基于对抗机器学习的工业控制网络欺骗攻击行为检测系统设计  

作　　者：张涛 ZHANG Tao(Department of Network Security,Shanxi Police College,Taiyuan 030001,China)

机构地区：[1]山西警察学院网络安全保卫系,太原030001

出　　处：《计算机测量与控制》2024年第10期298-304,共7页Computer Measurement &Control

基　　金：2022年山西省教育厅教学改革创新项目(J20221297)。

摘　　要：欺骗攻击行为会干扰工业控制网络对传输信息的判断能力,从而使得风险性数据进入网络主机,造成网络安全性下降的问题;为避免上述情况的发生,设计基于对抗机器学习的工业控制网络欺骗攻击行为检测系统;设置攻击行为采集、处理、检测验证三类子模块单元,完成欺骗攻击行为检测系统的功能性模块设计;在对抗机器学习算法中定义攻击行为,并以此为基础,提取欺骗攻击行为特征,实现对攻击行为的识别;分析工业控制网络的安全风险,联合欺骗攻击行为的风险性度量条件,定义具体的检测建模标准,从而实现对工业控制网络欺骗攻击行为信息的检测;实验结果表明,设计方法的应用可以按照数据样本传输波长的差异性,将欺骗性攻击信息检测出来,且召回率测试结果在0.93~0.98之间,表明设计方法能够准确地检测出欺骗攻击行为,使工控网络的运行安全性得到了保障。Deceptive attack behavior can interfere with the judgment ability of industrial control networks to transmit information,causing risky data to enter network hosts and leading to a decrease in network security.To avoid the occurrence of the above situation,design an industrial control network spoofing attack behavior detection system based on adversarial machine learning.Set up three types of sub module units for attack behavior collection,processing,and detection verification,and complete the functional module design of the deception attack behavior detection system.Define attack behavior in adversarial machine learning algorithms,and based on this,extract features of deceptive attack behavior to achieve recognition of attack behavior.Analyze the security risks of industrial control networks,establish risk measurement conditions for joint deceptive attack behaviors,define specific detection modeling standards,and thus achieve the detection of information on deceptive attack behaviors in industrial control networks.The experimental results show that the application of the design method can detect deceptive attack information based on the difference in transmission wavelength of data samples,and the recall test results are between 0.93 and 0.98,indicating that the design method can accurately detect deceptive attack behavior,ensuring the operational security of industrial control networks.

关 键 词：对抗机器学习 工业控制网络 欺骗攻击行为 数学表达式 行为特征 安全风险 传输波长 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]