Single Classification Based On Dual-Feature Prototype Network Via On Anomaly Detection Method For Industrial Flow

Nowadays,Industrial Control Systems(ICS)are widely used in various key fields and industries of national production and development.At the same time,the deep integration of industrial control networks and IT networks has gradually extended various security threats in traditional information networks to industrial control networks.Therefore,considering the uniqueness of industrial control systems,this paper proposes a single classification industrial traffic anomaly detection method based on dual characteristic prototype networks,taking SWa T industrial control system network traffic data as the research object.This method extracts numerical and temporal features from industrial flow data,and constructs a corresponding single classification anomaly detection engine to achieve anomaly detection of industrial flow data.First of all,this article focuses on the industrial data flow in ICS and combines the characteristics of the prototype network to extract feature prototype points for its numerical and temporal features.For the numerical features of ICS traffic data,attention mechanism is introduced and a numerical feature prototype point extraction method based on attention mechanism is proposed;A temporal feature prototype point extraction method based on GRU is proposed to address the temporal nature of ICS traffic data.Secondly,based on the numerical and temporal feature prototypes of the extracted industrial flow data,this paper proposes a single classification anomaly detection method based on the improved Grey Wolf optimization algorithm.This method uses Support Vector Data Description(SVDD)as an anomaly detection classifier,and optimizes two parameters in SVDD,namely kernel function and penalty parameter,by designing an improved Grey Wolf Optimizer(GWO)algorithm.This achieves an IGWO-SVDD anomaly detection engine based on dual feature prototype points,which can effectively detect abnormal traffic in industrial traffic.Finally,the network traffic data collected from the water treatment test bench SWa T in the field of network security research was used to further validate and analyze the single classification anomaly detection method based on the dual characteristic prototype network proposed in this paper.The experimental results show that compared with other anomaly detection methods and parameter optimization methods,the research method proposed in this article has the advantages of higher classification accuracy and shorter detection time.