高级检索

  • ISSN 1006-3080
  • CN 31-1691/TQ

基于ISSA-LightGBM的工控入侵检测研究

赵志达 王华忠

赵志达, 王华忠. 基于ISSA-LightGBM的工控入侵检测研究[J]. 华东理工大学学报(自然科学版). doi: 10.14135/j.cnki.1006-3080.20220606002
引用本文: 赵志达, 王华忠. 基于ISSA-LightGBM的工控入侵检测研究[J]. 华东理工大学学报(自然科学版). doi: 10.14135/j.cnki.1006-3080.20220606002
ZHAO Zhida, WANG Huazhong. Research on Intrusion Detection of Industrial Control System Based on ISSA-LightGBM[J]. Journal of East China University of Science and Technology. doi: 10.14135/j.cnki.1006-3080.20220606002
Citation: ZHAO Zhida, WANG Huazhong. Research on Intrusion Detection of Industrial Control System Based on ISSA-LightGBM[J]. Journal of East China University of Science and Technology. doi: 10.14135/j.cnki.1006-3080.20220606002

基于ISSA-LightGBM的工控入侵检测研究

doi: 10.14135/j.cnki.1006-3080.20220606002
基金项目: 国家自然科学基金(61973119)
详细信息
    作者简介:

    赵志达(1997—),男,江苏泰州人,硕士生,主要研究方向为工业系统信息安全。E-mail:Y30201007@mail.ecust.edu.cn

    通讯作者:

    王华忠, E-mail:hzwang@ecust.edu.cn

  • 中图分类号: TP309

Research on Intrusion Detection of Industrial Control System Based on ISSA-LightGBM

  • 摘要: 针对工业互联网的高速发展,产生大量的工业网络流量数据,造成传统的工控入侵检测算法检测精度不高、时间效率低的问题,本文提出了一种结合改进的麻雀搜索算法(ISSA)和轻量级梯度提升机(LightGBM)的工控入侵检测模型,它可以在不牺牲检测性能的情况下还具有高速处理大量工业数据的能力。论文采用改进的ISSA算法解决LightGBM超参数调整困难的问题,首先引入离散解码策略,避免整形超参数出现小数;其次,优化了初始种群的生成方式,提高了种群多样性;最后,改进了算法的位置更新函数,使算法具有更优的全局搜索能力。将ISSA运用到LightGBM入侵检测模型进行参数寻优,针对海量标准工控网络数据集的研究结果表明,该方法具有更高的检测精度和时间效率,特别适合处理大量工业数据。

     

  • 图  1  level-wise策略

    Figure  1.  level-wise algorithm

    图  2  leaf-wise策略

    Figure  2.  leaf-wise algorithm

    图  3  离散超参数解码过程

    Figure  3.  Discrete hyperparameter decoding process

    图  4  ISSA-LightGBM入侵检测模型流程图

    Figure  4.  Flow chart of ISSA-LightGBM intrusion detection model

    图  5  适应度收敛曲线

    Figure  5.  Convergence curve of fitness

    图  6  LightGBM模型的混淆矩阵

    Figure  6.  Confusion matrix of LightGBM model

    图  7  各类攻击检测性能

    Figure  7.  Detection performance of various attacks

    表  1  LightGBM模型主要超参数

    Table  1.   LightGBM main hyperparameters

    ParameterRangeDescription
    num_leaves{1, 2, ···, n}number of leaves
    max_depth[3, 10]maximum tree depth
    min_data_in_leaf{1, 2,···, n}minimum number of data in a leaf
    learning_rate(0, 1]learning rate
    min_sum_hessian_in_leaf(0, 10]sum of minimum weights of samples
    bagging_fraction(0, 1]proportion of data by random selection
    feature_fraction(0, 1]proportion of features
    lambda_l1[0, 10]L1 regularization
    lambda_l2[0, 10]L2 regularization
    下载: 导出CSV

    表  2  天然气管道数据集的描述

    Table  2.   Description of natural gas pipeline dataset

    TypeLabelSamplesDescription
    Normal061156Normal data
    NMRI12763Normal malicious response injection attack
    CMRI215466Complex malicious response injection attack
    MSCI3782Malicious status command injection attack
    MPCI47637Malicious parameter command injection attack
    MFCI5573Malicious function command injection attack
    Dos61837Denial of service attack
    RECO76805Reconnaissance attack
    下载: 导出CSV

    表  3  ISSA与其他优化算法实验结果比较

    Table  3.   Compare ISSA with other optimization algorithms

    ModelACC/%FPR/%FNR/%Time/s
    PSO-LightGBM98.071.273.031465.36
    WOA- LightGBM98.261.112.781253.47
    SSA -LightGBM98.780.821.891120.98
    ISSA -LightGBM98.920.671.771096.83
    下载: 导出CSV

    表  4  最优超参数

    Table  4.   Optimal hyperparameters

    ParameterValue
    num_leaves430
    max_depth6
    min_data_in_leaf21
    learning_rate0.59
    min_sum_hessian_in_leaf0.01
    bagging_fraction0.63
    feature_fraction0.64
    lambda_l13.65
    lambda_l25.08
    下载: 导出CSV

    表  5  模型性能对比

    Table  5.   Model performance comparison

    ModelACC/%FPR/%FNR/%Time/s
    KNN93.112.114.122.78
    SVM95.353.007.453.90
    CNN[9]95.972.125.3711.05
    SLSTM[10]98.871.212.572653
    ISSA -LGB98.930.851.456.05
    下载: 导出CSV
  • [1] STOUFFER K, FALCO J, SCARFONE K. Guide to Industrial Control Systems (ICS) Security[M]. America: National Institute of Standards and Technology Special Publication, 2015.
    [2] MCLAUGHLIN S, KONSTANTINOU C, WANG X Y, et al. The Cybersecurity Landscape in Industrial Control Systems[J]. Proceedings of the IEEE, 2016, 104(5): 1039-1057. doi: 10.1109/JPROC.2015.2512235
    [3] 尚文利, 石贺, 赵剑明, 等. 基于SAE-LSTM的工艺数据异常检测方法[J]. 电子学报, 2021, 49(8): 1561-1568. doi: 10.12263/DZXB.20180015
    [4] YADAV G, PAUL K. Architecture and Security of SCADA Systems: A review[J]. International Journal of Critical Infrastructure Protection, 2021, 34: 100433. doi: 10.1016/j.ijcip.2021.100433
    [5] 张文安, 洪榛, 朱俊威, 等. 工业控制系统网络入侵检测方法综述[J]. 控制与决策, 2019, 34(11): 2277-2288. doi: 10.13195/j.kzyjc.2019.1302
    [6] YANG Z, LIU X D, LI T, et al. A Systematic Literature Review of Methods and Datasets for Anomaly-based Network Intrusion Detection[J]. Computers & Security, 2022, 116: 102675.
    [7] 孙海丽, 龙翔, 韩兰胜, 等. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210. doi: 10.11959/j.issn.1000-436x.2022032
    [8] 黄一鸣, 赵国新, 魏战红, 等. 基于特征增强和优化SVM的工控入侵检测[J]. 计算机工程与设计, 2021, 42(12): 3373-3379. doi: 10.16208/j.issn1000-7024.2021.12.010
    [9] 陈汉宇, 王华忠, 颜秉勇. 基于CUDA和布谷鸟算法的SVM在工控入侵检测中的应用[J]. 华东理工大学学报(自然科学版), 2019, 45(1): 101-109. doi: 10.14135/j.cnki.1006-3080.20180102003
    [10] LING J, ZHU Z S, LUO Y, et al. An Intrusion Detection Method for Industrial Control Systems based on Bidirectional Simple Recurrent Unit[J]. Computers & Electrical Engineering, 2021, 91: 107049.
    [11] 刘会鹏, 周治平. 基于超参数自动寻优的工控网络入侵检测[J]. 信息与控制, 2021, 50(4): 427-434. doi: 10.13976/j.cnki.xk.2021.0368
    [12] NARAYANA R K, VENKATA R K, PRASAD R. A Hybrid Intrusion Detection System based on Sparse Autoencoder and Deep Neural Network[J]. Computer Communications, 2021, 180: 77-88. doi: 10.1016/j.comcom.2021.08.026
    [13] KE G L, MENG Q, FINLEY T, et al. LightGBM: A Highly Efficient Gradient Boosting Decision Tree[J]. Advances in Neural Information Processing Systems, 2017, 30: 3146-3154.
    [14] ZHANG H, LI J L. A New Network Intrusion Detection based on Semi-supervised Dimensionality Reduction and Tri-LightGBM[C]//IEEE. 2020 International Conference on Pervasive Artificial Intelligence (ICPAI), New York, USA: IEEE, 2020: 35-40.
    [15] JU Y, SUN G Y, CHEN Q H, et al. A Model Combining Convolutional Neural Network and LightGBM Algorithm for Ultra-short-term Wind Power Forecasting[J]. IEEE Access, 2019, 7: 28309-28318. doi: 10.1109/ACCESS.2019.2901920
    [16] WU Y, WANG Q. LightGBM Based Optiver Realized Volatility Prediction[C]// IEEE. 2021 IEEE International Conference on Computer Science, Artificial Intelligence and Electronic Engineering (CSAIEE), New York, USA: IEEE, 2021: 227-230.
    [17] XUE J K, SHEN B. A Novel Swarm Intelligence Optimization Approach: Sparrow Search Algorithm[J]. Systems Science & Control Engineering, 2020, 8(1): 22-34.
    [18] NADER P, HONEINE P, BEAUSEROY P. One-class Classification for Intrusion Detection in SCADA Systems[J]. IEEE Transactions on Industrial Informatics, 2014, 10(4): 2308-2317. doi: 10.1109/TII.2014.2330796
  • 加载中
图(7) / 表(5)
计量
  • 文章访问数:  8
  • HTML全文浏览量:  7
  • PDF下载量:  1
  • 被引次数: 0
出版历程
  • 收稿日期:  2022-06-06
  • 网络出版日期:  2022-07-26

目录

    /

    返回文章
    返回