出一种只使用正常样本进行训练的异常检测模型——基于隐空间特征重构的生成式对抗网络模型。在训练阶段,该模型通过引入新的编码器,学习生成数据到隐空间的映射,实现生成数据的隐空间特征重构,并嵌入SE Block模块提升有效特征权重,提高隐空间特征重构能力;鉴别器同时鉴别两个编码器和一个生成器产生的3个数据对,提高模型精度和泛化能力。在检测阶段,综合考虑重构和鉴别损失,采用L2范数优化异常评分公式,克服模式崩塌。SWaT和WADI两个数据集上的验证实验结果表明,该模型在学习能力、稳定性和检测结果方面与AnoGAN、WGAN-GP和BiGAN等模型相比都具有明显优势。The anomaly detection of most of the industrial control systems(ICS)is faced with the problem of class-imbalance,which leads to a decrease in accuracy and the deterioration of generalization.According to the generative adversarial network(GAN),this paper proposes an anomaly detection model using only normal samples for training——the latent feature reconstruction generative GAN model(LFR-GAN).In the training stage,the model learns to generate the mapping of data to the latent space by a new encoder for realizing latent space feature reconstruction.In addition,an SE Block module is embedded to enhance the effective feature weight and to improve the ability of latent space feature reconstruction.For the discriminator,it identifies three data pairs produced by two encoders and one generator simultaneously,improving the model accuracy and generalization ability.In the detection stage,considering the reconstruction and identification of losses comprehensively,anomaly scoring formula optimization based on the L2 norm is adopted to overcome mode collapse.The validation experiment results on SWaT and WADI datasets show that the LFR-GAN model has obvious advantages over other GAN models in terms of learning ability,stability and detection results.

关 键 词：工业控制系统 不平衡数据集 生成式对抗网络 异常检测 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]