CN106125643A - A kind of industry control safety protection method based on machine learning techniques - Google Patents
A kind of industry control safety protection method based on machine learning techniques Download PDFInfo
- Publication number
- CN106125643A CN106125643A CN201610456944.9A CN201610456944A CN106125643A CN 106125643 A CN106125643 A CN 106125643A CN 201610456944 A CN201610456944 A CN 201610456944A CN 106125643 A CN106125643 A CN 106125643A
- Authority
- CN
- China
- Prior art keywords
- signal
- data
- machine learning
- flow data
- signal flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/048—Monitoring; Safety
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Alarm Systems (AREA)
Abstract
The present invention discloses a kind of industry control safety protection method based on machine learning techniques, comprising: the data that between acquisition control system, signal sends, and it is processed as the signal flow data of reaction signal sending direction and order;Abnormality detection;The signal flow data that reception processes, and described data are carried out abnormity detection based on machine learning framework, draw the conclusion whether having the abnormal situation in routine operation to occur;Storage historical signal flow database sample;According to the result of abnormality detection, make normal operating, send the operation reporting to the police or producing relevant refusal instruction.After signal sends between industrial control system data being gathered by this method and carry out pretreatment, abnormity based on machine learning framework to described data detects, when there being the abnormal situation in routine operation to occur, automatically send and report to the police or produce relevant refusal instruction.
Description
Technical field
The present invention relates to a kind of industry control safety protection method based on machine learning techniques, belong to industry control security technology area.
Background technology
Industrial control system is to use the technology such as control theory, computer science, instrument and meter, various to production process
Information gathering, analyze, process, and carry out optimal control and reasonably scheduling, management, to reach to improve a kind of control of production efficiency
System processed.Industrial control system is segmented into safely three aspects, i.e. functional safety, physical security and information security.Wherein merit
Can be safely to reach equipment and factory safety function, shielded and control equipment security related components must be correct
Perform its function, and when losing efficacy or fault occurs, equipment or system must remain to keep safety condition or enter into safety
State.The data that we can send by gathering the signal between industrial control system carry out abnormality detection, pass through historical pattern
Data exception is judged with model prediction.
Summary of the invention
It is an object of the invention to provide industry control safety protection method based on machine learning techniques, it is based on machine learning skill
Art, the signal between monitor control system sends.When there being the situation differing from routine operation to occur, automatically generate warning or protect
Protect relevant equipment refusal instruction.
Described method includes:
The data that between step 101, acquisition control system, signal sends, and it is processed as reaction signal sending direction and order
Signal flow data;
Step 103, abnormality detection;
Step 105, storage historical signal flow database sample;
Step 107, result according to abnormality detection, make normal operating, send and report to the police or produce relevant refusal and refer to
The operation of order.
Wherein, described step 103 comprises the following steps:
2.1, in the case of hypothesis is N/R, obtain described signal flow data, form signal flow data set, and it is entered
Row pretreatment based on machine learning techniques;
2.2, the abnormity of signal flow data set next time is analyzed;
2.3, judge whether control system has exception;
2.4, associative operation is carried out according to judged result.
Wherein, described step 2.2 is particularly as follows: the actuarial prediction data that draw of receiving step 2.1, and according to described prediction number
It is estimated the signal flow data next time obtained from data acquisition and pretreatment module.
Wherein, described step 2.3 is particularly as follows: according to the predictive value of signal flow data set next time and actual value, to described
The abnormity of signal flow data set judges next time.
Wherein, described step 2.4 particularly as follows: according to described abnormity judged result make normal operating, send warning or
It is the decision-making of the operation producing relevant refusal instruction, according to described abnormity judged result, described prediction data is made simultaneously
Update, this signal flow data set is sent to data storage cell to update historical signal flow database sample.
Wherein, the method in described step 2.2 judged the abnormity of the described flow data set of signal next time is concrete
Comprise the following steps:
3.1, compare the actual value of described predictive value and the flow data of signal next time of acquisition, draw both difference DELTA;
3.2, obtain and measured signal flow data has identical time step and the historical data base of system operation background
Sample, calculates the standard deviation of this sample;
3.3, described difference and standard deviation scope are compared:
If difference DELTA is not within the scope of [-δ, δ], calculate deviation value P, wherein P=| | Δ |-δ |;If difference DELTA
Within the scope of [-δ, δ], then send a signal certainly, determine situation without exception.
Wherein, the method that described step 2.3 carries out decision-making specifically includes following steps:
If 4.1 judged results are deviation value P, then carry out step 4.2, if data are a signal certainly, then carry out step
4.3;
If 4.2 receive deviation value P, will deviate from value P and the decision content λ set compares, if deviation value P is less than sentencing
Definite value λ, sends alarm signal;If deviation value P is more than or equal to decision content λ, then send protection signal, meanwhile, update this signal
Flow data sample, and it is labeled as anomalous event;
If 4.3 receive signal certainly, then sample data is updated, for detection signal flow data next time.
The beneficial effect comprise that
1, by machine learning techniques, signal transmission between control system is carried out abnormality detection, thus provide and assuming nothing
Under abnormal conditions, the statistical distribution prediction of signal stream mode, improves the anomalous identification rate of industrial control system, has saved a large amount of simultaneously
Manpower.
2, described industry control security protection can be abnormal from perception with alarm method, and after noting abnormalities, make and automatically generating
Report to the police or the operation of the equipment refusal instruction that protection is relevant.
3, can be by the mirror image copies regular update of the historical data in home server main frame in Cloud Server, it is to avoid because of
Server host damages the loss caused.
Accompanying drawing explanation
By reading the detailed description of hereafter preferred implementation, various other advantage and benefit common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical parts.In the accompanying drawings:
Fig. 1 is the flow chart of present invention industry control based on machine learning techniques safety protection method.
Fig. 2 is detecting step schematic block diagram in the present invention.
Fig. 3 is the abnormity determination methods flow chart of signal flow data set in the present invention.
Fig. 4 is the step schematic block diagram that in the present invention, decision-making module carries out decision-making.
Detailed description of the invention
It is more fully described the illustrative embodiments of the disclosure below with reference to accompanying drawings.Although accompanying drawing shows these public affairs
The illustrative embodiments opened, it being understood, however, that may be realized in various forms the disclosure and the reality that should not illustrated here
The mode of executing is limited.On the contrary, it is provided that these embodiments are able to be best understood from the disclosure, and can be by these public affairs
What the scope opened was complete conveys to those skilled in the art.
As it is shown in figure 1, the present invention discloses a kind of industry control safety protection method based on machine learning techniques, comprising:
The data that between step 101, acquisition control system, signal sends, and it is processed as reaction signal sending direction and order
Signal flow data.
Wherein, sent by the signal between data acquisition and pretreatment module monitoring control system, acquisition control system
Between the data that send of signal, and these data are processed into the form of signal stream of reaction signal sending direction and order.
Step 103, abnormality detection.
Wherein, the signal flow data processed in receiving step 101, and described data are carried out different based on machine learning framework
Perseverance detects, and draws the conclusion whether having the abnormal situation in routine operation to occur.
Step 105, storage historical signal flow database sample.
Step 107, result according to abnormality detection, make normal operating, send and report to the police or produce relevant refusal and refer to
The operation of order.
As in figure 2 it is shown, in described based on machine learning techniques the industry control safety protection method of present invention proposition, detecting step bag
Include: 2.1, in the case of hypothesis is N/R, obtain described signal flow data, form signal flow data set, and it is carried out base
Pretreatment in machine learning techniques;2.2, the abnormity of signal flow data set next time is analyzed;2.3, judge control
Whether system has exception;2.4, associative operation is carried out according to judged result.
Wherein, above step particularly as follows: step 2.2, actuarial prediction data that receiving step 2.1 draws, and according to described
The signal flow data next time that prediction data estimation obtains from data acquisition and pretreatment module;In step 2.3, according to next time
The predictive value of signal flow data set and actual value, judge the abnormity of the described flow data set of signal next time;In step
2.4, make normal operating according to described abnormity judged result, send and report to the police or produce the relevant operation refusing instruction
Decision-making, makes renewal according to described abnormity judged result to described prediction data simultaneously, this signal flow data set is sent
To data storage cell to update historical signal flow database sample.
As it is shown on figure 3, in described based on machine learning techniques the industry control safety protection method of present invention proposition, described step
The method in 2.2 judged the abnormity of the described flow data set of signal next time specifically includes following steps:
3.1, compare the actual value of described predictive value and the flow data of signal next time of acquisition, draw both difference DELTA;
3.2, obtain and measured signal flow data has identical time step and the historical data base of system operation background
Sample, calculates the standard deviation of this sample;
3.3, described difference and standard deviation scope are compared:
If difference DELTA is not within the scope of [-δ, δ], calculate deviation value P, wherein P=| | Δ |-δ |;If difference DELTA
Within the scope of [-δ, δ], then send a signal certainly, determine situation without exception.
As shown in Figure 4, in described based on machine learning techniques the industry control safety protection method that the present invention proposes, described step
2.3 methods carrying out decision-making specifically include following steps:
If 4.1 judged results are deviation value P, then carry out step 4.2, if data are a signal certainly, then carry out step
4.3;
If 4.2 receive deviation value P, will deviate from value P and the decision content λ set compares, if deviation value P is less than sentencing
Definite value λ, sends alarm signal;If deviation value P is more than or equal to decision content λ, then send protection signal.Meanwhile, this signal is updated
Flow data sample, and it is labeled as anomalous event;
If 4.3 receive signal certainly, then sample data is updated, for detection signal flow data next time.
In described based on machine learning techniques the industry control safety protection method that the present invention proposes, can locally stored signal flow data
Collection, sample data, store the data in home server main frame;Can also be by the history number in home server main frame
According to mirror image copies regular update in Cloud Server, it is to avoid because home server main frame damages the loss that causes.
In described based on machine learning techniques the industry control safety protection method that the present invention proposes, when the alarm signal receiving transmission
Number time, produce report to the police;When receiving the protection signal of transmission, the instruction of refusal operation can be sent, make control system to enter
Row associative operation.
The present invention with tradition industry control security protection compared with alarm method, by machine learning techniques to control system between
Signal sends and carries out abnormality detection, thus provides the statistical distribution prediction of signal stream mode in the case of hypothesis is without exception, improves
The anomalous identification rate of industrial control system, has saved substantial amounts of manpower simultaneously.
The present invention is with tradition industry control security protection compared with alarm method, and described industry control security protection can be certainly with alarm method
Perception is abnormal, and after noting abnormalities, makes automatically generating and report to the police or the operation of the equipment refusal instruction that protection is relevant.
The present invention with tradition industry control security protection compared with alarm method, can be by home server by network storage mode
The mirror image copies regular update of the historical data in main frame is in Cloud Server, it is to avoid because server host damages the damage caused
Lose.
The above, the only present invention preferably detailed description of the invention, but protection scope of the present invention is not limited thereto,
Any those familiar with the art in the technical scope that the invention discloses, the change that can readily occur in or replacement,
All should contain within protection scope of the present invention.Therefore, protection scope of the present invention answers the described protection model with claim
Enclose and be as the criterion.
Claims (7)
1. an industry control safety protection method based on machine learning techniques, comprising:
The data that between step 101, acquisition control system, signal sends, and it is processed as the letter of reaction signal sending direction and order
Number flow data;
Step 103, abnormality detection;
Step 105, storage historical signal flow database sample;
Step 107, result according to abnormality detection, make normal operating, send and report to the police or produce relevant refusal instruction
Operation.
2. industry control safety protection method based on machine learning techniques as claimed in claim 1, wherein said step 103 includes following step
Rapid:
2.1, in the case of hypothesis is N/R, obtain described signal flow data, form signal flow data set, and it is carried out base
Pretreatment in machine learning techniques;
2.2, the abnormity of signal flow data set next time is analyzed;
2.3, judge whether control system has exception;
2.4, associative operation is carried out according to judged result.
3. industry control safety protection method based on machine learning techniques as claimed in claim 2, wherein said step 2.2 is particularly as follows: connect
Receive the actuarial prediction data that step 2.1 draws, and obtain from data acquisition and pretreatment module according to the estimation of described prediction data
Signal flow data next time.
4. as claimed in claim 2 industry control safety protection method based on machine learning techniques, wherein said step 2.3 is particularly as follows: root
According to predictive value and the actual value of signal flow data set next time, the abnormity of the described flow data set of signal next time is sentenced
Disconnected.
5. as claimed in claim 2 industry control safety protection method based on machine learning techniques, wherein said step 2.4 is particularly as follows: root
Make normal operating according to described abnormity judged result, send the decision-making of the operation reporting to the police or producing relevant refusal instruction,
According to described abnormity judged result, described prediction data is made renewal simultaneously, this signal flow data set is sent to data
Memory element is to update historical signal flow database sample.
6. as claimed in claim 2 industry control safety protection method based on machine learning techniques, under described in wherein said step 2.2
The method that the abnormity of signal flow data set carries out judging specifically includes following steps:
3.1, compare the actual value of described predictive value and the flow data of signal next time of acquisition, draw both difference DELTA;
3.2, obtain and measured signal flow data have identical time step and the historical data base sample of system operation background,
Calculate the standard deviation of this sample;
3.3, described difference and standard deviation scope are compared:
If difference DELTA is not within the scope of [-δ, δ], calculate deviation value P, wherein P=| | Δ |-δ |;If difference DELTA [-
δ, δ] within the scope of, then send a signal certainly, determine situation without exception.
7. industry control safety protection method based on machine learning techniques as claimed in claim 2, wherein said step 2.3 carries out decision-making
Method specifically includes following steps:
If 4.1 judged results are deviation value P, then carry out step 4.2, if data are a signal certainly, then carry out step 4.3;
If 4.2 receive deviation value P, will deviate from value P and the decision content λ set compares, if deviation value P is less than decision content
λ, sends alarm signal;If deviation value P is more than or equal to decision content λ, then sends protection signal, meanwhile, update this signal stream
Data sample, and it is labeled as anomalous event;
If 4.3 receive signal certainly, then sample data is updated, for detection signal flow data next time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610456944.9A CN106125643A (en) | 2016-06-22 | 2016-06-22 | A kind of industry control safety protection method based on machine learning techniques |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610456944.9A CN106125643A (en) | 2016-06-22 | 2016-06-22 | A kind of industry control safety protection method based on machine learning techniques |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106125643A true CN106125643A (en) | 2016-11-16 |
Family
ID=57267844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610456944.9A Pending CN106125643A (en) | 2016-06-22 | 2016-06-22 | A kind of industry control safety protection method based on machine learning techniques |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106125643A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111709034A (en) * | 2020-05-29 | 2020-09-25 | 成都金隼智安科技有限公司 | Machine learning-based industrial control environment intelligent safety detection system and method |
| CN112907219A (en) * | 2021-03-24 | 2021-06-04 | 苏州可米可酷食品有限公司 | Configurable business controller for intelligent production line |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045357A (en) * | 2010-12-29 | 2011-05-04 | 深圳市永达电子股份有限公司 | Affine cluster analysis-based intrusion detection method |
| CN103580960A (en) * | 2013-11-19 | 2014-02-12 | 佛山市络思讯环保科技有限公司 | Online pipe network anomaly detection system based on machine learning |
| CN104063747A (en) * | 2014-06-26 | 2014-09-24 | 上海交通大学 | Performance abnormality prediction method in distributed system and system |
| EP2801937A1 (en) * | 2013-05-09 | 2014-11-12 | Rockwell Automation Technologies, Inc. | Industrial device and system attestation in a cloud platform |
| CN104156473A (en) * | 2014-08-25 | 2014-11-19 | 哈尔滨工业大学 | LS-SVM-based method for detecting anomaly slot of sensor detection data |
| CN104688251A (en) * | 2015-03-02 | 2015-06-10 | 西安邦威电子科技有限公司 | Method for detecting fatigue driving and driving in abnormal posture under multiple postures |
-
2016
- 2016-06-22 CN CN201610456944.9A patent/CN106125643A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045357A (en) * | 2010-12-29 | 2011-05-04 | 深圳市永达电子股份有限公司 | Affine cluster analysis-based intrusion detection method |
| EP2801937A1 (en) * | 2013-05-09 | 2014-11-12 | Rockwell Automation Technologies, Inc. | Industrial device and system attestation in a cloud platform |
| CN103580960A (en) * | 2013-11-19 | 2014-02-12 | 佛山市络思讯环保科技有限公司 | Online pipe network anomaly detection system based on machine learning |
| CN104063747A (en) * | 2014-06-26 | 2014-09-24 | 上海交通大学 | Performance abnormality prediction method in distributed system and system |
| CN104156473A (en) * | 2014-08-25 | 2014-11-19 | 哈尔滨工业大学 | LS-SVM-based method for detecting anomaly slot of sensor detection data |
| CN104688251A (en) * | 2015-03-02 | 2015-06-10 | 西安邦威电子科技有限公司 | Method for detecting fatigue driving and driving in abnormal posture under multiple postures |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111709034A (en) * | 2020-05-29 | 2020-09-25 | 成都金隼智安科技有限公司 | Machine learning-based industrial control environment intelligent safety detection system and method |
| CN112907219A (en) * | 2021-03-24 | 2021-06-04 | 苏州可米可酷食品有限公司 | Configurable business controller for intelligent production line |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110210512B (en) | Automatic log anomaly detection method and system | |
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| CN106096789A (en) | A kind of based on machine learning techniques can be from the abnormal industry control security protection of perception and warning system | |
| EP3373091A1 (en) | Generic framework to detect cyber threats in electric power grid | |
| CN108445410A (en) | A kind of method and device of monitoring accumulator group operating status | |
| US20150304346A1 (en) | Apparatus and method for detecting anomaly of network | |
| CN109034400B (en) | Transformer substation abnormal measurement data prediction platform system | |
| CN113344133B (en) | Method and system for detecting abnormal fluctuation of time sequence behaviors | |
| CN108199891B (en) | Cps network attack identification method based on artificial neural network multi-angle comprehensive decision | |
| CN115372816B (en) | Power distribution switchgear operation fault prediction system and method based on data analysis | |
| CN113687972A (en) | Method, device and equipment for processing abnormal data of business system and storage medium | |
| CN117474357A (en) | Power distribution room operation and maintenance management method and system based on deep learning | |
| CN117614978A (en) | Information security communication management system for digital workshop | |
| CN117439916A (en) | Network security test evaluation system and method | |
| CN113673600B (en) | Industrial signal abnormality early warning method, system, storage medium and computing device | |
| CN113676343B (en) | Fault source positioning method and device for power communication network | |
| CN106125643A (en) | A kind of industry control safety protection method based on machine learning techniques | |
| CN114460519A (en) | On-site and terminal fusion management system and method based on power transformer inspection | |
| CN113268844B (en) | Fault equipment acquisition method, device and equipment for power line | |
| CN114598480A (en) | Method and system for processing machine data of network security operation platform | |
| CN116566637A (en) | Network security operation and maintenance method and operation and maintenance system in power industry | |
| CN114942364A (en) | Substation fault diagnosis method and system based on knowledge graph technology | |
| CN115689320A (en) | Health management method and device for base station operation and computer readable storage medium | |
| CN117521084B (en) | Active safety early warning method for complex system | |
| CN117935519B (en) | Gas detection alarm system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161116 |