基于KG-DBN-SVM的工控网络安全态势感知算法  被引量：2

作　　者：杨骏 王劲林[1,2] 倪宏 盛益强[1,2] YANG Jun;WANG Jinlin;NI Hong;SHENG Yiqiang(National Network New Media Engineering Research Center,Institute of Acoustics,Chinese Academy of Sciences,Beijing,100190,China;School of Electronic,Electrical and Communication Engineering,University of Chinese Academy of Sciences,Beijing,100049,China)

机构地区：[1]中国科学院声学研究所国家网络新媒体工程技术研究中心,北京100190 [2]中国科学院大学电子电气与通信工程学院,北京100049

出　　处：《网络新媒体技术》2023年第3期10-19,共10页Network New Media Technology

基　　金：中国科学院战略性先导科技专项“CPS融合的工控异常检测技术与系统”(编号:XDC02020400)。

摘　　要：工业控制网络是重要的基础设施,保障其安全稳定运行非常重要。对工控网络进行安全态势感知研究,可以帮助安全人员从更加全面的层面发现潜在威胁,保障工控网络安全。工控网络数据来源很多、结构各异,存在多源异构的特点,从这一点出发对数据进行分析,可以更好地感知工控网络安全态势。本文使用知识图谱对多源异构数据进行结构化,然后利用深度置信网络对不同工控实体数据进行特征提取与降维,最后利用支持向量机进行分类判断确定,并进行数据调优,得到最佳的工控网络安全态势感知模型。在公共的工控安全数据集上进行对比实验,实验结果表明,本文算法在准确率、召回率与F1指标上分别达到了0.938、0.891和0.914的结果,优于对比较的一系列工控网络安全算法。Industrial control network is an important infrastructure,therefore it is very important to ensure its safe and stable operation.Conducting security situational awareness research on industrial control networks can help security personnel to discover potential threats from a more overall level and ensure the security of the industrial control network.Industrial control network data has many sources and different structures,has the characteristics of multi-source heterogeneous.Analyzing data from this point can better aware the security situation of industrial control networks.This paper uses Knowledge Graph to structure multi-source heterogeneous data,then use Deep Belief Network to extract features and reduce the dimensionality of different industrial control entity data,and finally use Support Vector Machine to classify and determine,then do parameter tuning to get the best industrial control network security situation awareness model.Comparative experiments on public industrial control security dataset show that the algorithm in this paper has achieved results of 0.938,0.891,and 0.914 in accuracy,recall and F1 score,which are better than a series of compared industrial control network security algorithms.

关 键 词：工控网络安全 态势感知 知识图谱 深度置信网络 支持向量机 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]