Advanced Search
    Wang Zepeng, Ma Chao, Zhang Zhuangzhuang, Wu Libing, Shi Xiaochuan. Dynamic Decision-Driven Threat Detection Method for Data Elements in Industrial Control Networks[J]. Journal of Computer Research and Development, 2024, 61(10): 2404-2416. DOI: 10.7544/issn1000-1239.202440387
    Citation: Wang Zepeng, Ma Chao, Zhang Zhuangzhuang, Wu Libing, Shi Xiaochuan. Dynamic Decision-Driven Threat Detection Method for Data Elements in Industrial Control Networks[J]. Journal of Computer Research and Development, 2024, 61(10): 2404-2416. DOI: 10.7544/issn1000-1239.202440387

    Dynamic Decision-Driven Threat Detection Method for Data Elements in Industrial Control Networks

    • In recent years, the industrial control network has been developing rapidly. The advantages of digitization, intelligence, and automation have brought significant benefits to the industry while also introducing increasingly complex and variable attack threats. In the context of data element security, timely detection and response to industrial control network threats have become an urgent task to be solved. By continuously monitoring and analyzing the data flow in industrial control networks, the problem of industrial control network threat detection can be transformed into a time series anomaly detection problem. However, the existing time-series anomaly detection methods are limited by the quality of industrial control network datasets and are often sensitive to only a single type of anomaly while ignoring other anomalies. Therefore, in this paper, we propose a deep reinforcement learning and data augmentation based threat detection method in industrial control networks (DELTA). DELTA introduces a novel data augmentation selection technique for time series datasets, which allows for the selection of appropriate data augmentation operations sets tailored to different baseline models to enhance the quality of the industrial control network time series datasets. Simultaneously, deep reinforcement learning algorithms (A2C/PPO) dynamically select candidate models from the baseline models at different time points, leveraging multiple types of anomaly detection models to address the issue of sensitivity to single-type anomalies. The experimental results compared with the existing time series anomaly detection models show that DELTA has a significant improvement in accuracy and F1 value over all baseline models at an acceptable cost of additional time consumption, which verifies the effectiveness and practicality of the method.
    • loading

    Catalog

      Turn off MathJax
      Article Contents

      /

      DownLoad:  Full-Size Img  PowerPoint
      Return
      Return