Abstract
Industrial control network is a direct interface between information system and physical control process. Due to the lack of authentication, encryption, and other necessary security protection designs, it has become the main target of malicious attacks under the trend of increasing openness. In order to protect the industrial control systems, we examine the detection of abnormal traffic in industrial control network and propose a method of detecting abnormal traffic in industrial control network based on autoencoder technology. What is more, a new deep autoencoder model was designed to reduce the dimensionality of traffic data in industrial control network. In this article, the Kullback–Leibler divergence was added to the loss function to improve the ability of feature extraction and the ability to recover raw data. Finally, this model was compared with the traditional data dimensionality reduction method (principal component analysis (PCA), independent component analysis, and singular value decomposition) on gas pipeline dataset. The results show that the approach designed in this article outperforms the three methods in different scenes in terms of f1 score.
Highlights
Industrial control system (ICS) is a highly complex integrated system that provides services to people through the coordination of various critical infrastructures
Aiming at the special situation and existing problems of ICSs, in this article, we propose a traffic data dimension reduction method that can handle variable-length data, and a new loss function is designed to speed up the processing speed
In order to test the performance of the classifier after dimension reduction, the data was reduced to 22 and 16 dimensions, respectively, and compared their effects with neural network (NN), support vector machine (SVM), and decision tree (DT) classification model
Summary
Industrial control system (ICS) is a highly complex integrated system that provides services to people through the coordination of various critical infrastructures. With the rapid development of network and information technology, ICS gradually develops toward a networked, open architecture (Vávra and Hromada (2017)) This provides a convenient method for hackers to attack ICS by network, resulting in the network security of ICS having huge security risks. The learning-based abnormal detection model realizes the recognition of normal data and abnormal data by learning the characteristics of all data Anthi et al (2020) These methods only model specific types of attack data; such techniques cannot identify new types of attacks. Aiming at the special situation and existing problems of ICSs, in this article, we propose a traffic data dimension reduction method that can handle variable-length data, and a new loss function is designed to speed up the processing speed.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
