CN106773719A - A kind of industrial control system leak automatic mining method based on BP neural network - Google Patents
A kind of industrial control system leak automatic mining method based on BP neural network Download PDFInfo
- Publication number
- CN106773719A CN106773719A CN201710056656.9A CN201710056656A CN106773719A CN 106773719 A CN106773719 A CN 106773719A CN 201710056656 A CN201710056656 A CN 201710056656A CN 106773719 A CN106773719 A CN 106773719A
- Authority
- CN
- China
- Prior art keywords
- data
- control system
- output
- industrial control
- neural network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B13/00—Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion
- G05B13/02—Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric
- G05B13/04—Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric involving the use of models or simulators
- G05B13/042—Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric involving the use of models or simulators in which a parameter or coefficient is automatically adjusted to optimise the performance
Abstract
The invention discloses a kind of industrial control system leak automatic mining method based on BP, the method includes industrial control system data acquisition module, and neural meta design module, Neural Network Structure Design module, algorithm realizes module;Its core algorithm is the status data for acquiring industrial control system as input, control command is used as output, by normalized, according to the multilayer feedforward neural network that Back Propagation Algorithm is trained, training forms the relation between state and control data, determines the threshold value and weight of neutral net;Then using the BP neural network structure after training, identification is gone to judge there are the data for not meeting BP neural network between real-time industrial control system current state and control command, if in the presence of, it is possible to judge the doubtful industrial control system leak that this group of state of the moment and control data are present.The method need not filter packet, and the real time execution of industrial control system is not influenceed, with very strong practical value.
Description
Technical field
The present invention relates to leak automatic mining field, more particularly to a kind of industrial control system leakage based on BP neural network
Hole automatic mining method.
Background technology
By the end of on January 24th, 2017, the industrial control system leak that national new type of safe leak shared platform is announced had
979, interim Siemens's leak occupies 40.86%, and Advantech leak occupies 19.43%, and Schneider occupies 15.43, Roc Wei
You occupy 12%, and remaining is that the Parallels leaks for being engaged in virtualization occupy 12.29%.High-risk leak is accounted in these leaks
According to 48.18%, middle danger accounts for 45.97%, and low danger accounts for 5.85%.
Common industrial control system leak has communication transfer protocol bug, industrial control equipment leak, industrial control software leak, configuration wrong
Miss leak etc..Communication transfer protocol bug is mainly the leak of the agreements such as TCP/IP, RPC, UDP.Industrial control software leak it is main by
Lack unified security protection specification, generally existing safe design defect, therefore industrial control software in industrial control software easily to be attacked
Person attacks, and obtains the control of equipment, causes serious consequence.
Current Vulnerability-scanning technology is mainly fuzz testing technology, and fuzz testing is a mistake automatically or semi-automatically
Journey, principally falls into Black-box Testing and grey box testing field.Early stage mainly using simple random test technology by 2002 first
File format knowledge and protocol knowledge are dissolved among fuzz testing technology, then by 2007 it is a collection of increase income with business it is fuzzy
Testing tool is come out, and subsequent more new thoughts, the fuzz testing of new method are continued to bring out, such as a kind of overall situation based on fuzz testing
Method, the blur method of the test model, a kind of reasoning of utilization built-up pattern and evolution of related network control aspect leak are all
Bug excavation technology provides strong support.With the development of fuzz testing, the instrument that it is transported to also more variation,
General fuzz testing instrument can be tested for various types of target, with reusability and wide using scope
The advantages of, wherein more representative has Protos, SPIKE, Peach, Sulley, Dfuz and Bunny etc..
Current industrial control system Hole Detection mainly contains rationalistic method, leak rule match using decision function method, lattice
Method, dynamic signature method, communication data analytic method, hash check method, leak characteristic matching method, regular criterion, attribute rationalistic method
Deng.
In sum, although current industrial control system Hole Detection employs all multimodes, mainly uses and is based on
Abnormal data based on Fuzzy detects method, characteristic value matching method, several classes of rule judgment method, BP(Back Propagation)
This Multi-layered Feedforward Networks trained by Back Propagation Algorithm of neutral net are used for pattern-recognition, in industrial control system leakage
Hole excavation applications also seldom occur.Because the real-time of industrial control system is run, it is impossible to which online mining industrial control system leaks
Hole, the relation between analyze data of having no idea, also in the presence of automatic Deficiency of learning ability the characteristics of, in order to solve currently to ask
Topic, we disclose a kind of industrial control system leak automatic mining method based on BP neural network.
The content of the invention
The invention discloses a kind of industrial control system leak automatic mining method based on BP neural network, the method bag
Industrial control system data acquisition module is included, neural meta design module, Neural Network Structure Design module, algorithm realizes module.
Industrial control system data acquisition module of the invention:The mainly normalized of gathered data and data.
Neural meta design module of the invention:Mainly using the status information of industrial control system as input vector,
Control information is used as output vector.
Planned network structure design module of the invention:Mainly include input layer, hidden layer and output layer;Input work
The weights and adjusting thresholds of neutral net are trained by industry control system data sample using back-propagation method, make forcing for output
Close-target vector.
Algorithm of the invention realizes module, is a kind of learning algorithm for having a supervised, and its main thought is:, its specific step
It is rapid as follows:
Step(1):Industrial control system raw data acquisition, gathering the sensing data of industrial control system includes temperature, pressure
Power, humidity, rotating speed, switching-state information, such as valve state and control command;
Step(2):The normalized of data, because the data type for gathering is different, the expression scope of data also has very big
Difference, it is impossible to be directly used in the input vector of BP neural network, it is necessary to be normalized to data, defines conversion regime,
It is converted into the input data that can be received by BP neural network;
Step(3):Input industrial control system training sample:Input vector and output vector are chosen from data as training sample
This, the BP neural network to designing is trained, and generates necessary weight and threshold values;
Step(4):Calculate implicit layer unit output:Connection weight, threshold value according to hidden layer to output layer are calculated, progressively
Determine the weights and threshold value of hidden layer;
Step(5):Calculate output unit output:Transmission function and threshold value, full-time calculating output valve according to BP neural network;
Step(6):Results contrast:Output valve and desired value difference whether less than setting error;
Step(7):If step(6)Decision condition is true, then output result;
Step(8):Decision condition:The difference of output valve and desired value is not more than setting error and cycle-index is more than setting value
Step(9):If step(8)Decision condition is true, then export suspicious leak
Step(10)If step(8)Decision condition is false, adjusts the weights and threshold values of neuron, turns to step(3).
The inventive method acquires the status data of industrial control system as input, and control command passes through as output
Training forms the relation between state and control data, according to neural metwork training structure chart, finds out state and control command
Between relation, and with neural metwork training result as foundation, judge industrial control system doubtful leak that may be present.The party
Method need not filter packet, and the real time execution of industrial control system is not influenceed, with very strong practical value.
Brief description of the drawings:
Fig. 1 is system construction drawing of the invention;
Fig. 2 is neuronal structure figure of the invention;
Fig. 3 is network structure of the invention;
Fig. 4 is algorithm flow chart of the invention.
Fig. 1 is system construction drawing of the invention:A kind of industrial control system leak based on BP neural network digs automatically
Pick method, the method includes industrial control system data acquisition module, neural meta design module, Neural Network Structure Design mould
Block, algorithm realizes module.Industrial control system data acquisition module:Normalized including raw data acquisition and data;
Industrial control system raw data acquisition, gather industrial control system sensing data include temperature, pressure, humidity, rotating speed,
Switching-state information, such as valve state and control command;The normalized of data:Because the data type for gathering differs
Sample, the expression scope of data also has very big difference, it is impossible to be directly used in the input vector of BP neural network, it is necessary to be carried out to data
Normalized, defines conversion regime, is converted into the input data that can be received by BP neural network.
Fig. 2 is neuronal structure figure of the invention:By being input into m industrial control system data, such as temperature, pressure, wet
The communication datas such as degree, rotating speed, set some corresponding connection weights;Industrial control system data and weight after normalization multiply
Product sum compares with threshold values;If the value generates the output valve of neuron more than the threshold values of setting, by transmission function, produce
Output;If the value is less than or equal to threshold values, the output valve of neuron is not produced.
Fig. 3 is BP neural network structure chart of the invention, and it includes input layer, hidden layer and output layer;In input layer
There are m temperature, pressure, humidity, rotating speed after normalized etc. in face, and these data form input vector, the section in hidden layer
Point number is node, forms the weights of node*m, and the output of hidden layer is formed by transmission function, then again by output
Layer is converted into output, when data positive transmission, data by input layer to hidden layer, then to output layer;
If output result is larger with expectation gap, error signal backpropagation, by iteration, promotees as the input of BP neural network
Enter error reduction, approach desired value;There is also node in hidden layer and select incorrect, at the end of causing cycle-index, error is also
Than larger, the situation of ideal expectation value is not reached.
Fig. 4:It is the flow chart of algorithm of the invention, BP neural network algorithm industrial control system leak automatic mining is calculated
Method, this is a kind of learning algorithm for having a supervised, and its main thought is:Input industrial control system data sample, using reverse
Transmission method makes the vector of output close to desired value the weights of neutral net and the adjusting training of deviation, and its specific steps is such as
Under:
Step(1):Industrial control system raw data acquisition, gathering the sensing data of industrial control system includes temperature, pressure
Power, humidity, rotating speed, switching-state information, such as valve state and control command;
Step(2):The normalized of data, because the data type for gathering is different, the expression scope of data also has very big
Difference, it is impossible to be directly used in the input vector of BP neural network, it is necessary to be normalized to data, defines conversion regime,
It is converted into the input data that can be received by BP neural network;
Step(3):Input industrial control system training sample:Input vector and output vector are chosen from data as training sample
This, the BP neural network to designing is trained, and generates necessary weight and threshold values;
Step(4):Calculate implicit layer unit output:Connection weight, threshold value according to hidden layer to output layer are calculated, progressively
Determine the weights and threshold value of hidden layer;
Step(5):Calculate output unit output:Transmission function and threshold value, full-time calculating output valve according to BP neural network;
Step(6):Results contrast:Output valve and desired value difference whether less than setting error;
Step(7):If step(6)Decision condition is true, then output result;
Step(8):Decision condition:The difference of output valve and desired value is not more than setting error and cycle-index is more than setting value
Step(9):If step(8)Decision condition is true, then export suspicious leak
Step(10)If step(8)Decision condition is false, adjusts the weights and threshold values of neuron, turns to step(3).
Claims (6)
1. a kind of industrial control system leak automatic mining method based on BP neural network, it is characterised in that including Industry Control
System Data Collection Module, neural meta design module, Neural Network Structure Design module, algorithm realizes module.
2. industrial control system data acquisition module according to claim 1, it is characterised in that acquire Industry Control system
The state and control data of system, are normalized, and, used as input, control command is used as output for status data.
3. neural meta design module according to claim 1, it is characterised in that the state of the multiple industrial control systems of input
Data set multiple corresponding connection weights as input vector;Industrial control system data and weight after normalization multiply
Product sum compares with threshold values;If the value generates the output valve of neuron more than the threshold values of setting, by transmission function, produce
Output;If the value is less than or equal to threshold values, the output valve of neuron is not produced.
4. Neural Network Structure Design module according to claim 1, it is characterised in that it is included industrial control system
State and control respectively as input layer and output layer;Status data after having normalized inside input layer, these
Data form input vector, and the output of hidden layer is formed by transmission function, are then converted into output, data by output layer again
Forward direction transmission when, data by input layer to hidden layer, then to output layer;If output result and control command data phase
Hope that gap is larger, error signal backpropagation, by iteration, promotes error reduction as the input of BP neural network, approaches the phase
Prestige value.
5. algorithm realizes module according to claim 1, it is characterised in that acquire the status data of industrial control system
Used as input, used as output, by normalized, the multilayer feedforward trained according to Back Propagation Algorithm is neural for control command
Network, training forms the relation between state and control data, determines the threshold value and weight of neutral net;Then using training
BP neural network structure afterwards, goes identification to judge not meeting BP between real-time industrial control system current state and control command
The data of neutral net, if in the presence of, it is possible to judge the doubtful Industry Control that this group of state of the moment and control data are present
System vulnerability.
6. the method need not filter packet, and the real time execution of industrial control system is not influenceed, with very strong practical value,
Comprise the steps of:
Step(1):Industrial control system raw data acquisition, gathering the sensing data of industrial control system includes temperature, pressure
Power, humidity, rotating speed, switching-state information using it as input vector, using control command as output vector;
Step(2):The normalized of data, because the data type for gathering is different, the expression scope of data also has very big
Difference, it is impossible to be directly used in the input vector of BP neural network, it is necessary to be normalized to data, defines conversion regime,
It is converted into the input data received by BP neural network;
Step(3):Input industrial control system training sample:Input vector and output vector are chosen from data as training sample
This, the BP neural network to designing is trained, and generates necessary weight and threshold values;
Step(4):Calculate implicit layer unit output:Connection weight, output layer and hidden layer according to hidden layer to output layer
Output calculation error each neuron of function pair hidden layer;
Step(5):Calculate output unit output:Output unit value is calculated according to computing formula;
Step(6):Results contrast:Output valve and desired value difference whether less than setting error;
Step(7):If step(6)Decision condition is true, then output result;
Step(8):Rule of judgment:Output valve and desired value difference be not more than setting error and cycle-index is more than setting value
Step(9):If step(8)Decision condition is true, then export suspicious leak
Step(10)If step(8)Decision condition is false, and adjustment nerve plays the weights and threshold values of two, turns to step(3).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710056656.9A CN106773719A (en) | 2017-01-25 | 2017-01-25 | A kind of industrial control system leak automatic mining method based on BP neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710056656.9A CN106773719A (en) | 2017-01-25 | 2017-01-25 | A kind of industrial control system leak automatic mining method based on BP neural network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106773719A true CN106773719A (en) | 2017-05-31 |
Family
ID=58941992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710056656.9A Pending CN106773719A (en) | 2017-01-25 | 2017-01-25 | A kind of industrial control system leak automatic mining method based on BP neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106773719A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110414664A (en) * | 2018-04-28 | 2019-11-05 | 三星电子株式会社 | For training the method and neural metwork training system of neural network |
| CN110991519A (en) * | 2019-11-28 | 2020-04-10 | 上海宏力达信息技术股份有限公司 | Intelligent switch state analysis and adjustment method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052730A (en) * | 2013-03-13 | 2014-09-17 | 通用电气公司 | Intelligent Cyberphysical Intrusion Detection And Prevention Systems And Methods For Industrial Control Systems |
| CN105991517A (en) * | 2015-01-28 | 2016-10-05 | 中国信息安全测评中心 | Vulnerability discovery method and device |
| CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
| CN106230857A (en) * | 2016-08-30 | 2016-12-14 | 上海新华控制技术(集团)有限公司 | A kind of active leakage location towards industrial control system and detection method |
| CN106254330A (en) * | 2016-07-29 | 2016-12-21 | 中国电子科技集团公司第五十四研究所 | A kind of software defined network intrusion detection method based on BP neutral net |
-
2017
- 2017-01-25 CN CN201710056656.9A patent/CN106773719A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052730A (en) * | 2013-03-13 | 2014-09-17 | 通用电气公司 | Intelligent Cyberphysical Intrusion Detection And Prevention Systems And Methods For Industrial Control Systems |
| CN105991517A (en) * | 2015-01-28 | 2016-10-05 | 中国信息安全测评中心 | Vulnerability discovery method and device |
| CN106230780A (en) * | 2016-07-19 | 2016-12-14 | 国网四川省电力公司电力科学研究院 | A kind of intelligent transformer substation information and control system safety analysis Evaluation Platform |
| CN106254330A (en) * | 2016-07-29 | 2016-12-21 | 中国电子科技集团公司第五十四研究所 | A kind of software defined network intrusion detection method based on BP neutral net |
| CN106230857A (en) * | 2016-08-30 | 2016-12-14 | 上海新华控制技术(集团)有限公司 | A kind of active leakage location towards industrial control system and detection method |
Non-Patent Citations (1)
| Title |
|---|
| 姚赟政等: ""工控设备状态检测中BP神经网络模型的应用"", 《北京邮电大学学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110414664A (en) * | 2018-04-28 | 2019-11-05 | 三星电子株式会社 | For training the method and neural metwork training system of neural network |
| CN110991519A (en) * | 2019-11-28 | 2020-04-10 | 上海宏力达信息技术股份有限公司 | Intelligent switch state analysis and adjustment method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Feng et al. | Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks | |
| Linda et al. | Neural network based intrusion detection system for critical infrastructures | |
| CN113206842B (en) | Distributed safety state reconstruction method based on double-layer dynamic switching observer | |
| CN104486141A (en) | Misdeclaration self-adapting network safety situation predication method | |
| CN108833416A (en) | A kind of SCADA system Information Security Risk Assessment Methods and system | |
| CN103957203B (en) | A kind of network security protection system | |
| CN108259498A (en) | A kind of intrusion detection method and its system of the BP algorithm based on artificial bee colony optimization | |
| CN111181971B (en) | System for automatically detecting industrial network attack | |
| US11343266B2 (en) | Self-certified security for assured cyber-physical systems | |
| CN108512841A (en) | A kind of intelligent system of defense and defence method based on machine learning | |
| CN106357470A (en) | Quick sensing method for network threat based on SDN controller | |
| CN111224973A (en) | Network attack rapid detection system based on industrial cloud | |
| CN106773719A (en) | A kind of industrial control system leak automatic mining method based on BP neural network | |
| Jasim | Improving intrusion detection systems using artificial neural networks | |
| CN114362994B (en) | Multilayer different-granularity intelligent aggregation railway system operation behavior safety risk identification method | |
| CN116991947B (en) | Automatic data synchronization method and system | |
| Cazorla et al. | Towards automatic critical infrastructure protection through machine learning | |
| CN106933097A (en) | A kind of Fault Diagnosis for Chemical Process method based on multi-level optimization PCC SDG | |
| CN115310586A (en) | Method and system for predicting operation situation of active power distribution network information physical system aiming at network attack | |
| Yin et al. | Botnet detection based on genetic neural network | |
| CN114006744A (en) | LSTM-based power monitoring system network security situation prediction method and system | |
| CN111988184B (en) | Broadcast storm detection and processing method based on situation awareness | |
| CN115604016B (en) | Industrial control abnormal behavior monitoring method and system of behavior feature chain model | |
| Ramadan et al. | A Hierarchical approach for isolating sensor faults from un-stealthy attacks in large-scale systems | |
| Deng et al. | Network security intrusion detection system based on incremental improved convolutional neural network model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170531 |