基于多分类器集成的ICS入侵检测算法  被引量：2

作　　者：黎佳[1] LI Jia(School of Art Design,Guangdong Polytechnic of Science and Technology,Zhuhai 519090,China)

机构地区：[1]广东科学技术职业学院艺术设计学院,广东珠海519090

出　　处：《控制工程》2023年第6期1105-1111,共7页Control Engineering of China

摘　　要：工业控制系统(industrial control system,ICS)入侵检测模型近年来愈加复杂,参数优化愈加困难,传统单分类器模型表现出明显的局限性。针对该问题,提出一种基于多分类器集成的ICS入侵检测算法,借鉴“分而治之”的思路将高维复杂入侵检测问题分解为多个简单子问题,使用单分类器模型对每个子问题进行分析并获取最优分类,最后采用改进Bagging完成各个分类器结果的融合。同时针对样本不均衡问题,在预处理阶段提出改进的少数样本合成技术(improved synthetic minority over-sampling technique,ImSMOTE)构建平衡数据集。采用密西西比州立大学(Mississippi State University,MSU)的天然气管道测试平台SCADA系统记录的真实数据开展实验,结果表明所提方法能够获得较高的入侵检测准确率,同时少数类别的误检率明显降低,能够有效提升ICS系统的安全性和可靠性。Nowadays,industrial control systems(ICS) intrusion detection models are becoming more complex and parameter optimization is more difficult.The traditional single classifier model has obvious limitations and imbalances.To solve this problem,an ICS intrusion detection algorithm based on the integration of multiple classifiers is proposed,and the high-dimensional complex intrusion detection problem is decomposed into multiple simple sub-problems based on the idea of “divide and conquer”,and each sub-problem is analyzed using a single classifier model.And obtain the optimal classification,and finally use improved Bagging to complete the fusion of the results of each classifier.At the same time,aiming at the problem of sample imbalance,in the preprocessing stage,an improved synthetic minority over-sampling technique(ImSMOTE) is proposed to construct a balanced data set.The experiment was carried out with real data recorded by the SCADA system of the natural gas pipeline testing platform of Mississippi State University(MSU).The results show that the proposed method can obtain a higher rate of intrusion detection accuracy,and at the same time,the false negative rate of a few categories is significantly reduced.It can effectively improve the safety and reliability of the ICS system.

关 键 词：工业控制系统 攻击检测 多分类器集成 样本均衡 特征选择 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]