Data-Integrity Attack Detection Of Industrial Control System Based On PCA-ICA

Recently,control system has been widely applied in many fields.Industrial control system(ICS)plays an important part among them.With the development of globalization and informatization,the security of industrial control system is facing more and more challenges,duing to the complex structure and controllable nodes.In recent years,there are numerous attacks at home and abroad,which affected the quality of products,caused on-site accidents,and even destroyed a whole country.Therefore,it is important to study the attack detection technology of ICS.So,in this paper,we focus on security and attack detection of ICS,which can be divided into the following parts:(1)The attack model is established for the control loop of industrial control system.Firstly,three kinds of safety concepts are introduced.Then,we establish typical deceptive attacks models,and we use mathematical model to express attacks,and analyze the characteristics of different attacks.At last,we introduce the TE process,setting models and analyzing abnormal information spreading.The pressure sensing was selected,and data-integrity attack was generated.(2)In order to improve the detection effect and accuracy in industrial control systems,and to solve the problem of multiple and inconsistent detection indexes,an attack detection method based on PCA-ICA and Bayesian inference was proposed in this paper.Combined with the knowledge of multivariate statistics and probability statistics theory,the online detection target with more accurate detection and more convenient monitoring is realized.This method takes better advantages of PCA and ICA in gaussian data processing and non-Gaussian data processing respectively,forming a unified index BIC.Finally,simulation experiments are carried out on TE process.The results show that the detection method based on PCA-ICA is more accurate and easier to observe.However,there are problems:such as,the monitoring maps are complex,there are some false positives,too;and the detection effect of small attacks is poor.In addition,in order to grasp the attack characteristics,this paper finally puts forward an attack characteristic analysis method,which is based on contribution graph and probability density distribution centering.Determine the variables which are most likely to be attacked,with the alarm line,and then analyze the digital characteristics of the attack(e.g.value,duration,symmetry.)(3)Furthermore,for improving the attack detection effect of ICS,especially to reduce the false alarm rate,an improved JB-KPCA-KICA attack detection method was proposed for the purpose of optimizing data utilization.Firstly,Jarque-Bera test is used to divide Gaussian space and non-Gaussian space,reasonably.Then,based on cosine similarity,an improved method is proposed to better the processing capability of nonlinear data.The improved method optimizes the data utilization mode,improves the traditional rigid division mode,and improves the data utilization efficiency.Finally,the offline model is built on the simulation platform,and then the online attack detection is carried out to verify the effect.The results show that the improved method is better.And the monitoring diagram is clearer,so that the operator’s monitoring effect is more focused.(4)In order to improve the detection effect of small attacks,and continue to improve the detection rate,an attack detection method based on wavelet denoising and PCA-ICA is proposed in this chapter.First,the wavelet threshold function was modified based on the growth curve,and the improved wavelet threshold function was used for denoising,and then the JB-KPCA-KICA method was used for TE process.The results show that this method performs better on small-attacks detection.