基于优先级诊断树的工控网络入侵数据关联挖掘方法  

作　　者：过珺[1] GUO Jun(Basic Teaching Department,Anhui College of Traditional Chinese Medicine,Anhui Wuhu 241000,China)

机构地区：[1]安徽中医药高等专科学校基础教学部,安徽芜湖241000

出　　处：《齐齐哈尔大学学报（自然科学版）》2024年第4期11-16,共6页Journal of Qiqihar University(Natural Science Edition)

基　　金：2020年安徽省教育厅高校优秀青年骨干教师国内访问研修项目(gxgnfx2020138);2022年安徽中医药高等专科学校自然科学重点研究项目“基于知识图谱的认知诊断研究”(ZRKXZ202203)。

摘　　要：研究基于优先级诊断树的工控网络入侵数据关联挖掘方法,提高工控网络入侵数据挖掘能力。采用网格搜索与模拟退火算法相结合的方法得出SVM提取器最优参数,通过SVM提取器提取工控网络入侵数据特征,运用粗糙集约简工控网络入侵数据特征属性,降低工控网络入侵挖掘的数据样本冗余特征属性。将约简的特征作为优先级诊断树的输入,依据工控网络入侵数据关联挖掘准则,使用优先级诊断树实现工控网络入侵数据关联挖掘。实验结果表明,该方法平均误报率为1.38%,检测率大于90%,挖掘时间低于3.6 s,在-6~26 dB归一化空间谱范围内,均能有效地实现工控网络入侵信号数据挖掘且检测效果最优。Research on the mining method of industrial control network intrusion data association based on priority diagnosis tree to improve the ability of industrial control network intrusion data mining.The combination of grid search and simulated annealing algorithm is used to obtain the optimal parameters of the SVM extractor.The SVM extractor is used to extract the features of industrial control network intrusion data,and rough set is used to reduce the feature attributes of industrial control network intrusion data,reducing the redundant feature attributes of data samples in industrial control network intrusion mining.Using the reduced features as input to the priority diagnosis tree,according to the mining criteria for industrial control network intrusion data association,the priority diagnosis tree is used to achieve industrial control network intrusion data association mining.The experimental results show that the average false alarm rate of this method is 1.38%,and the detection rate is greater than 90%.The association mining time is less than 3.6 seconds,and within the range of-6-26 dB normalized spatial spectrum,it can effectively achieve industrial control network intrusion signal data mining,and the detection effect is the best.

关 键 词：优先级诊断树 工控网络 入侵数据 关联挖掘方法 数据特征提取 粗糙集 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]