| Industrial control networks are networks of control over important infrastructure of nations and societies,and these important infrastructures are related to the people's normal lives.With the high integration of industrial control networks and the Internet,loopholes,attacks,viruses and other cyber threats ensue.Defense industrial control network attacks need to dig out the abnormal patterns in the log,and data mining can discover common abnormal patterns.However,there are still some problems in the abnormal mode mining of industrial control network,such as neglect of professional words,difficulty of finding hidden anomaly patterns and over-fitting of mining models.In order to solve these problems,this thesis firstly established a professional corpus in industrial control field,and then proposed an abnormal mining model based on coded short-long term memory neural networks.Finally,we designed an algorithm based on improved course learning.Specific work is as follows:1.In order to enhance the ability of model analysis for professional terms,we have established a professional corpus in the field of industrial control.The negative words and positive words vocabulary convert into professional vocabulary,and it added special words of industrial control state.We set different categories of words with reasonable weight to establish a professional corpus combined with the common corpus.Experimental results show that the accuracy of anomaly mining model with a professional corpus is improved by 4%.2.In order to dig out the hidden anomaly pattern deeply,we proposed an anomaly detection model based on coded long-short term memory neural networks.We used a combination of context log strategy,and the multi-line log data was convert into state sequence.And we encode the state sequence,thus separating the normal mode and abnormal mode.The experimental results show that the coded anomaly mining model can effectively distinguish between normal data and anomalous data,and the F1 value of the coding model is improved by 6%.3.In order to alleviate over-fitting in the model,we proposed an algorithm based on improved course learning.Firstly,we designed a strategy of sorting algorithm of industrial control data with average frequent times and length.Then we used the positive and negative samples to train at the same time,and judged their classification according to the degree of loss,so that the improved course learning algorithm can reduce the number of model training.Experiments show that the improvement of the course learning algorithm reduced the number of model training by half and reduced the over-fitting problem of the model.In public data sets,we improve the accuracy of the model detection by 2%. |
PDF Full Text Request