本文選題：工業(yè)控制網(wǎng)絡(luò) + 入侵檢測(cè)��； 參考：《沈陽(yáng)理工大學(xué)》2017年碩士論文

【摘要】：隨著信息技術(shù)與功能需求的發(fā)展,工業(yè)控制系統(tǒng)越來(lái)越多地與企業(yè)網(wǎng)和互聯(lián)網(wǎng)相連接,形成了一個(gè)開放式的網(wǎng)絡(luò)環(huán)境。工控系統(tǒng)網(wǎng)絡(luò)化發(fā)展導(dǎo)致了系統(tǒng)安全風(fēng)險(xiǎn)和入侵威脅不斷增加,面臨的網(wǎng)絡(luò)安全問(wèn)題也更加突出。由于工控網(wǎng)絡(luò)系統(tǒng)環(huán)境的特殊性,傳統(tǒng)的IT信息安全技術(shù)不能直接應(yīng)用于工業(yè)控制網(wǎng)絡(luò)的安全防護(hù)。本文根據(jù)工業(yè)控制網(wǎng)絡(luò)安全的需求特性,對(duì)工控系統(tǒng)的入侵檢測(cè)技術(shù)進(jìn)行研究,建立基于加權(quán)支持向量機(jī)算法的異常行為檢測(cè)模型,以提高對(duì)攻擊操作的檢測(cè)性能。本文以Modbus/TCP工控網(wǎng)絡(luò)為研究對(duì)象,首先分析了Modbus/TCP工控網(wǎng)絡(luò)結(jié)構(gòu)和通信協(xié)議的安全性,并根據(jù)工業(yè)通信行為特性和通信協(xié)議規(guī)約,提出了基于異常行為操作模式的入侵檢測(cè)特征提取方法,包括直接選擇協(xié)議數(shù)據(jù)特征和構(gòu)造反映行為模式差異的連續(xù)性流量數(shù)據(jù)特征,該方法提取的流量數(shù)據(jù)特征能夠充分應(yīng)用于對(duì)通信行為的檢測(cè)判別,但可能存在冗余的檢測(cè)特征。由于冗余的流量數(shù)據(jù)信息不但影響了工控網(wǎng)絡(luò)通信的實(shí)時(shí)性,也降低了對(duì)異常行為的檢測(cè)率,本文利用粗糙集理論(RST)算法對(duì)檢測(cè)特征進(jìn)行屬性約簡(jiǎn),以去除對(duì)異常攻擊檢測(cè)無(wú)用和干擾的信息,降低入侵檢測(cè)模型的復(fù)雜度和檢測(cè)時(shí)間,提高實(shí)際的入侵檢測(cè)系統(tǒng)應(yīng)用能力。由于工控網(wǎng)絡(luò)正常樣本的數(shù)據(jù)遠(yuǎn)多于異常樣本,傳統(tǒng)支持向量機(jī)算法不能解決由訓(xùn)練數(shù)據(jù)樣本類別之間的差異造成的影響,使得分類錯(cuò)誤率傾向于小樣本類型數(shù)據(jù),即小樣本類別的數(shù)據(jù)分類錯(cuò)誤率高。本文利用加權(quán)支持向量機(jī)算法建立通信行為的檢測(cè)模型,通過(guò)對(duì)數(shù)據(jù)類和數(shù)據(jù)樣本的加權(quán)處理,減小不同的樣本類別對(duì)支持向量機(jī)算法性能的影響,提高入侵檢測(cè)算法的適應(yīng)性。針對(duì)支持向量機(jī)檢測(cè)模型訓(xùn)練時(shí)間長(zhǎng)、檢測(cè)率低的問(wèn)題,本文采用改進(jìn)的PSO算法對(duì)模型參數(shù)進(jìn)行優(yōu)化,通過(guò)調(diào)整慣性權(quán)重提高PSO尋優(yōu)算法的全局最優(yōu)性和加快收斂速率,在經(jīng)過(guò)檢測(cè)模型參數(shù)優(yōu)化處理,不僅提高了對(duì)通信行為的檢測(cè)率,同時(shí)降低了誤報(bào)率和漏報(bào)率,進(jìn)一步地增強(qiáng)了系統(tǒng)的安全防御能力,以滿足工控網(wǎng)絡(luò)入侵檢測(cè)高效性和實(shí)時(shí)性的要求。在對(duì)Modbus/TCP工控網(wǎng)絡(luò)安全分析和建立入侵檢測(cè)模型的基礎(chǔ)上,搭建了實(shí)際的工控網(wǎng)絡(luò)系統(tǒng)環(huán)境,進(jìn)一步地對(duì)所提出的方法進(jìn)行驗(yàn)證分析。通過(guò)提取通信流量數(shù)據(jù),建立入侵檢測(cè)模型所需的訓(xùn)練和測(cè)試數(shù)據(jù)集,并進(jìn)行仿真實(shí)驗(yàn)。研究表明,基于加權(quán)支持向量機(jī)算法的入侵檢測(cè)模型有效提高了對(duì)異常攻擊行為的檢測(cè)能力,對(duì)增強(qiáng)工控網(wǎng)絡(luò)安全具有重要的意義。
[Abstract]:With the development of information technology and function demand, the industrial control system is more and more connected with the enterprise network and the Internet, forming an open network environment. The network development of industrial control system leads to the increasing security risk and invasion of the system, and the problem of network security is also more prominent. The special nature of the environment, the traditional IT information security technology can not be directly applied to the safety protection of the industrial control network. Based on the demand characteristics of the industrial control network security, this paper studies the intrusion detection technology of the industrial control system, and establishes an abnormal behavior detection model based on the weighted support vector machine algorithm, in order to improve the attack operation. In this paper, the Modbus/TCP industrial control network is used as the research object. First, the security of the Modbus/TCP industrial control network structure and communication protocol is analyzed. According to the characteristics of the industrial communication behavior and the protocol specification, an intrusion detection feature extraction method based on abnormal behavior mode is proposed, including the direct selection of the data features of the protocol and the data characteristics of the protocol. The feature of continuous flow data, which reflects the difference of behavior pattern, can be fully applied to the detection and discrimination of the communication behavior, but there may be redundant detection features. The redundant traffic data not only affects the real-time performance of the network communication of the industrial control network, but also reduces the detection of abnormal behavior. In this paper, we use rough set theory (RST) algorithm to reduce the attribute of detection, in order to remove the information of unuseful and interference detection, reduce the complexity and detection time of the intrusion detection model, and improve the application ability of the actual intrusion detection system. The support vector machine algorithm can not solve the influence caused by the difference between the classes of the training data samples, making the classification error rate inclined to the small sample type data, that is, the error rate of the data classification of the small sample class is high. Weighted processing, reducing the impact of different sample classes on the performance of SVM algorithm and improving the adaptability of the intrusion detection algorithm. Aiming at the problem of long training time and low detection rate in support vector machine detection model, the improved PSO algorithm is used to optimize the model parameters, and the PSO optimization algorithm is improved by adjusting the inertia weight. The optimality of the Bureau and the speed of convergence, which not only improves the detection rate of the communication behavior, but also reduces the false alarm rate and the false alarm rate, and further enhances the system's security defense capability to meet the requirements of the high efficiency and real-time performance of the industrial control network intrusion detection. In the Modbus/TCP industrial control network security network. On the basis of the full analysis and establishment of the intrusion detection model, the actual industrial control network system environment is built, and the proposed method is verified and analyzed. The training and test data sets required for the intrusion detection model are established by extracting the traffic data, and the simulation experiment is carried out. The intrusion detection model of the law effectively improves the detection ability of abnormal attack behavior, and is of great significance for enhancing the safety of industrial control network.

【學(xué)位授予單位】：沈陽(yáng)理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08;TP273

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 尚文利;安攀峰;萬(wàn)明;趙劍明;曾鵬;;工業(yè)控制系統(tǒng)入侵檢測(cè)技術(shù)的研究及發(fā)展綜述[J];計(jì)算機(jī)應(yīng)用研究;2017年02期

2 萬(wàn)明;尚文利;曾鵬;趙劍明;;基于功能碼深度檢測(cè)的Modbus/TCP通信訪問(wèn)控制方法[J];信息與控制;2016年02期

3 尚文利;李琳;萬(wàn)明;曾鵬;;基于優(yōu)化單類支持向量機(jī)的工業(yè)控制系統(tǒng)入侵檢測(cè)算法[J];信息與控制;2015年06期

4 李駿驍;;多層差異網(wǎng)絡(luò)深度入侵?jǐn)?shù)據(jù)挖掘方法研究[J];計(jì)算機(jī)仿真;2015年04期

5 隋新;劉瑩;;入侵檢測(cè)技術(shù)的研究[J];科技通報(bào);2014年11期

6 尚文利;張盛山;萬(wàn)明;曾鵬;;基于PSO-SVM的Modbus TCP通訊的異常檢測(cè)方法[J];電子學(xué)報(bào);2014年11期

7 張?jiān)瀑F;佟為明;趙永麗;;CUSUM異常檢測(cè)算法改進(jìn)及在工控系統(tǒng)入侵檢測(cè)中的應(yīng)用[J];冶金自動(dòng)化;2014年05期

8 馮慶華;;蟻群算法選擇特征與WSVM融合的網(wǎng)絡(luò)入侵檢測(cè)[J];江蘇建筑職業(yè)技術(shù)學(xué)院學(xué)報(bào);2014年03期

9 曹明巖;;基于加權(quán)支持向量機(jī)的入侵檢測(cè)研究[J];淮海工學(xué)院學(xué)報(bào)(自然科學(xué)版);2014年03期

10 譚愛平;陳浩;吳伯橋;;基于SVM的網(wǎng)絡(luò)入侵檢測(cè)集成學(xué)習(xí)算法[J];計(jì)算機(jī)科學(xué);2014年02期

相關(guān)博士學(xué)位論文 前2條

1 賈銀山;支持向量機(jī)算法及其在網(wǎng)絡(luò)入侵檢測(cè)中的應(yīng)用[D];大連海事大學(xué);2004年

2 范昕煒;支持向量機(jī)算法的研究及其應(yīng)用[D];浙江大學(xué);2003年

相關(guān)碩士學(xué)位論文 前3條

1 王海鳳;工業(yè)控制網(wǎng)絡(luò)的異常檢測(cè)與防御資源分配研究[D];浙江大學(xué);2014年

2 畢孝儒;基于粗糙集屬性約簡(jiǎn)和加權(quán)SVM的入侵檢測(cè)方法研究[D];西安科技大學(xué);2011年

3 廖明;加權(quán)支持向量機(jī)若干算法的研究及其應(yīng)用[D];湖南大學(xué);2011年

，

本文編號(hào)：1814124