An Anomaly Detection Method of Process Data Based on SAE-LSTM

被引：0

作者：

Shang W.-L. ^{[1
]}

Shi H. ^{[2
,3
,4
]}

Zhao J.-M. ^{[2
,3
,4
]}

Zeng P. ^{[2
,3
,4
]}

机构：

[1] School of Electronic and Communication Engineering, Guangzhou University, Guangzhou

[2] Shenyang Institute of Automation, Chinese Academy of Science, Shenyang

[3] University of Chinese Academy of Sciences, Beijing

[4] Key Laboratory of Networked Control System, CAS, Shenyang

来源：

Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2021年 / 49卷 / 08期

关键词：

Auto-encoder neural network; Industrial control anomaly detection system; Industrial control system; Long and short term memory neural network;

D O I：

10.12263/DZXB.20180015

中图分类号：

学科分类号：

摘要：

In order to solve the problem of high false alarm rate of abnormal detection of process data in industrial network security protection, this paper proposes an anomaly detection method based on time series. In this method, the process data is analyzed by association analysis and vector mapping, and the stacked auto-encoder neural network (SAE) is used to reduce the dimension of process data features. According to the correlation of process data in the transmission sequence, an anomaly detection model based on long and short term memory neural network (LSTM) is designed. Finally, the simulation analysis of abnormal detection of process data is carried out. The experimental results show that the anomaly detection model based on time series can greatly improve the accuracy of process data anomaly detection, and the false positive rate is lower than the traditional hidden Markov anomaly detection model, and at the same time get better real-time performance of anomaly detection. © 2021, Chinese Institute of Electronics. All right reserved.

引用

页码：1561 / 1568

页数：7

共 25 条

[1] Lai Y X, Liu Z H, Cai X T, Et al., Research on intrusion detection of industrial control system, Journal on Communications, 38, 2, pp. 143-156, (2017)
[2] Zhang K Y, Chen T M, Yan C., Research survey on industrial control systems security and intrusion detection, Journal of Information Security Research, 3, 7, pp. 624-632, (2017)
[3] Bi Z K, Xu S L., Actuality and development trend of intrusion detection technology, Software Guide, 9, 11, pp. 152-154, (2010)
[4] Yim K, Castiglione A, Yi J H, Et al., Cyber threats to industrial control systems, Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats, pp. 79-81, (2015)
[5] Cheminod M, Durante L, Valenzano A., Review of security issues in industrial networks, IEEE Transactions on Industrial Informatics, 9, 1, pp. 277-293, (2013)
[6] Shang W L, Zhang S S, Wan M, Et al., Modbus/TCP communication anomaly detection algorithm based on PSO-SVM, Acta Electronica Sinica, 42, 11, pp. 2314-2320, (2014)
[7] Zhang X L, Wang W, Guan X H., Detection of anomalous program behaviors based on hidden Markov models, Journal of Xi'an Jiaotong University, 39, 10, pp. 1056-1059, (2005)
[8] Xie B L, Yu S Z., Application level anomaly detection based on series of events, Journal of Chinese Computer Systems, 31, 2, pp. 249-253, (2010)
[9] Zhang Y G, Zhao H, Wang L N., A non-parametric CUSUM intrusion detection method based on industrial control model, Journal of Southeast University (Natural Science Edition), 42, S1, pp. 55-59, (2012)
[10] Qian Y K, Chen M, Ye L X, Et al., Network-wide anomaly detection method based on multiscale principal component analysis, Journal of Software, 23, 2, pp. 361-377, (2012)

← 1 2 3 →