Abstract:
Industrial control system (ICS) is an important part of a country's critical infrastructure. With the continuous integration of information technology and industrial control network, critical infrastructure control systems have become a part of the internet and are more vulnerable to various cyber-attacks. The abnormity or collapse of ICS may lead to economic losses, environmental damage, and even loss of life. It is very important to strengthen the network security protection of ICS. Intrusion detection systems are very effective information security mechanism that can monitor network traffic, detect and prevent cyber-attacks. With the rapid development of industrial internet, a large amount of industrial network traffic data are generated, which causes the problems of low detection accuracy and low time efficiency of the traditional industrial control intrusion detection algorithm. This paper proposes an industrial control intrusion detection model that combines the improved Sparrow Search Algorithm (ISSA) and the lightweight gradient boosting machine (LightGBM). It can process a large amount of industrial data at a high speed without sacrificing the detection performance. In this paper, the improved ISSA algorithm is used to handle the difficulty in adjusting LightGBM hyperparameters. Firstly, the discrete decoding strategy is introduced to avoid the decimal in shaping hyperparameters; Secondly, the generation method of the initial population is optimized to improve population diversity; Finally, the position update function of this algorithm is improved to provide better global search ability. Applying ISSA to the LightGBM intrusion detection model for parameter optimization, the research results on massive standard industrial control network dataset show that this method has higher detection accuracy and time efficiency, and is particularly suitable for processing large amounts of industrial data.