Research On Intrusion Detection Technology Of Industrial Control Traffic Based On Machine Learning

At present,with the development of science and technology,the transformation of traditional physical industrial manufacturing to digitalization has gradually broken the isolation of the network in the industrial control system.While bringing convenience,there are also many security risks.At the same time,the security design of industrial control systems is relatively weak,and a large number of network security loopholes have appeared in the public eye,resulting in frequent network attacks in recent years,and its security problems is becoming increasingly severe.Therefore,the research on the security of industrial control systems It has also become more and more important.Intrusion detection technology based on network traffic is one of the main research directions of industrial control system security.K-Nearest Neighbor(KNN)algorithm,as one of the most commonly used algorithms of machine learning,is simple,stable and easy to implement.However,the current intrusion detection technology based on KNN algorithm has the problem of low detection accuracy and the defect that it cannot detect unknown attacks.Therefore,for the problem of low detection accuracy,this paper proposes the RF_GSKNN algorithm to improve the effect.For the problem of failing to detect unknown attacks and the low detection rate of abnormal samples,an optimized model SVM_RF_GSKNN is proposed to improve.Specific research work and papers The innovations are as follows:First,the RF_GSKNN algorithm is proposed on the basis of the KNN algorithm.The RF_GSKNN algorithm takes into account the influence of the industrial control traffic sample attribute weight on the classification results,and uses the random forest algorithm to weight the sample attributes,which improves the accuracy and convergence speed of the algorithm.In industrial control scenarios,abnormal sample data is much lower than normal samples,which leads to the problem that the classification results are skewed to a high proportion of samples.The RF_GSKNN algorithm uses Gaussian function to evaluate the similarity of samples,and weights the number of votes of samples to reduce the uneven distribution of samples.The impact of intrusion detection results.The experimental results show that the accuracy of the RF_GSKNN algorithm proposed in this paper can reach 96.15%in intrusion detection,which is nearly 2%higher than the original KNN algorithm.Second,the application of RF_GSKNN algorithm in the field of intrusion detection based on industrial control traffic analysis still has the problem that the detection rate of abnormal samples is not high enough.Based on the above algorithm,this paper proposes the application of SVM_RF_GSKNN algorithm to intrusion detection technology.Aiming at the problem that the detection rate of abnormal samples is not high enough for the RF_GSKNN algorithm,the technology first uses the SVM algorithm to initially classify the test data,and then corrects and filters the results of some test data by counting the distance distribution between the samples and the divided hyperplane,and then the Other test samples are reclassified using the RF_GSKNN algorithm to obtain the final detection results.The accuracy rate of this technology can reach 96.71%,and the detection rate of abnormal samples is 1.4%higher than that of the RF_GSKNN algorithm,and 6%higher than that of the original KNN algorithm.