高级检索

    基于特征选择的工业互联网入侵检测分类方法

    Classification Method of Industrial Internet Intrusion Detection Based on Feature Selection

    • 摘要: 由于工业互联网接入设备的多样性和差异性,使其维护困难且易受攻击,针对该安全问题需要引入相关的防御系统来识别各种入侵攻击.传统的入侵检测系统能够检测到的攻击类型较少,且网络流量数据由于存在冗余导致无关特征使得分类性能较差.因此,提出一种基于特征选择的工业互联网入侵检测分类方法.该方法首先对数据集进行预处理,并通过计算特征的皮尔逊相关系数来判断特征的强弱关系,确定最优的阈值进行特征提取;之后从机器学习和深度学习2个角度,利用逻辑回归、支持向量机、K近邻、决策树、随机森林、多层感知机、卷积神经网络和时空网络8种模型分别进行二分类和多分类实验,并作评估.实验结果表明,随机森林的二分类效果最佳,决策树的多分类效果最佳.最后在真实工业互联网实践中验证了所提方法的有效性.

       

      Abstract: Due to the diversity and differences of industrial Internet access equipment, it is difficult to maintain and vulnerable to attacks. For this security problem, it is necessary to introduce relevant defense systems to identify various intrusion attacks. The traditional intrusion detection system can detect fewer types of attacks, and the network traffic data has poor classification performance due to the redundancy of irrelevant features. Therefore, we propose a classification method for industrial Internet intrusion detection based on feature selection. At first, this method preprocesses the dataset, and determines the strength of the feature by calculating the Pearson correlation coefficient of the feature, and determines the optimal threshold for feature extraction; then, from the perspective of machine learning and deep learning, logistic regression is used. Eight models including logistic regression, support vector machine, K-nearest neighbor, decision tree, random forest, multi-layer perceptron, convolutional neural network, and spatial-temporal network are respectively subjected to binary and multi-classification experiments and evaluated. The experimental results show that the binary classification effect of random forest is the best, and the multi-classification effect of decision tree is the best. Finally, the effectiveness of this method is verified in the real industrial Internet practice.

       

    /

    返回文章
    返回