基于GAN-Cross的工控系统类不平衡数据异常检测

doi:10.3969/j.issn.1671-1122.2022.08.010

信息网络安全 ›› 2022, Vol. 22 ›› Issue (8): 81-89.doi: 10.3969/j.issn.1671-1122.2022.08.010

基于GAN-Cross的工控系统类不平衡数据异常检测

顾兆军¹^,², 刘婷婷¹^,², 高冰¹^,², 隋翯³()

1.中国民航大学信息安全测评中心,天津 300300
2.中国民航大学计算机科学与技术学院,天津 300300
3.中国民航大学航空工程学院,天津 300300

收稿日期:2021-05-26 出版日期:2022-08-10 发布日期:2022-09-15
通讯作者: 隋翯 E-mail:hsui@cauc.edu.cn
作者简介:顾兆军（1966—）男,山东,教授,博士,主要研究方向为网络与信息安全、民航信息系统|刘婷婷（1996—）,女,宁夏,硕士研究生,主要研究方向为工业控制系统网络与信息安全|高冰（1995—）,男,河南,硕士研究生,主要研究方向为工业控制系统网络与信息安全|隋翯（1987—）,男,吉林,讲师,博士,主要研究方向为工业控制系统网络与信息安全。
基金资助:
国家自然科学基金(61601467);民航安全能力建设基金(PESA2019073);民航安全能力建设基金(PESA2019074);民航安全能力建设基金(PESA2020100)

Anomaly Detection of Imbalanced Data in Industrial Control System Based on GAN-Cross

GU Zhaojun¹^,², LIU Tingting¹^,², GAO Bing¹^,², SUI He³()

1. Information Security Evaluation Center, Civil Aviation University of China, Tianjin 300300, China
2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
3. College of Aeronautical Engineering, Civil Aviation University of China, Tianjin 300300, China

Received:2021-05-26 Online:2022-08-10 Published:2022-09-15
Contact: SUI He E-mail:hsui@cauc.edu.cn

摘要/Abstract

摘要：

工业控制系统异常检测存在类不平衡问题,导致通用分类器很难实现异常数据的精准识别。目前,针对类不平衡数据,常用采样方法实现各类数据的平衡,以提高分类器性能。但传统采样方法对数据集特征敏感,采样效果稳定性差,异常检测精度波动大。文章基于生成式对抗网络（Generative Adversarial Network,GAN）,提出一种GAN-Cross采样模型,该模型可以学习目标数据的概率分布,并生成相似概率分布的数据,从而改善数据的平衡性。同时,文章在生成器和判别器中增加了交叉层,从而更好地实现特征提取。最后文章将该模型与随机森林、K-近邻、高斯朴素贝叶斯和支持向量机4种经典分类器进行组合,在4个公开类不平衡数据集上与其他4种常规采样方法进行比较。实验结果表明,与传统采样方法相比,该模型能够显著提高分类器对类不平衡数据的异常检测能力。

关键词: 工业控制系统, 类不平衡数据, 生成式对抗网络, 采样方法, 异常检测

Abstract:

Industrial control system anomaly detection has a class imbalance problem, which makes it difficult for general classifiers to accurately identify abnormal data. At present, for class imbalanced data, sampling methods are commonly used to achieve the balance of various types of data to improve the performance of the classifier. However, traditional sampling methods are sensitive to the characteristics of the data set, resulting in poor stability of the sampling effect and fluctuations in the accuracy of anomaly detection. Based on the generative adversarial network(GAN), this paper proposed a GAN-Cross sampling model. The model could learn the probability distribution of the target data and generate data with similar probability distributions, so as to achieve the sampling effect. At the same time, in order to achieve better feature extraction, this paper applied a cross layer in the generator and discriminator. Finally, the model was combined with four classic classifiers: random forest, K-nearest neighbor, Gaussian Naive Bayes, and support vector machine, and compared with other four conventional sampling methods on four public imbalanced data sets. Experimental results show that compared with traditional sampling methods, this model can significantly improve the anomaly detection performance of the classifier on imbalanced data.

Key words: industrial control system, imbalanced data, generative adversarial network, sampling method, anomaly detection

中图分类号:

TP309

顾兆军, 刘婷婷, 高冰, 隋翯. 基于GAN-Cross的工控系统类不平衡数据异常检测[J]. 信息网络安全, 2022, 22(8): 81-89.

GU Zhaojun, LIU Tingting, GAO Bing, SUI He. Anomaly Detection of Imbalanced Data in Industrial Control System Based on GAN-Cross[J]. Netinfo Security, 2022, 22(8): 81-89.

图/表 8

图1

图2

图3

表1

图4

图5

图6

图7

参考文献 23

[1]	PENG Yong, JIANG Changqing, XIE Feng, et al. Research Progress on Information Security of Industrial Control System[J]. Journal of Tsinghua University(Natural Science Edition), 2012, 52(10): 1396-1408.
	彭勇, 江常青, 谢丰, 等. 工业控制系统信息安全研究进展[J]. 清华大学学报(自然科学版), 2012, 52(10):1396-1408.
[2]	ZENG Yu, GUO Jinquan. Research of the Security Situation about Industrial Control Information System[J]. Netinfo Security, 2016, 16(9): 169-172.
	曾瑜, 郭金全. 工业控制系统信息安全现状分析[J]. 信息网络安全, 2016, 16(9):169-172.
[3]	WANG Yubin, CHEN Si, CHENG Nan. Research on Industrial Control System Security Defense[J]. Netinfo Security, 2016, 16(9): 35-39.
	王昱镔, 陈思, 程楠. 工业控制系统信息安全防护研究[J]. 信息网络安全, 2016, 16(9):35-39.
[4]	WANG Qikui, LI Xin, ZHAO Fu. Research on Information Security for Industrial Control System and the Solution for Numerical Control Network[J]. Netinfo Security, 2014, 14(9): 120-122.
	王琦魁, 李昕, 赵甫. 工控系统信息安全与加工网络防护方案研究[J]. 信息网络安全, 2014, 14(9):120-122.
[5]	YANG An, SUN Limin, WANG Xiaoshan, et al. Intrusion Detection Techniques for Industrial Control System[J]. Journal of Computer Research and Development, 2016, 53(9): 2039-2054.
[6]	LAI Yingxu, LIU Zenghui, CAI Xiaotian, et al. Research on Intrusion Detection of Industrial Control System[J]. Journal on Communications, 2017, 38(2): 143-156.
	赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156.
[7]	LIU Dingxiang, QIAO Shaojie, ZHANG Yongqing, et al. A Survey on Data Sampling Methods in Imbalance Classification[J]. Journal of Chongqing University of Technology(Natural Science), 2019, 33(7): 102-112.
	刘定祥, 乔少杰, 张永清, 等. 不平衡分类的数据采样方法综述[J]. 重庆理工大学学报(自然科学版), 2019, 33(7):102-112.
[8]	ZHANG Xiaoyu, WANG Huazhong. Intrusion Detection of ICS Based on Improved Border-SMOTE for Unbalance Data[J]. Netinfo Security, 2020, 20(7): 70-76.
	张晓宇, 王华忠. 基于改进Border-SMOTE的不平衡数据工业控制系统入侵检测[J]. 信息网络安全, 2020, 20(7):70-76.
[9]	YIN Hua, GAI Keke. An Empirical Study on Preprocessing High-Dimensional Class-Imbalanced Data for Classiﬁcation[C]//IEEE. IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems. New Jersey: IEEE, 2015: 1314-1319.
[10]	PAN Tingting, ZHAO Junhong, WU Wei. Learning Imbalanced Datasets Based on SMOTE and Gaussian Distribution[EB/OL]. [ 2021-02-11]. https://www.sciencedirect.com/science/article/abs/pii/S0020025519310187.
[11]	LIU Xuying, WU Jianxin, ZHOU Zhihua. Exploratory Under-Sampling for Class-Imbalance Learning[J]. IEEE Transactions on Systems, Man, and Cybernetics, Part B(Cybernetics), 2009, 39(2): 539-550.
[12]	GOODFELLOW I, POUGET-ABADIE J, MIRZA M, et al. Generative Adversarial Nets[EB/OL]. (2014-12-02)[2021-02-11]. https://dl.acm.org/doi/10.5555/2969033.2969125.
[13]	XU Lei, VEERAMACHANENI K. Synthesizing Tabular Data Using Generative Adversarial Networks[EB/OL]. [ 2021-02-11]. https://arxiv.org/abs/1811.11264.
[14]	BAOWALY M K, LIN Jiajing, LIU Chaolin, et al. Synthesizing Electronic Health Records Using Improved Generative Adversarial Networks[J]. Journal of the American Medical Informatics Association, 2019, 26(3): 228-241. doi: 10.1093/jamia/ocy142 URL
[15]	ENGELMANN J, LESSMANN S. Conditional Wasserstein GAN-Based Oversampling of Tabular Data for Imbalanced Learning-ScienceDirect[EB/OL]. [ 2021-03-12]. https://www.sciencedirect.com/science/article/abs/pii/S0957417421000233.
[16]	ZHENG Ming, LI Tong, ZHU Rui, et al. Conditional Wasserstein generative adversarial Network-Gradient Penalty-Based Approach to Alleviating Imbalanced Data Classification[J]. Information Sciences, 2020, 512: 1009-1023. doi: 10.1016/j.ins.2019.10.014 URL
[17]	WANG Ruoxi, FU Bin, FU Gang, et al. Deep & Cross Network for Ad Click Predictions[EB/OL]. [ 2021-03-12]. https://dl.acm.org/doi/10.1145/3124749.3124754.
[18]	BREIMAN L. Random Forests[J]. Mach Learn, 2001, 45: 5-32. doi: 10.1023/A:1010933404324 URL
[19]	KALAL Z, MIKOLAJCZYK K, MATAS J. Tracking-Learning-Detection[J]. IEEE Transactions on Software Engineering, 2011, 34(7): 1409-1422.
[20]	DU Ruijie. Research of Bayesian Classifier and Its Applications[D]. Shanghai: Shanghai University, 2012.
	杜瑞杰. 贝叶斯分类器及其应用研究[D]. 上海: 上海大学, 2012.
[21]	CRISTIANINI N, SHAWE-TAYLO J. An Introduction to Support Vector Machines and Other Kenerl-Based Learning Methods[M]. Beijing: Publishing House of Electronics Industry, 2004.
[22]	ARJOVSKY M, CHINTALA S, BOTTOU L. Wasserstein Generative Adversarial Networks[C]//ACM. 2017 9th International Conference on Machine Learning and Computing(ICMLC 2017). New York: PMLR, 2017: 214-223.
[23]	PEDREGOSA F, VAROQUAUX G. Scikit-Learn: Machine Learning in Python[J]. Journal of Machine Learning Research, 2013, 12(10): 2825-2830.

数据集	数据量	数据特征维数	少数类数量/个	多数类数量/个	IR
Firewall	65532	11	27892	37640	1.35
Power	5276	129	1861	3415	1.835
SWaT	449919	51	54621	395298	7.24
BHP	1075	19	120	922	7.96

基于GAN-Cross的工控系统类不平衡数据异常检测

Anomaly Detection of Imbalanced Data in Industrial Control System Based on GAN-Cross

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 23

相关文章 15

编辑推荐

Metrics

本文评价

[1]	周婧怡, 李红娇. 针对PMU测量的虚假数据注入攻击检测方法[J]. 信息网络安全, 2022, 22(5): 75-83.
[2]	陈彬杰, 魏福山, 顾纯祥. 基于KNN的具有隐私保护功能的区块链异常交易检测[J]. 信息网络安全, 2022, 23(3): 78-84.
[3]	顾兆军, 姚峰, 丁磊, 隋翯. 基于半实物的机场供油自控系统网络安全测试[J]. 信息网络安全, 2021, 21(9): 16-24.
[4]	弋晓洋, 张健. 基于图像的网络钓鱼邮件检测方法研究[J]. 信息网络安全, 2021, 21(9): 52-58.
[5]	秦中元, 胡宁, 方兰婷. 基于免疫仿生机理和图神经网络的网络异常检测方法[J]. 信息网络安全, 2021, 21(8): 10-16.
[6]	徐洪平, 马泽文, 易航, 张龙飞. 基于卷积循环神经网络的网络流量异常检测技术[J]. 信息网络安全, 2021, 21(7): 54-62.
[7]	吴驰, 帅俊岚, 龙涛, 于俊清. 基于Linux Shell命令的用户异常操作检测方法研究[J]. 信息网络安全, 2021, 21(5): 31-38.
[8]	石乐义, 徐兴华, 刘祎豪, 刘佳. 一种改进概率神经网络的工业控制系统安全态势评估方法[J]. 信息网络安全, 2021, 21(3): 15-25.
[9]	李佳玮, 吴克河, 张波. 基于高斯混合聚类的电力工控系统异常检测研究[J]. 信息网络安全, 2021, 21(3): 53-63.
[10]	杜晔, 王子萌, 黎妹红. 基于优化核极限学习机的工控入侵检测方法[J]. 信息网络安全, 2021, 21(2): 1-9.
[11]	吴佳洁, 吴绍岭, 王伟. 基于TCN和注意力机制的异常检测和定位算法[J]. 信息网络安全, 2021, 21(11): 85-94.
[12]	陆佳丽. 基于改进时间序列模型的日志异常检测方法[J]. 信息网络安全, 2020, 20(9): 1-5.
[13]	黄娜, 何泾沙, 吴亚飚, 李建国. 基于LSTM回归模型的内部威胁检测方法[J]. 信息网络安全, 2020, 20(9): 17-21.
[14]	李世斌, 李婧, 唐刚, 李艺. 基于HMM的工业控制系统网络安全状态预测与风险评估方法[J]. 信息网络安全, 2020, 20(9): 57-61.
[15]	张晓宇, 王华忠. 基于改进Border-SMOTE的不平衡数据工业控制系统入侵检测[J]. 信息网络安全, 2020, 20(7): 70-76.