|
|
论文:2020,Vol:38,Issue(1):199-208 |
|
|
引用本文: |
|
|
张定华, 胡祎波, 曹国彦, 刘勇, 石元兵, 黄明浩, 潘泉. 面向工业网络通信安全的数据流特征分析[J]. 西北工业大学学报 |
|
|
ZHANG Dinghua, HU Yibo, CAO Guoyan, LIU Yong, SHI Yuanbing, HUANG Minghao, PAN Quan. Dataflow Feature Analysis for Industrial Networks Communication Security[J]. Northwestern polytechnical university |
|
|
|
|
|
|
|
| 面向工业网络通信安全的数据流特征分析 |
|
| 张定华1, 胡祎波1, 曹国彦1, 刘勇1,2, 石元兵3, 黄明浩3, 潘泉1 |
|
1. 西北工业大学 自动化学院, 陕西 西安 710072;
2. 陕西思科锐迪网络安全技术有限责任公司, 陕西 西安 710072;
3. 成都卫士通信息产业股份有限公司, 四川 成都 610000 |
| 摘要: |
| 实现自主深度分析工业网络通信安全态势是工业互联网安全研究的重要课题。为了实现工业互联网安全态势分析,基于网络通信数据流特征的深度分析,进行通信数据特征挖掘和网络入侵检测。根据网络流特征的不同,提出从传统通信网络到工业网络的数据流特征知识迁移思想,利用卷积神经网络归一化处理网络流特征,实现网络安全异常检测。实验表明,提出的特征分析技术在2种网络数据中具有良好的迁移性,工业网络异常检测的正确率在93%以上,并且稳定性在0.29%的方差以内。 |
| 关键词:
工控网络安全
数据流知识迁移
归一化处理
网络异常检测
|
|
| Dataflow Feature Analysis for Industrial Networks Communication Security |
|
| ZHANG Dinghua1, HU Yibo1, CAO Guoyan1, LIU Yong1,2, SHI Yuanbing3, HUANG Minghao3, PAN Quan1 |
|
1. School of Automation, Northwestern Polytechnical University, Xi'an 710072, China;
2. Shaanxi SecureCon Technologies, Co. Ltd, Xi'an 710072, China;
3. Chengdu Westone Information Industry INC, Chengdu 610000, China |
| Abstract: |
| The autonomous security situation awareness on industrial networks communication has been a critical subject for industrial networks security analysis. In this paper, a CNN-based feature mining method for networks communication dataflow was proposed to intrusion detect industrial networks to extract security situation awareness. Specifically, a normalization technique uniforming different sorts of networks dataflow features was designed for dataflow features fusion in the proposed feature mining method. The proposed methods were used to detect the security situation of traditional IT networks and industrial control networks. Experiment results showed that the proposed feature analysis method had good transferability in the two network data, and the accuracy rate of network anomaly detection was ideal and had higher stability. |
| Key words:
industrial network security
data flow knowledge transfer
normalization
network anomaly detection
|
|
| 收稿日期: 2019-03-19
修回日期:
|
| DOI: 10.1051/jnwpu/20203810199 |
| 基金项目: “核高基”国家重大专项(2017ZX01030-201)与陕西省自然科学基金(2019JQ-342)资助 |
| 通讯作者: 曹国彦(1986-),西北工业大学教授助理,主要从事工业控制系统信息安全研究。e-mail:guoyan.cao@nwpu.edu.cn
Email:guoyan.cao@nwpu.edu.cn |
| 作者简介: 张定华(1976-),西北工业大学博士研究生,主要从事工业控制系统信息安全研究。
|
|
| 相关功能 |
|
|
|
|
| 作者相关文章 |
|
| 张定华 在本刊中的所有文章 |
| 胡祎波 在本刊中的所有文章 |
| 曹国彦 在本刊中的所有文章 |
| 刘勇 在本刊中的所有文章 |
| 石元兵 在本刊中的所有文章 |
| 黄明浩 在本刊中的所有文章 |
| 潘泉 在本刊中的所有文章 |
|
|
|
|
|
|
|
|
参考文献: |
|
|
[1] RATNER A S, KELLY P. Anomalies in Network Traffic[C]//2013 IEEE International Conference on Intelligence and Security Informatics, 2013:206-208
[2] CAMACHO J, MACIA-FERNANDEZ G, DIAZ-VERDEJO J, et al. Tackling the Big Data 4 Vs for Anomaly Detection[C]//IEEE Conference on Computer Communications Workshops, Toronto, 2014:500-505
[3] XU W, HUANG L, FOX A, PATTERSON D A, et al. Detecting Large-Scale System Problems by Mining Console Logs[C]//The 27th International Conference on Machine Learning, Haifa, 2010:37-46
[4] YEN T F, OPREA A, ONARLIOGLU K, et al. Beehive:Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks[C]//The 29th Annual Computer Security Applications Conference, New York, 2013:199-208
[5] THERDPHAPIYANAK J, PIROMSOPA K. Applying Hadoop for Log Analysis toward Distributed IDS[C]//The 7th International Conference on Ubiquitous Information Management and Communication, New York, 2013:1-3
[6] BAMAKAN S M H, WANG H, YINGJIE T, et al. An Effective Intrusion Detection Framework Based on MCLP/SVM Optimized by Time-Varying Chaos Particle Swarm Optimization[J]. Neurocomputing, 2016, 199:90-102
[7] AMBUSAIDI M A, HE X, NANDA P, et al. Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm[J]. IEEE Trans on Computers, 2016, 65(10):2986-2998
[8] LIPPMANN R P, FRIED D J, GRAF I, et al. Evaluating Intrusion Detection Systems:the 1998 Darpa Off-Line Intrusion Detection Evaluation[J]. Discex, 2000, 2(1):1012-1026
[9] RODDA S, EROTHI U S R. Class Imbalance Problem in the Network Intrusion Detection Systems[C]//2016 International Conference on Electrical, Electronics, and Optimization Techniques, Chennai, 2016:2685-2688
[10] GUPTA G P, KULARIYA M. A Framework for Fast and Efficient Cyber Security Network Intrusion Detection Using Apache Spark[J]. Procedia Computer Science, 2016, 93(1):824-831
[11] DESHMUKH D H, GHORPADE T, PADIYA P. Intrusion Detection System by Improved Preprocessing Methods and Naive Bayes Classifier Using Nsl-Kdd 99 Dataset[C]//2014 International Conference on Electronics and Communication Systems, Coimbatore, 2014:1-7
[12] PAJOUH H H, DASTGHAIBYFARD G, HASHEMI S. Two-Tier Network Anomaly Detection Model:a Machine Learning Approach[J]. Journal of Intelligent Information Systems, 2015, 48(1):1-14
[13] DESHMUKH D H, GHORPADE T, PADIYA P. Improving Classification Using Preprocessing and Machine Learning Algorithms on Nsl-Kdd Dataset[C]//2015 International Conference on Communication, Information Computing Technology, Mumbai, 2015:1-6
[14] PERVEZ M S, FARID D M. Feature Selection and Intrusion Classification in Nsl-Kdd Cup 99 Dataset Employing SVMS[C]//in the 8th International Conference on Software, Knowledge, Information Management and Applications, Dhaka, 2014:1-6
[15] 高妮, 高岭, 贺毅岳, 等. 基于自编码网络特征降维的轻量级入侵检测模型[J]. 电子学报, 2017, 45(3):730-739 GAO Ni, GAO Ling, HE Yiyue, et al. A Lightweight Intrusion Detection Model Based on Autoencoder Network with Feature Reduction[J]. Acta Electronica Sinica, 2017, 45(3):730-739(in Chinese)
[16] DELA HOZ E, ORTIZ A, ORTEGA J, et al. Network Anomaly Classification by Support Vector Classifiers Ensemble and Non-Linear Projection Techniques[J]. Hybrid Artificial Intelligent Systems, 2013,8073(1):103-111
[17] SHAHBAZ M B, WANG X, BEHNAD A, et al. On Efficiency Enhancement of the Correlation-Based Feature Selection for Intrusion Detection Systems[C]//2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference, Vancouver, 2016:1-7
[18] AGHDAM M H, KABIRI P. Feature Selection for Intrusion Detection System Using Ant Colony Optimization[J]. Internaltiral Jeurnal of Network Security, 2016, 18(3):420-432
[19] INGRE B, YADAV A. Performance Analysis of Nsl-Kdd Dataset Using Ann[C]//2015 International Conference on Signal Processing and Communication Engineering Systems, Guntur, 2015:92-96
[20] POTLURI S, DIEDRICH C. Accelerated Deep Neural Networks for Enhanced Intrusion Detection System[C]//2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation, Berlin, 2016:1-8
[21] SUBBA B, BISWAS S, KARMAKAR S. A neural Network Based System for Intrusion Detection and Attack Classification[C]//2016 Twenty Second National Conference on Communication, Guwahati, 2016:1-6
[22] 赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156 LAI YingXu, LIU Zenghui, CAI Xiaotian, et al. Research on Intrusion Detection of Industrial Control System[J]. Journal on Communications, 2017, 38(2):143-156(in Chinese)
[23] 金忠峰, 李楠, 刘超, 等. 工业控制系统入侵检测技术研究综述[J]. 保密科学技术, 2018(3):18-25 JIN Zhongfeng, LI Nan, LIU Chao, et al. Review of Research on Intrusion Detection Technology of Industrial Control System[J]. Secrecy Science and Technology, 2018(3):18-25(in Chinese)
[24] BLANCO R, CILLA J J, MALAGON P, et al. Tuning Cnn Input Layout for Ids with Genetic Algorithms[C]//Hybrid Articial Intelligent Systems, Cham, 2018:197-209
[25] LECUN Y, BOTTOU L, BENGIO Y, et al. Gradient-Based Learning Applied to Document Recognition[J]. Proceedings of the IEEE, 1998, 86(11):2278-2324
[26] DECLERAQ D, AMARICAI A, SAVIN V, et al. Check Node Unit for Ldpc Decoders Based on One-Hot Data Representation of Messages[J]. Electronics Letters, 2015, 51(12):907-908
[27] TAVALLAEE M, BAGHERI E, LU W, et al. A Detailed Analysis of the Kdd Cup 99 Data Set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, 2009:1-6
[28] LEMAY A, FERNANDEZ J M. Providing SCADA Network Data Sets for Intrusion Detection Research[C]//in The 9th Workshop on Cyber Security Experimentation and Test, Austin, TX, 2016
[29] MARSDEN T. Probability Risk Identification Based Intrusion Detection System for SCADA Systems[C]//International Conference on Mobile Networks & Management, Cham, 2017 |
|
|
|
|
|
|
|
