Anomaly Detection of Industrial Control Systems Based on Transfer Learning

被引:79
作者
Wang, Weiping [1 ,2 ,3 ]
Wang, Zhaorong [4 ]
Zhou, Zhanfan [5 ]
Deng, Haixia [6 ]
Zhao, Weiliang [5 ]
Wang, Chunyang [1 ,2 ,3 ]
Guo, Yongzhen [7 ,8 ]
机构
[1] Univ Sci & Technol Beijing, Sch Comp & Commun Engn, Beijing Key Lab Knowledge Engn Mat Sci, Beijing 100083, Peoples R China
[2] Univ Sci & Technol Beijing, Inst Artificial Intelligence, Beijing 100083, Peoples R China
[3] Univ Sci & Technol Beijing, Shunde Grad Sch, Guangzhou 528399, Peoples R China
[4] Univ Sci & Technol Beijing, Sch Automat & Elect Engn, Beijing 100083, Peoples R China
[5] Univ Sci & Technol Beijing, Sch Mech Engn, Beijing 100083, Peoples R China
[6] Univ Sci & Technol Beijing, Donlinks Sch Econ & Management, Beijing 100083, Peoples R China
[7] Beijing Inst Technol, Sch Automat, Beijing 100081, Peoples R China
[8] China Software Testing Ctr, Beijing 100048, Peoples R China
基金
中国国家自然科学基金;
关键词
anomaly detection; transfer learning; deep learning; Industrial Control System (ICS);
D O I
10.26599/TST.2020.9010041
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Industrial Control Systems (ICSs) are the lifeline of a country. Therefore, the anomaly detection of ICS traffic is an important endeavor. This paper proposes a model based on a deep residual Convolution Neural Network (CNN) to prevent gradient explosion or gradient disappearance and guarantee accuracy. The developed methodology addresses two limitations: most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train. The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks. One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN. Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training. The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training. Thus, the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.
引用
收藏
页码:821 / 832
页数:12
相关论文
共 29 条
[21]   Parametric Methods for Anomaly Detection in Aggregate Traffic [J].
Thatte, Gautam ;
Mitra, Urbashi ;
Heidemann, John .
IEEE-ACM TRANSACTIONS ON NETWORKING, 2011, 19 (02) :512-525
[22]  
Wang G. J., 2019, SECURITY PRIVACY ANO
[23]  
Wang YY, 2019, CHIN CONTR CONF, P7506, DOI [10.23919/ChiCC.2019.8865179, 10.23919/chicc.2019.8865179]
[24]   Learning a Mahalanobis distance metric for data clustering and classification [J].
Xiang, Shiming ;
Nie, Feiping ;
Zhang, Changshui .
PATTERN RECOGNITION, 2008, 41 (12) :3600-3612
[25]   An Anomaly Detection Model based on One-class SVM to Detect Network Intrusions [J].
Zhang, Ming ;
Xu, Boyi ;
Gong, Jie .
2015 11TH INTERNATIONAL CONFERENCE ON MOBILE AD-HOC AND SENSOR NETWORKS (MSN), 2015, :102-107
[26]  
Zhang S. C., TSINGHUA SCI TECHNOL, V59, P44
[27]  
[张新有 Zhang Xinyou], 2010, [计算机工程与设计, Computer Engineering and Design], V31, P4809
[28]   Deep learning and its applications to machine health monitoring [J].
Zhao, Rui ;
Yan, Ruqiang ;
Chen, Zhenghua ;
Mao, Kezhi ;
Wang, Peng ;
Gao, Robert X. .
MECHANICAL SYSTEMS AND SIGNAL PROCESSING, 2019, 115 :213-237
[29]   Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation [J].
Zhou, Chunjie ;
Huang, Shuang ;
Xiong, Naixue ;
Yang, Shuang-Hua ;
Li, Huiyun ;
Qin, Yuanqing ;
Li, Xuan .
IEEE TRANSACTIONS ON SYSTEMS MAN CYBERNETICS-SYSTEMS, 2015, 45 (10) :1345-1360