高级检索

    赵志达, 王华忠. 基于ISSA-LightGBM的工控入侵检测研究[J]. 华东理工大学学报(自然科学版), 2023, 49(5): 735-743. DOI: 10.14135/j.cnki.1006-3080.20220606002
    引用本文: 赵志达, 王华忠. 基于ISSA-LightGBM的工控入侵检测研究[J]. 华东理工大学学报(自然科学版), 2023, 49(5): 735-743. DOI: 10.14135/j.cnki.1006-3080.20220606002
    ZHAO Zhida, WANG Huazhong. Intrusion Detection of Industrial Control System Based on ISSA-LightGBM[J]. Journal of East China University of Science and Technology, 2023, 49(5): 735-743. DOI: 10.14135/j.cnki.1006-3080.20220606002
    Citation: ZHAO Zhida, WANG Huazhong. Intrusion Detection of Industrial Control System Based on ISSA-LightGBM[J]. Journal of East China University of Science and Technology, 2023, 49(5): 735-743. DOI: 10.14135/j.cnki.1006-3080.20220606002

    基于ISSA-LightGBM的工控入侵检测研究

    Intrusion Detection of Industrial Control System Based on ISSA-LightGBM

    • 摘要: 提出了一种结合改进的麻雀搜索算法(ISSA)和轻量级梯度提升机(LightGBM)的工控入侵检测模型,它可以在不牺牲检测性能的情况下具有高速处理大量工业数据的能力。本文采用改进的ISSA算法解决LightGBM超参数调整困难的问题,首先引入离散解码策略,避免整形超参数出现小数;其次,优化了初始种群的生成方式,提高了种群多样性;最后,改进了算法的位置更新函数,使算法具有更优的全局搜索能力。将ISSA运用到LightGBM入侵检测模型进行参数寻优,针对海量标准工控网络数据集的研究结果表明,该方法具有更高的检测精度和时间效率,特别适合处理大量工业数据。

       

      Abstract: Industrial control system (ICS) is an important part of a country's critical infrastructure. With the continuous integration of information technology and industrial control network, critical infrastructure control systems have become a part of the internet and are more vulnerable to various cyber-attacks. The abnormity or collapse of ICS may lead to economic losses, environmental damage, and even loss of life. It is very important to strengthen the network security protection of ICS. Intrusion detection systems are very effective information security mechanism that can monitor network traffic, detect and prevent cyber-attacks. With the rapid development of industrial internet, a large amount of industrial network traffic data are generated, which causes the problems of low detection accuracy and low time efficiency of the traditional industrial control intrusion detection algorithm. This paper proposes an industrial control intrusion detection model that combines the improved Sparrow Search Algorithm (ISSA) and the lightweight gradient boosting machine (LightGBM). It can process a large amount of industrial data at a high speed without sacrificing the detection performance. In this paper, the improved ISSA algorithm is used to handle the difficulty in adjusting LightGBM hyperparameters. Firstly, the discrete decoding strategy is introduced to avoid the decimal in shaping hyperparameters; Secondly, the generation method of the initial population is optimized to improve population diversity; Finally, the position update function of this algorithm is improved to provide better global search ability. Applying ISSA to the LightGBM intrusion detection model for parameter optimization, the research results on massive standard industrial control network dataset show that this method has higher detection accuracy and time efficiency, and is particularly suitable for processing large amounts of industrial data.

       

    /

    返回文章
    返回