| With the vigorous advancement of the Industrial Internet,the industrial control system network has gradually changed from closed to open.However,the corresponding industrial control safety system has not been promoted in the same way,which is relatively lagging behind.In recent years,the number of attacks on industrial control systems has increased year by year.Because the industrial control system is applied in many areas closely related to people’s livelihood,once the industrial control system in these areas is attacked,it will cause serious consequences.As an effective security defense method,intrusion detection technology can effectively detect security threats.Therefore,in recent years,intrusion detection for industrial control has got wild attention from relevant practitioners and researchers.The intrusion detection technology in web and other fields is relatively mature,while most of them are based on misuse and anomaly.Meanwhile,there are almost no misused intrusion detection algorithms in industrial control systems,and there are still some defects in anomaly-based intrusion detection in industrial control systems.First of all,the existing intrusion detection algorithms based on misuse are complicated in calculation and its intrusion signature database occupies a large memory,which is not suitable for industrial control equipment with limited storage and computing resources.Secondly,the existing intrusion detection algorithms take a long time to detect which cannot meet the high real-time demand of industrial control systems.Finally,although there are many anomaly-based intrusion detection algorithms that can be applied to industrial control systems,there are still some problems,such as low detection rate,high false alarm rate and high missing alarm rate.In terms of these concerns,this thesis designs and implements the intrusion detection algorithms for industrial control.The main innovations in this thesis are as follows:Considering that the misuse-based intrusion detection algorithm has the advantages of high detection rate and rapid detection,the intrusion detection algorithm of industrial control based on the improved bloom filter is proposed in this thesis to solve the problem that industrial control equipment resources are limited and there are no more resources to store the intrusion feature database and carry out complex calculation.In order to improve the detection speed,this thesis uses one hash and multiple bit operations instead of multiple hash operations to improve the bloom filter.The improved bloom filter is also used as the intrusion signature database to reduce the space occupation.Through experiments and comparative analysis,the results show that the intrusion detection algorithm has low memory occupation,fast detection speed,and is suitable for industrial control environment.Considering that the misuse-based intrusion detection algorithm cannot detect unknown attacks,while the anomaly-based intrusion detection algorithm can detect unknown attacks,this thesis proposes an industrial control intrusion detection algorithm based on the improved grey wolf optimization algorithm to solve the problem of low detection rate of the intrusion detection algorithm based on anomaly.In this thesis,the opposite learning strategy is used to initialize the grey wolf population,and uses Levy flight to perturb the position of the grey wolf to improve the convergence speed of the grey wolf optimization algorithm so as to avoid the algorithm from falling into the local optimum.In this thesis,the improved grey wolf optimization algorithm is used to realize feature selection and optimize the parameters of SVM,in order to realize intrusion detection.Experimental suggested that the intrusion detection algorithm has higher detection rate.Lastly,this thesis designs and implements an intrusion detection system named Intrusion Warn based on the above algorithms.The system can detect intrusions quickly and effectively,and can find unknown attacks,which can meet the needs of intrusion detection. |
PDF Full Text Request