基于优先级诊断树的工控网络入侵数据关联挖掘方法
A method for mining intrusion data association in industrial control networks based on priority diagnosis tree
过珺1
作者信息
- 1. 安徽中医药高等专科学校基础教学部,安徽芜湖 241000
- 折叠
摘要
研究基于优先级诊断树的工控网络入侵数据关联挖掘方法,提高工控网络入侵数据挖掘能力.采用网格搜索与模拟退火算法相结合的方法得出SVM提取器最优参数,通过SVM提取器提取工控网络入侵数据特征,运用粗糙集约简工控网络入侵数据特征属性,降低工控网络入侵挖掘的数据样本冗余特征属性.将约简的特征作为优先级诊断树的输入,依据工控网络入侵数据关联挖掘准则,使用优先级诊断树实现工控网络入侵数据关联挖掘.实验结果表明,该方法平均误报率为1.38%,检测率大于90%,挖掘时间低于3.6s,在-6~26dB归一化空间谱范围内,均能有效地实现工控网络入侵信号数据挖掘且检测效果最优.
Abstract
Research on the mining method of industrial control network intrusion data association based on priority diagnosis tree to improve the ability of industrial control network intrusion data mining.The combination of grid search and simulated annealing algorithm is used to obtain the optimal parameters of the SVM extractor.The SVM extractor is used to extract the features of industrial control network intrusion data,and rough set is used to reduce the feature attributes of industrial control network intrusion data,reducing the redundant feature attributes of data samples in industrial control network intrusion mining.Using the reduced features as input to the priority diagnosis tree,according to the mining criteria for industrial control network intrusion data association,the priority diagnosis tree is used to achieve industrial control network intrusion data association mining.The experimental results show that the average false alarm rate of this method is 1.38%,and the detection rate is greater than 90%.The association mining time is less than 3.6 seconds,and within the range of-6-26dB normalized spatial spectrum,it can effectively achieve industrial control network intrusion signal data mining,and the detection effect is the best.
关键词
优先级诊断树/工控网络/入侵数据/关联挖掘方法/数据特征提取/粗糙集Key words
priority diagnosis tree/industrial control network/intrusion data/association mining methods/data feature extraction/rough set引用本文复制引用
基金项目
2020年安徽省教育厅高校优秀青年骨干教师国内访问研修项目(gxgnfx2020138)
2022年安徽中医药高等专科学校自然科学重点研究项目(ZRKXZ202203)
出版年
2024
NETL
NSTL
万方数据