CN110688287A - Industrial control network situation assessment method based on improved probabilistic neural network - Google Patents
Industrial control network situation assessment method based on improved probabilistic neural network Download PDFInfo
- Publication number
- CN110688287A CN110688287A CN201910394027.6A CN201910394027A CN110688287A CN 110688287 A CN110688287 A CN 110688287A CN 201910394027 A CN201910394027 A CN 201910394027A CN 110688287 A CN110688287 A CN 110688287A
- Authority
- CN
- China
- Prior art keywords
- data
- industrial control
- neural network
- probabilistic neural
- situation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/004—Artificial life, i.e. computing arrangements simulating life
- G06N3/006—Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/047—Probabilistic or stochastic networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Software Systems (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Probability & Statistics with Applications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to an industrial control network situation assessment method based on a probabilistic neural network, which is necessary to integrally monitor and sense the operation condition of an industrial control system aiming at various novel attack techniques and means of the industrial control system. Firstly, preprocessing collected industrial control data and reducing dimensions of the data by using a principal component analysis method; training and predicting the processed data by utilizing a probabilistic neural network, classifying the attack types, and optimizing the parameters of the probabilistic neural network by utilizing a drosophila optimization algorithm, thereby improving the classification accuracy; and finally, finding out other threat factors by combining a specific industrial control scene, and evaluating the state of the system to achieve the effect of monitoring the state of the system.
Description
Technical Field
The invention relates to an industrial control network situation assessment method based on a probabilistic neural network, which is necessary to integrally monitor and sense the operation condition of an industrial control system aiming at various novel attack techniques and means of the industrial control system. Firstly, preprocessing collected industrial control data and reducing dimensions of the data by using a principal component analysis method; training and predicting the processed data by utilizing a probabilistic neural network, classifying the attack types, and optimizing the parameters of the probabilistic neural network by utilizing a drosophila optimization algorithm, thereby improving the classification accuracy; and finally, finding out other threat factors by combining a specific industrial control scene, and evaluating the state of the system to achieve the effect of monitoring the state of the system.
Background
The deep integration of the industrial control system and the internet also causes a series of security challenges while improving the intelligent and informatization degree of the industrial control system, and various novel attack technologies for the industrial control system emerge endlessly, which seriously affects the national security, economic development, social stability and the like, and arouses the high importance of governments of various countries in the world.
The traditional security measures only discover the problems existing in the network from respective angles, do not consider the relevance, and cannot systematically and integrally discover the problems existing in the network. Network security situation awareness is a popular research area that has evolved in recent years. The method can fuse all available information and evaluate the security situation of the network, provides decision basis for security analysts, minimizes risks and losses caused by unsafe factors, and has important significance in improving the monitoring capability and emergency response capability of the network, predicting the development trend of network security and the like.
The safety situation value has the characteristics of uncertainty and nonlinearity, and the neural network has good performance in describing a nonlinear complex system and has good self-adaption, self-organization and infinite approximation capabilities, so the situation is evaluated by using the neural network. At present, a Support Vector Machine (SVM) and a BP neural network are mainly used for situation assessment, but the SVM is difficult to train large-scale data and cannot directly support multiple classifications, the problems of large data quantity and complicated attack types in an industrial control system are difficult to solve, the BP neural network is slow in learning speed and complex in structural design, the problem of easily falling into a local optimal solution exists, and the performance is not very good.
The probability neural network absorbs the advantages of the radial basis function neural network and the classical probability density estimation principle, and has more remarkable advantages in mode classification compared with the traditional feed-forward neural network. The structure of the probabilistic neural network depends on the dimension and the number of training data, the design is simple and easy to change, the convergence rate is high, and therefore the probabilistic neural network is very suitable for real-time processing.
The disadvantage of the probabilistic neural network is that the smoothing factor is not easy to determine and the performance of the network is easily influenced. The fruit Fly Optimization Algorithm (FOA) is a new method for seeking global optimization based on fruit fly foraging behavior deduction, and can find out a global optimal solution in a short time, so that the fruit fly optimization algorithm is used for seeking optimization, the most appropriate parameters are determined, and the classification accuracy is improved.
When the dimension of the training data is too large, a huge neural network structure can be caused, and the training capability is influenced. The principal component analysis method projects the sample data from a high-dimensional space to a low-dimensional space, represents the original data in the low-dimensional space as much as possible, can represent the original data to a greater extent by using data with less dimensionality, and does not influence the property of the original data, so that the principal component analysis method is adopted to reduce the dimensionality of the training data, and the training speed of the neural network is improved.
Based on the thought, the invention provides an industrial control network situation assessment method based on an improved probabilistic neural network, which comprises the steps of firstly preprocessing collected industrial control data, reducing the dimension of the data by using a principal component analysis method, training and predicting the processed data by using the probabilistic neural network optimized by a drosophila optimization algorithm, and classifying the attack types; and finally, finding out other threat factors by combining a specific industrial control scene, and evaluating the state of the system, thereby effectively monitoring and controlling the whole operation condition of the industrial control network and ensuring the safe operation of the industrial control system.
Disclosure of Invention
The invention aims to provide a method for evaluating the situation of an industrial control network, which utilizes data processed by a principal component analysis method and an optimized probabilistic neural network to carry out attack classification and combines other threat factors to evaluate the situation, thereby achieving the purposes of effectively monitoring the overall operation condition of the industrial control network and ensuring the safe operation of an industrial control system. The invention mainly comprises the following steps:
(1) extracting situation information of the industrial control system: collecting data by utilizing equipment such as a heterogeneous sensor and the like to form an original data set;
(2) data preprocessing: normalizing the collected data into a uniform format, then performing normalization processing, and finally performing dimensionality reduction processing on the normalized data by using a principal component analysis method to avoid dimensionality disasters, thereby shortening the calculation time and improving the system performance;
(3) optimization and attack type classification of the neural network: optimizing the probabilistic neural network by using a drosophila optimization algorithm, searching global optimal parameters to construct the probabilistic neural network, and training and predicting the processed data by using the improved probabilistic neural network so as to classify attack types;
(4) and (3) calculating a situation value: and selecting threat factors and indexes of situation evaluation by combining a specific industrial control scene, calculating situation values under different states and different moments, and providing data for next situation prediction.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the present invention is further described with reference to the following drawings and specific embodiments:
FIG. 1 is a system architecture diagram of the present solution;
FIG. 2 is a process of principal component analysis for dimensionality reduction of data;
FIG. 3 is a model for optimizing a probabilistic neural network using a Drosophila optimization algorithm.
Detailed Description
The invention is described in further detail below with reference to the accompanying drawings.
a. Fig. 1 is a system architecture diagram of the present invention, and a detailed flow of the present invention is intuitively and clearly explained, and mainly includes the following contents: information extraction, data preprocessing, attack classification and situation evaluation. The information extraction is to collect information through sensor nodes deployed in an industrial control system, and the collected data is original data, different in expression form and contains noise data, so that the data needs to be processed.
b. And (5) preprocessing the data. The data preprocessing mainly comprises three stages of data format specification, numerical value normalization and data dimension reduction. The standard data format is to convert all data into a numerical form, so that the data is convenient to understand and calculate; the normalization limits the numerical range between [0,1], allows the characteristics of different dimensions to have certain comparability on the numerical value, and can accelerate the calculation speed and precision.
c. And (5) performing a data dimension reduction process. Assuming that the original data is a 10000 × 30 matrix X, the covariance matrix D, its eigenvalues, and eigenvectors are directly calculated since the above normalization is performed. The eigenvectors are sorted by columns according to the size of the eigenvalue to generate a matrix P ', which is a 30 × 30 matrix, and dimension reduction is performed according to the size of the contribution degree, for example, the contribution degree is required to reach 98%, and the contribution degree of the first eight columns is 98.5%, so that the characteristics can be reduced to eight dimensions, at this time, the first eight columns of P' are selected to form P, which is a 30 × 8 matrix, and the data after dimension reduction is Y — XP, which is a 10000 × 8 matrix.
d. And (5) attack classification process. Firstly, the PNN is optimized by using a drosophila optimization algorithm, and then the optimized PNN is used for training the data after dimensionality reduction, so that accurate attack classification is realized. The fruit fly optimization process mainly comprises several stages of initialization, olfactory search process, visual search process and fruit fly iterative optimization.
(1) Initialization is to set relevant parameters such as population size (popsize), maximum iteration number (maxgen), fruit fly population position range (LR) and single Flight Range (FR) of fruit flies, and the position of each individual in the fruit fly population is given by the corresponding two-dimensional coordinates (X, Y).
(2) And (3) olfactory search process: firstly, endowing the fruit flies with new flight directions and distances (Xi, Yi), calculating a taste concentration value Smelli by using the distance Di between the fruit flies and an origin, and determining Smelli as a fit (Di); the fitness function is obtained by using the root mean square error RMSE of a predicted value and an actual value to measure when the PNN is optimized, namely Smelli (fitness) (Di) RMSEi, and the higher the classification accuracy of the PNN is, the smaller the root mean square error RMSE is, so that the initial minimum taste concentration value and the corresponding position of the fruit fly are recorded when the population scale is reached.
(3) And (3) olfactory search process: and (3) increasing the iteration number, executing the smell search process in the step (2) every iteration, and simultaneously recording the optimal taste concentration value and the corresponding fruit fly position information to which other fruit flies in the population fly by using vision.
(4) And (4) iterating and executing the step (3) until the iteration times are met, obtaining the optimal taste concentration value at the moment, and obtaining the optimal smoothing factor of the PNN if the fitness function meets the requirement.
(5) And substituting the optimal smoothing factor into the PNN model, and predicting by using test data, so that the attack types can be accurately classified.
e. And (5) evaluating the situation. Aiming at a specific industrial control scene, collecting other threat factors such as equipment damage degree, fragility, stability and the like and scoring, wherein the higher the score is, the worse the performance is; and for the classified attack types, different attacks are scored by using expert experience, the higher the score is, the larger the threat degree is represented, and finally, the weighted average method is used for evaluating the system state by combining the factors, and the higher the score is, the larger the threat degree is represented.
Claims (5)
1. An industrial control network situation assessment method based on a probabilistic neural network is characterized by comprising the following steps:
a. extracting situation information of the industrial control system: collecting data by utilizing equipment such as a heterogeneous sensor and the like to form an original data set;
b. data preprocessing: normalizing the collected data into a uniform format, then performing normalization processing, and finally performing dimensionality reduction processing on the normalized data by using a principal component analysis method to avoid dimensionality disasters, thereby shortening the calculation time and improving the system performance;
c. optimization and attack type classification of the neural network: optimizing the probabilistic neural network by using a drosophila optimization algorithm, searching global optimal parameters to construct the probabilistic neural network, and training and predicting the processed data by using the improved probabilistic neural network so as to classify attack types;
d. and (3) calculating a situation value: and selecting threat factors and indexes of situation evaluation by combining a specific industrial control scene, calculating situation values under different states and different moments, and providing data for next situation prediction.
2. The industrial control network situation assessment method based on the probabilistic neural network as claimed in claim 1, wherein:
in the step b, the data preprocessing mainly comprises three stages of data format specification, numerical value normalization and data dimension reduction. The canonical data format is to convert all data to numerical form and the normalization is to limit the range of values between [0,1] using the formula (X-Min)/(Max-Min).
3. The industrial control network situation assessment method based on the probabilistic neural network as claimed in claim 1, wherein:
in the step b, the data dimensionality reduction is to calculate a covariance matrix D of an original data matrix X, and eigenvalues and eigenvectors thereof, sort the eigenvectors into a matrix P 'according to the magnitude of the eigenvalues, perform dimensionality reduction according to the magnitude of the contribution degree, and select the first k columns of P' to form P if the dimensionality is reduced to k, so as to obtain the data Y after dimensionality reduction, which is XP.
4. The industrial control network situation assessment method based on the probabilistic neural network as claimed in claim 1, wherein:
in the step c, the drosophila optimization process mainly comprises several stages of initialization, an olfactory search process, a visual search process and drosophila iterative optimization.
5. The industrial control network situation assessment method based on the probabilistic neural network as claimed in claim 1, wherein:
in said step d, the threat level for the classified attack type is scored using expert experience, and a higher score represents a greater threat level. And finally, evaluating the system state by using a weighted average method in combination with other threat factors, wherein the higher the score is, the greater the threat degree is.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910394027.6A CN110688287A (en) | 2019-05-13 | 2019-05-13 | Industrial control network situation assessment method based on improved probabilistic neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910394027.6A CN110688287A (en) | 2019-05-13 | 2019-05-13 | Industrial control network situation assessment method based on improved probabilistic neural network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110688287A true CN110688287A (en) | 2020-01-14 |
Family
ID=69108090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910394027.6A Pending CN110688287A (en) | 2019-05-13 | 2019-05-13 | Industrial control network situation assessment method based on improved probabilistic neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110688287A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114492059A (en) * | 2022-02-07 | 2022-05-13 | 清华大学 | Multi-agent confrontation scene situation assessment method and device based on field energy |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN107104988A (en) * | 2017-07-07 | 2017-08-29 | 太原理工大学 | A kind of IPv6 intrusion detection methods based on probabilistic neural network |
-
2019
- 2019-05-13 CN CN201910394027.6A patent/CN110688287A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN107104988A (en) * | 2017-07-07 | 2017-08-29 | 太原理工大学 | A kind of IPv6 intrusion detection methods based on probabilistic neural network |
Non-Patent Citations (6)
| Title |
|---|
| 朱沛恒: ""基于果蝇算法优化的概率神经网络在变压器故障诊断中的应用"" * |
| 朱沛恒;: "基于果蝇算法优化的概率神经网络在变压器故障诊断中的应用" * |
| 李方伟;王森;朱江;张海波;: "基于增强型概率神经网络的安全态势要素获取" * |
| 谢丽霞;王亚超;于巾博;: "基于神经网络的网络安全态势感知" * |
| 赵广振 等: ""基于主成分分析和概率神经网络的入侵检测方法"" * |
| 赵广振;张翠肖;武辉林;高婧;李旋;: "基于主成分分析和概率神经网络的入侵检测方法" * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114492059A (en) * | 2022-02-07 | 2022-05-13 | 清华大学 | Multi-agent confrontation scene situation assessment method and device based on field energy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106371427B (en) | Industrial process Fault Classification based on analytic hierarchy process (AHP) and fuzzy Fusion | |
| WO2019233189A1 (en) | Method for detecting sensor network abnormal data | |
| CN111614491B (en) | Power monitoring system oriented safety situation assessment index selection method and system | |
| CN104598813B (en) | Computer intrusion detection method based on integrated study and semi-supervised SVM | |
| CN110006649B (en) | Bearing fault diagnosis method based on improved ant lion algorithm and support vector machine | |
| CN113095442B (en) | Hail identification method based on semi-supervised learning under multi-dimensional radar data | |
| CN109273096A (en) | A kind of risk management grading evaluation method based on machine learning | |
| CN103942568A (en) | Sorting method based on non-supervision feature selection | |
| CN111556016B (en) | Network flow abnormal behavior identification method based on automatic encoder | |
| CN102176701A (en) | Active learning based network data anomaly detection method | |
| CN112529638B (en) | Service demand dynamic prediction method and system based on user classification and deep learning | |
| CN111460881A (en) | Traffic sign countermeasure sample detection method and classification device based on neighbor discrimination | |
| CN110987436B (en) | Bearing fault diagnosis method based on excitation mechanism | |
| CN110309887A (en) | Based on the Fuzzy C-Means Clustering method for detecting abnormality for improving flower pollination | |
| CN111680875A (en) | Unmanned aerial vehicle state risk fuzzy comprehensive evaluation method based on probability baseline model | |
| CN115811440B (en) | Real-time flow detection method based on network situation awareness | |
| CN107154923A (en) | A kind of network inbreak detection method based on the very fast learning machine of multilayer | |
| CN117611015B (en) | Real-time monitoring system for quality of building engineering | |
| CN106611016B (en) | A kind of image search method based on decomposable word packet model | |
| CN116633601A (en) | Detection method based on network traffic situation awareness | |
| CN115987552A (en) | Network intrusion detection method based on deep learning | |
| Li et al. | Prediction of wind turbine blades icing based on CJBM with imbalanced data | |
| CN110688287A (en) | Industrial control network situation assessment method based on improved probabilistic neural network | |
| CN111601358B (en) | Multi-stage hierarchical clustering spatial correlation temperature perception data redundancy removing method | |
| CN108763926A (en) | A kind of industrial control system intrusion detection method with security immunization ability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |