Abstract:
By integrating binary gray wolf algorithm and neighborhood rough set, this paper proposes a case-based reasoning algorithm (bGWO-NRS-CBR) to handle high dimensionality and redundancy of industrial control network data samples. The rough set is usually used for dimensionality reduction of data set so as to effectively delete redundant attributes and the gray wolf algorithm is a new type of optimization algorithm that can quickly obtain the relative optimal value in the search space. In the proposed bGWO-NRS-CBR algorithm, both the dependency concept of neighborhood rough set and the number of attributes are taken as the fitness functions of the binary grey wolf algorithm, which is further utilized to find the minimum relative attribute subset by constantly updating the position of wolf population. And then, the attribute significance is used to re-optimize and assign the weights for constructing the case-based reasoning classifier, by which the attack detection on industrial control network data samples will be undergone. The procedure of the attack detection includes four stages, i.e., retrieve, revise, reuse and retain. The k-nearest neighbor is used for case retrieve, in which the attribute weights are allocated based on attribute significance. Finally, the proposed algorithm is tested via the intrusion detection on the standard data set of industrial control system and the comparison with other traditional machine learning algorithms to the standard data set is also made, which verifies the advantages of the proposed attribute reduction algorithm and the classification algorithm in this paper. Moreover, the superiority of binary gray wolf algorithm and neighborhood rough set is confirmed by the classification accuracy and classification time of the unreduced and reduced experiments, and the superiority of case-based reasoning based on attribute significance is confirmed by comparative experiments of various optimization algorithms. These experimental results show that not only the minimum relative attribute subset is obtained but also the accuracy and efficiency of industrial intrusion detection are improved. The best classification time is only 29 s and the best classification accuracy is 97.4% by combining reduction algorithm and classification algorithm.