工业以太网中多次变异信息入侵检测仿真
|
摘要
为了切实有效地保证工业以太网信息系统安全,提高网络运行质量,需要进行变异信息入侵检测。但是采用入侵检测方法进行变异信息入侵检测时,无法确定发生变异的网络数据主分量,在实际应用中存在检测率低、误报率高等缺陷,难以满足工业以太网信息系统对网络安全的高端需求。提出基于主成分分析的工业以太网多次变异信息入侵检测方法。采用主成分分析方法对工业以太网数据集进行归一化处理,将处理后的数据集降维以确定发生变异的网络数据主分量,用发生变异的主分量信号均值和方差构建特征矩阵,以特征矩阵在近邻两个时段的近似度来描述连续变异信号的差分变化,将其作为特征信号实现多次变异信息的入侵检测。实验结果表明,所提方法在提高多次变异信息检测率的同时降低了误报率,具有鲁棒性。
In order to effectively ensure the security of industrial Ethernet information system and improve the quality of network operation,this paper puts forward a method to detect multiple variation information intrusion in industrial Ethernet based on principal component analysis. Firstly,the method of principal component analysis was used to normalize the data set of industrial Ethernet,and then dimension of data set after the treatment was reduced to determine the main component of network data with variation. Moreover,the mean and variance of principal component signal with variation was used to build feature matrix. Finally,the approximate degree of feature matrix in two adjacent periods was used to describe the differential variation of continuous variation signal. Thus,we achieved intrusion detection of multiple variation information. Simulation results prove that the proposed method reduces the false alarm rate while improving the detection rate of multiple variation information,which has strong bustness.
In order to effectively ensure the security of industrial Ethernet information system and improve the quality of network operation,this paper puts forward a method to detect multiple variation information intrusion in industrial Ethernet based on principal component analysis. Firstly,the method of principal component analysis was used to normalize the data set of industrial Ethernet,and then dimension of data set after the treatment was reduced to determine the main component of network data with variation. Moreover,the mean and variance of principal component signal with variation was used to build feature matrix. Finally,the approximate degree of feature matrix in two adjacent periods was used to describe the differential variation of continuous variation signal. Thus,we achieved intrusion detection of multiple variation information. Simulation results prove that the proposed method reduces the false alarm rate while improving the detection rate of multiple variation information,which has strong bustness.
引文
[1]许勐璠,等.基于半监督学习和信息增益率的入侵检测方案[J].计算机研究与发展,2017,54(10):2255-2267.
[2]姬建新.移动网络入侵特征信息提取检测研究[J].计算机仿真,2017,34(3):289-292.
[3]梁辰,李成海,周来恩.PCA-BP神经网络入侵检测方法[J].空军工程大学学报(自然科学版),2016,17(6):93-98.
[4]申元,等.基于文化算法的层次属性约减入侵检测模型[J].计算机工程,2017,43(7):175-181.
[5]顾兆军,何波.基于可疑队列的多源攻击图入侵检测方法[J].计算机工程与设计,2017,38(6):1408-1413.
[6]陈虹,万广雪,肖振久.基于优化数据处理的深度信念网络模型的入侵检测方法[J].计算机应用,2017,37(6):1636-1643.
[7]朱琨,张琪.机器学习在网络入侵检测中的应用[J].数据采集与处理,2017,32(3):479-488.
[8]任晓奎,缴文斌,周丹.基于粒子群的加权朴素贝叶斯入侵检测模型[J].计算机工程与应用,2016,52(7):122-126.
[9]陈兴亮,李永忠,于化龙.基于IPMeans-KELM的入侵检测算法研究[J].计算机工程与应用,2016,52(22):118-122.
[10]李永忠,陈兴亮,于化龙.基于改进DS证据融合与ELM的入侵检测算法[J].计算机应用研究,2016,33(10):3049-3051.
[2]姬建新.移动网络入侵特征信息提取检测研究[J].计算机仿真,2017,34(3):289-292.
[3]梁辰,李成海,周来恩.PCA-BP神经网络入侵检测方法[J].空军工程大学学报(自然科学版),2016,17(6):93-98.
[4]申元,等.基于文化算法的层次属性约减入侵检测模型[J].计算机工程,2017,43(7):175-181.
[5]顾兆军,何波.基于可疑队列的多源攻击图入侵检测方法[J].计算机工程与设计,2017,38(6):1408-1413.
[6]陈虹,万广雪,肖振久.基于优化数据处理的深度信念网络模型的入侵检测方法[J].计算机应用,2017,37(6):1636-1643.
[7]朱琨,张琪.机器学习在网络入侵检测中的应用[J].数据采集与处理,2017,32(3):479-488.
[8]任晓奎,缴文斌,周丹.基于粒子群的加权朴素贝叶斯入侵检测模型[J].计算机工程与应用,2016,52(7):122-126.
[9]陈兴亮,李永忠,于化龙.基于IPMeans-KELM的入侵检测算法研究[J].计算机工程与应用,2016,52(22):118-122.
[10]李永忠,陈兴亮,于化龙.基于改进DS证据融合与ELM的入侵检测算法[J].计算机应用研究,2016,33(10):3049-3051.