摘要
为了提高Modbus/Tcp网络安全水平,减少异常攻击,文中提出一种基于多类攻击的Modbus/Tcp网络入侵检测方法。该方法首先通过核主成分分析算法(KPCA)降低冗余数据,然后使用决策树算法(C4.5)创建多类分类器识别异常攻击行为以及小样本攻击,最后对未知攻击数据使用k-邻近(k-NN)值提升精度。实验对4类攻击进行精度与误报率的对比,结果表明,该方法不仅可以大大缩短样本训练的时间,而且在后期的识别攻击行为的实验中,相对于当前主流的检测具有更好的精度、误报率和更短的时间效率。
In order to improve the security level of Modbus/Tcp network and reduce abnormal attacks,a Modbus/Tcp network intrusion detection method is proposed based on multiple types of attacks.Redundant data is reduced by dimension reduction algorithm KPCA.Then,multiple classifiers is created by using decision tree to identify abnormal attack behaviors and small sample attacks.Finally,the k-neighbor(k-NN)value is used on the unknown attack data to improve accuracy.The experiment compares the accuracy and false alarm rate of four kinds of attacks,and the results show that this method has better accuracy,false alarm rate and shorter time than the current mainstream detection.
作者
陶家栋
金华
TAO Jia-dong;JIN Hua(School of Computer Science and Communication Engineering,Jiangsu University,Zhenjiang 212013,Jiangsu Province,China)
出处
《信息技术》
2020年第8期23-27,共5页
Information Technology
基金
国家自然科学基金(61672269)
国家重点研发计划(20-17YFC1600804)。
关键词
工业控制系统
入侵检测
核主成分分析
多类数据检测
Modbus
Tcp协议
industrial control system
intrusion detection
nuclear principal component analysis
multiple data detection
Modbus/Tcp protocol
作者简介
陶家栋(1992-),男,硕士研究生,研究方向为工业控制安全。
