Intrusion Detection of Industrial Control System Based on Correlation Information Entropy and CNN-BiLSTM

被引:0
作者
Shi L. [1 ]
Zhu H. [1 ]
Liu Y. [1 ]
Liu J. [1 ]
机构
[1] College of Computer Science and Technology, China University of Petroleum, Qingdao, 266580, Shandong
来源
Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2019年 / 56卷 / 11期
基金
中国国家自然科学基金;
关键词
CNN-BiLSTM; Correlation information entropy; Industrial control system (ICS); Intrusion detection; Multi-head attention;
D O I
10.7544/issn1000-1239.2019.20190376
中图分类号
学科分类号
摘要
Intrusion detection aims to effectively detect abnormal attacks in the network, which is critical for cyber security. Considering the problem that traditional intrusion detection methods are difficult to extract effective data features from industrial control system communication data, a intrusion detection model based on correlation information entropy and CNN-BiLSTM is proposed. It combines feature selection based on correlation information entropy with fused deep learning algorithms, and thus it can effectively remove noise redundancy, reduce computation and improve detection accuracy. Firstly, the corresponding pre-processing is carried out for the imbalanced samples, and the algorithm based on correlation information entropy is implied to select the features of the samples to achieve the purposes of removing noise data and redundant features. Then, convolutional neural network (CNN) and bidirectional long short-term memory (BiLSTM) network are applied respectively to extract data features from time and space dimensions, and realize feature fusion through multi-head attention mechanism to obtain the final test results. Finally, the optimal model is obtained by the single variable principle and cross-validation method. Compared with other traditional intrusion detection methods, the model has higher accuracy (99.21%) and lower false negative rate (0.77%). © 2019, Science Press. All right reserved.
引用
收藏
页码:2330 / 2338
页数:8
相关论文
共 21 条
[1]  
Yang A., Sun L., Wang X., Et al., Intrusion detection techniques for industrial control system, Journal of Computer Research and Development, 53, 9, pp. 2039-2054, (2016)
[2]  
Akbanov M., Vassilakis V.G., Logothetis M.D., Ransomware detection and mitigation using software-defined networking: The case of WannaCry, Computers & Electrical Engineering, 76, pp. 111-121, (2019)
[3]  
Dong H., Peng D., Research on abnormal detection of ModbusTCP/IP protocol based on one-class SVM, Proc of the 33rd Youth Academic Annual Conf of Chinese Association of Automation (YAC), pp. 398-403, (2018)
[4]  
Eigner O., Kreimel P., Tavolato P., Detection of man-in-the-middle attacks on industrial control networks, Proc of the 5th IEEE Int Conf on Software Security and Assurance (ICSSA), pp. 64-69, (2016)
[5]  
Singh V.K., Govindarasu M., Decision tree based anomaly detection for remedial action scheme in smart grid using PMU data, Proc of the 8th IEEE Power & Energy Society General Meeting (PESGM), pp. 1-5, (2018)
[6]  
Li Y., Zhang J., Pan D., Et al., A study of speech recognition based on RNN-RBM language model, Journal of Computer Research and Development, 51, 9, pp. 1936-1944, (2014)
[7]  
Wang Y., Zhuo Y., Wu Y., Et al., Question answering algorithm on image fragmentation information based on deep neural network, Journal of Computer Research and Development, 55, 12, pp. 2600-2610, (2018)
[8]  
Cambria E., Poria S., Hazarika D., Et al., SenticNet 5: Discovering conceptual primitives for sentiment analysis by means of context embeddings, Proc of the 32nd AAAI Conf on Artificial Intelligence, pp. 1795-1802, (2018)
[9]  
Tang T.A., Mhamdi L., McLernon D., Et al., Deep learning approach for network intrusion detection in software defined networking, Proc of 2016 Int Conf on Wireless Networks and Mobile Communications, pp. 258-263, (2016)
[10]  
Yu B., Wang H., Yan B., Intrusion detection of industrial control system based on long short term memory, Information and Control, 47, 1, pp. 54-59, (2018)
123