高级检索

    基于相关信息熵和CNN-BiLSTM的工业控制系统入侵检测

    Intrusion Detection of Industrial Control System Based on Correlation Information Entropy and CNN-BiLSTM

    • 摘要: 入侵检测技术旨在有效地检测网络中异常的攻击,对网络安全至关重要.针对传统的入侵检测方法难以从工业控制系统通信数据中提取有效数据特征的问题,提出一种基于相关信息熵和CNN-BiLSTM的入侵检测模型,该模型将基于相关信息熵的特征选择和融合的深度学习算法相结合,因此能够有效去除噪声冗余,减少计算量,提高检测精度.首先针对不平衡样本等问题进行相应预处理,并通过基于相关信息熵的算法进行特征选择,达到去除噪声数据和冗余特征的目的;然后分别运用卷积神经网络(CNN)和双向长短期记忆神经网络(BiLSTM)从时间和空间维度提取数据特征,通过多头注意力机制进行特征融合,进而得出最终检测结果;最后通过单一变量原则和交叉验证方式获得最优的模型.通过与其他传统入侵检测方法实验对比得出:该模型具有更高的准确率(99.21%)和较低的漏报率(0.77%).

       

      Abstract: Intrusion detection aims to effectively detect abnormal attacks in the network, which is critical for cyber security. Considering the problem that traditional intrusion detection methods are difficult to extract effective data features from industrial control system communication data, a intrusion detection model based on correlation information entropy and CNN-BiLSTM is proposed. It combines feature selection based on correlation information entropy with fused deep learning algorithms, and thus it can effectively remove noise redundancy, reduce computation and improve detection accuracy. Firstly, the corresponding pre-processing is carried out for the imbalanced samples, and the algorithm based on correlation information entropy is implied to select the features of the samples to achieve the purposes of removing noise data and redundant features. Then, convolutional neural network (CNN) and bidirectional long short-term memory (BiLSTM) network are applied respectively to extract data features from time and space dimensions, and realize feature fusion through multi-head attention mechanism to obtain the final test results. Finally, the optimal model is obtained by the single variable principle and cross-validation method. Compared with other traditional intrusion detection methods, the model has higher accuracy (99.21%) and lower false negative rate (0.77%).

       

    /

    返回文章
    返回