信息网络安全 ›› 2023, Vol. 23 ›› Issue (1): 36-43.doi: 10.3969/j.issn.1671-1122.2023.01.005
收稿日期:
2022-04-22
出版日期:
2023-01-10
发布日期:
2023-01-19
通讯作者:
王华忠
E-mail:hzwang@ecust.edu.cn
作者简介:
王华忠(1969—),男,江苏,副教授,博士,主要研究方向为工业控制、工控信息安全|田子蕾(1998—),女,湖南,硕士研究生,主要研究方向为工业系统信息安全
基金资助:
Received:
2022-04-22
Online:
2023-01-10
Published:
2023-01-19
Contact:
WANG Huazhong
E-mail:hzwang@ecust.edu.cn
摘要:
文章提出一种改进的CGAN算法,利用Wasserstein距离衡量合成样本与真实样本之间的距离,解决了忽略CGAN中两类样本重叠导致生成器梯度消失的不稳定问题,并在具有不平衡率的UCI数据集上验证了算法的有效性。文章还构建了WCGAN-SVM工控系统入侵检测模型,并在工控数据集SWaT上进行验证。实验结果表明,与SVM相比,该方法检测攻击样本的准确率提高了3.51%,漏报率和误报率分别降低2.29%和2.19%。
中图分类号:
王华忠, 田子蕾. 基于改进CGAN算法的工控系统入侵检测方法[J]. 信息网络安全, 2023, 23(1): 36-43.
WANG Huazhong, TIAN Zilei. Intrusion Detection Method of ICS Based on Improved CGAN Algorithm[J]. Netinfo Security, 2023, 23(1): 36-43.
表3
各算法的F1值
数据集 | 方法 | None | SMOTE | ADASYN | WCGAN |
---|---|---|---|---|---|
glass | LR | 0.644 | 0.662 | 0.644 | 0.679 |
KNN | 0.691 | 0.697 | 0.663 | 0.682 | |
DT | 0.701 | 0.735 | 0.721 | 0.752 | |
SVM | 0.698 | 0.781 | 0.762 | 0.788 | |
carEvaluation | LR | 0.685 | 0.703 | 0.715 | 0.763 |
KNN | 0.711 | 0.755 | 0.750 | 0.759 | |
DT | 0.682 | 0.711 | 0.727 | 0.741 | |
SVM | 0.764 | 0.779 | 0.801 | 0.783 | |
segment | LR | 0.524 | 0.607 | 0.588 | 0.597 |
KNN | 0.438 | 0.502 | 0.590 | 0.621 | |
DT | 0.407 | 0.459 | 0.437 | 0.498 | |
SVM | 0.600 | 0.645 | 0.619 | 0.717 | |
ecoli | LR | 0.715 | 0.764 | 0.731 | 0.802 |
KNN | 0.721 | 0.741 | 0.703 | 0.784 | |
DT | 0.733 | 0.745 | 0.777 | 0.801 | |
SVM | 0.784 | 0.797 | 0.791 | 0.812 | |
hungarian | LR | 0.432 | 0.457 | 0.433 | 0.487 |
KNN | 0.397 | 0.404 | 0.471 | 0.506 | |
DT | 0.607 | 0.631 | 0.674 | 0.688 | |
SVM | 0.579 | 0.654 | 0.669 | 0.696 |
表4
各算法的AUC值
数据集 | 方法 | None | SMOTE | ADASYN | WCGAN |
---|---|---|---|---|---|
glass | LR | 0.732 | 0.758 | 0.731 | 0.768 |
KNN | 0.710 | 0.772 | 0.746 | 0.752 | |
DT | 0.771 | 0.784 | 0.775 | 0.813 | |
SVM | 0.818 | 0.870 | 0.851 | 0.853 | |
carEvaluation | LR | 0.779 | 0.818 | 0.819 | 0.854 |
KNN | 0.873 | 0.886 | 0.881 | 0.889 | |
DT | 0.792 | 0.821 | 0.835 | 0.847 | |
SVM | 0.868 | 0.891 | 0.902 | 0.898 | |
segment | LR | 0.681 | 0.688 | 0.671 | 0.681 |
KNN | 0.647 | 0.659 | 0.681 | 0.687 | |
DT | 0.619 | 0.638 | 0.621 | 0.655 | |
SVM | 0.678 | 0.691 | 0.667 | 0.699 | |
ecoli | LR | 0.856 | 0.891 | 0.877 | 0.912 |
KNN | 0.831 | 0.862 | 0.819 | 0.897 | |
DT | 0.848 | 0.871 | 0.891 | 0.905 | |
SVM | 0.911 | 0.924 | 0.919 | 0.955 | |
hungarian | LR | 0.623 | 0.641 | 0.633 | 0.649 |
KNN | 0.591 | 0.612 | 0.661 | 0.672 | |
DT | 0.664 | 0.691 | 0.716 | 0.698 | |
SVM | 0.644 | 0.691 | 0.679 | 0.712 |
[1] |
THAKKAR A, LOHIYA R. A Survey on Intrusion Detection System: Feature Selection, Model, Performance Measures, Application Perspective, Challenges, and Future Research Directions[J]. Artificial Intelligence Review, 2021, 55(3): 453-563.
doi: 10.1007/s10462-021-10037-9 URL |
[2] | CASE D U. Analysis of the Cyber Attack on the Ukrainian Power Grid[J]. Electricity Information Sharing and Analysis Center(E-ISAC), 2016, 388: 1-29. |
[3] | HOBBS A. The Colonial Pipeline Hack: Exposing Vulnerabilities in Us Cybersecurity[M]. London: SAGE Publications, 2021. |
[4] | ZHANG Wenan, HONG Zhen, ZHU Junwei, et al. A Survey of Network Intrusion Detection Methods for Industrial Control Systems[J]. Control and Decision, 2019, 34(11): 2277-2288. |
张文安, 洪榛, 朱俊威, 等. 工业控制系统网络入侵检测方法综述[J]. 控制与决策, 2019, 34(11): 2277-2288. | |
[5] | INOUE J, YAMAGATA Y, CHEN Yuqi, et al. Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning[C]// IEEE. 17th IEEE International Conference on Data Mining(ICDMW). New York: IEEE, 2017: 1058-1065. |
[6] | MOIZUDDIN M D, JOSE M V. A Bio-Inspired Hybrid Deep Learning Model for Network Intrusion Detection[EB/OL]. (2022-02-28)[2022-03-28]. https://doi.org/10.1016/j.knosys.2021.107894. |
[7] | THASEEN I S, BANU J S, LAVANYA K, et al. An Integrated Intrusion Detection System Using Correlation-Based Attribute Selection and Artificial Neural Network[EB/OL]. (2020-08-08)[2022-01-13]. https://doi.org/10.1002/ett.4014. |
[8] | LIU Shuo, ZHANG Xinglan. Intrusion Detection Based on Dual Attention[J]. Netinfo Security, 2022, 22(1): 80-86. |
刘烁, 张兴兰. 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022, 22(1):80-86. | |
[9] | MBOW M, KOIDE H, SAKURAI K. An Intrusion Detection System for Imbalanced Dataset Based on Deep Learning[C]//IEEE. 9th International Symposium on Computing and Networking(CANDAR). New York: IEEE, 2021: 38-47. |
[10] |
DOUZAS G, BACAO F, LAST F. Improving Imbalanced Learning through a Heuristic Oversampling Method Based on K-Means and SMOTE[J]. Information Sciences, 2018, 465: 1-20.
doi: 10.1016/j.ins.2018.06.056 URL |
[11] |
ZHOU Xiaokang, HU Yiyong, LIANG Wei, et al. Variational LSTM Enhanced Anomaly Detection for Industrial Big Data[J]. IEEE Transactions on Industrial Informatics, 2021, 17(5): 3469-3477.
doi: 10.1109/TII.2020.3022432 URL |
[12] |
MOAYEDIKIA A, ONG K L, BOO Y L, et al. Feature Selection for High Dimensional Imbalanced Class Data Using Harmony Search[J]. Engineering Applications of Artificial Intelligence, 2017, 57: 38-49.
doi: 10.1016/j.engappai.2016.10.008 URL |
[13] | GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative Adversarial Nets[C]// ACM. 27th International Conference on Neural Information Processing Systems. New York: ACM, 2014: 2672-2680. |
[14] | GAUTHIER J. Conditional Generative Adversarial Nets for Convolutional Face Generation[EB/OL]. [2022-02-20]. http://cs231n.stanford.edu/reports/2015/pdfs/jgauthie_final_report.pdf. |
[15] | TANG Xianlun, DU Yiming, LIU Yuwei, et al. Image Recognition with Conditional Deep Convolutional Generative Adversarial Networks[J]. Acta Automatica Sinica, 2018, 44(5): 855-864. |
唐贤伦, 杜一铭, 刘雨微, 等. 基于条件深度卷积生成对抗网络的图像识别方法[J]. 自动化学报, 2018, 44(5):855-864. | |
[16] | MIRZA M, OSINDERO S. Conditional Generative Adversarial Nets[EB/OL]. (2014-11-06)[2022-01-29]. https://arxiv.org/abs/1411.1784. |
[17] | LI Yanxia, CHAI Yi, HU Youqiang, et al. Review of Imbalanced Data Classification Method[J]. Control and Decision, 2019, 34(4): 673-688. |
李艳霞, 柴毅, 胡友强, 等. 不平衡数据分类方法综述[J]. 控制与决策, 2019, 34(4):673-688. | |
[18] | MATHUR A P, TIPPENHAUER N O. SWaT: A Water Treatment Testbed for Research and Training on ICS Security[C]// IEEE. International Workshop on Cyber-Physical Systems for Smart Water Networks(CySWater). New York: IEEE, 2016: 31-36. |
[1] | 金志刚, 刘凯, 武晓栋. 智能电网AMI领域IDS研究综述[J]. 信息网络安全, 2023, 23(1): 1-8. |
[2] | 刘翔宇, 芦天亮, 杜彦辉, 王靖翔. 基于特征选择的物联网轻量级入侵检测方法[J]. 信息网络安全, 2023, 23(1): 66-72. |
[3] | 顾兆军, 刘婷婷, 高冰, 隋翯. 基于GAN-Cross的工控系统类不平衡数据异常检测[J]. 信息网络安全, 2022, 22(8): 81-89. |
[4] | 张兴兰, 付娟娟. 基于辅助熵减的神经常微分方程入侵检测模型[J]. 信息网络安全, 2022, 22(6): 1-8. |
[5] | 王浩洋, 李伟, 彭思维, 秦元庆. 一种基于集成学习的列车控制系统入侵检测方法[J]. 信息网络安全, 2022, 22(5): 46-53. |
[6] | 银鹰, 周志洪, 姚立红. 基于LSTM的CAN入侵检测模型研究[J]. 信息网络安全, 2022, 22(12): 57-66. |
[7] | 白宏鹏, 邓东旭, 许光全, 周德祥. 基于联邦学习的入侵检测机制研究[J]. 信息网络安全, 2022, 22(1): 46-54. |
[8] | 何红艳, 黄国言, 张炳, 贾大苗. 基于极限树特征递归消除和LightGBM的异常检测模型[J]. 信息网络安全, 2022, 22(1): 64-71. |
[9] | 刘烁, 张兴兰. 基于双重注意力的入侵检测系统[J]. 信息网络安全, 2022, 22(1): 80-86. |
[10] | 李群, 董佳涵, 关志涛, 王超. 一种基于聚类分类的物联网恶意攻击检测方法[J]. 信息网络安全, 2021, 21(8): 82-90. |
[11] | 任涛, 金若辰, 罗咏梅. 融合区块链与联邦学习的网络入侵检测算法[J]. 信息网络安全, 2021, 21(7): 27-34. |
[12] | 李佳玮, 吴克河, 张波. 基于高斯混合聚类的电力工控系统异常检测研究[J]. 信息网络安全, 2021, 21(3): 53-63. |
[13] | 杜晔, 王子萌, 黎妹红. 基于优化核极限学习机的工控入侵检测方法[J]. 信息网络安全, 2021, 21(2): 1-9. |
[14] | 王华忠, 程奇. 基于改进鲸鱼算法的工控系统入侵检测研究[J]. 信息网络安全, 2021, 21(2): 53-60. |
[15] | 刘奕, 李建华, 张一瑫, 孟涛. 基于特征属性信息熵的网络异常流量检测方法[J]. 信息网络安全, 2021, 21(2): 78-86. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||