基于胶囊网络的工业互联网入侵检测方法

doi:10.12263/DZXB.20201275

摘要/Abstract

摘要：

工业互联网在快速发展的同时，面临着严峻的信息安全风险.针对传统入侵检测方法准确性低、难以适应工业互联网海量不平衡数据的问题，提出一种基于胶囊网络的工业互联网入侵检测方法.首先，基于残差块构建特征提取模块，引入全局平均池化层得到高质量的数据特征；其次，使用动态路由算法，通过迭代的方式对入侵数据特征进行聚类，在胶囊网络模块完成数据分类.基于Modbus/TCP协议的气体管道传感器网络数据集的测试结果表明，该方法可以在隐性提取特征的同时改善检测准确率.与所列算法对比，本文方法提高了检测指标，对不平衡数据有更强的鲁棒性，更接近工业互联网入侵检测技术需求.

关键词: 工业互联网, 入侵检测, 胶囊网络, 残差网络

Abstract:

Industrial internet is rapidly growing up while encountering severe information security risks at the same time. Aiming at the problem that traditional intrusion detection methods are low in accuracy and difficult to adapt to the massive unbalanced data of industrial Internet, an industrial Internet intrusion detection method based on capsule network is proposed. Firstly, a module involved feature extraction module is constructed based on the residual block, and a global average pooling layer is introduced to get high-quality data features. Secondly, the dynamic routing algorithm is introduced. The intrusion data features are clustered through iteration, and classification are completed in the module based on capsule network. The test results out of the data set from sensor network with Modbus/TCP protocol used in gas pipeline show that the method can improve the accuracy rate while extracting features implicitly. Compared to the listed algorithms, the proposed method in this paper performs better in test indexes with stronger robustness to unbalanced data and is closer to meet the needs of intrusion detection from industrial Internet.

Key words: industrial Internet, intrusion detection, capsule network, residual network

中图分类号:

TN918.91

胡向东, 李之涵. 基于胶囊网络的工业互联网入侵检测方法[J]. 电子学报, 2022, 50(6): 1457-1465.

HU Xiang-dong, LI Zhi-han. Intrusion Detection Method Based on Capsule Network for Industrial Internet[J]. Acta Electronica Sinica, 2022, 50(6): 1457-1465.

图/表 16

参考文献 22

1	DALENOGAREL S, BENITEZG B, AYALAN F, et al. The expected contribution of Industry 4.0 technologies for industrial performance[J]. International Journal of Production Economics, 2018, 204: 383-394.
2	ALLADIT, CHAMOLAV, ZEADALLYS. Industrial control systems: Cyberattack trends and countermeasures[J]. Computer Communications, 2020, 155: 1-8.
3	MARKOVIC-PETROVICJ D, STOJANOVICM D, RAKASS V B. A fuzzy AHP approach for security risk assessment in SCADA networks[J]. Advances in Electrical and Computer Engineering, 2019, 19(3): 69-74.
4	ZOLANVARIM, TEIXEIRAM A, GUPTAL, et al. Machine learning-based network vulnerability analysis of industrial Internet of Things[J]. IEEE Internet of Things Journal, 2019, 6(4): 6822-6834.
5	TONGD, QUY R, PRASANNAV K. Accelerating decision tree based traffic classification on FPGA and multicore platforms[J]. IEEE Transactions on Parallel and Distributed Systems, 2017, 28(11): 3046-3059.
6	ALVEST, DAS R, MORRIST. Embedding encryption and machine learning intrusion prevention systems on programmable logic controllers[J]. IEEE Embedded Systems Letters, 2018, 10(3): 99-102.
7	江泽涛, 周谭盛子, 韩立尧. 基于感知哈希矩阵的最近邻入侵检测算法[J]. 电子学报, 2019, 47(7): 1538-1546.
	JIANGZ T, ZHOUT S Z, HANL Y. Nearest neighbor intrusion detection method based on perceived hash matrix [J]. Acta Electronica Sinica, 2019, 47(7):1538-1546. (in Chinese)
8	POTLURIS, HENRYN F, DIEDRICHC. Evaluation of hybrid deep learning techniques for ensuring security in networked control systems[C]//2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation(ETFA). Limassol: IEEE, 2017: 1-8.
9	王勇, 周慧怡, 俸皓, 等. 基于深度卷积神经网络的网络流量分类方法[J]. 通信学报, 2018, 39(1): 14-23.
	WANGY, ZHOUH Y, FENGH, et al. Network traffic classification method basing on CNN[J]. Journal on Communications, 2018, 39(1): 14-23. (in Chinese)
10	陈红松, 陈京九. 基于循环神经网络的无线网络入侵检测分类模型构建与优化研究[J]. 电子与信息学报, 2019, 41(6): 1427-1433.
	CHENH S, CHENJ J. Recurrent neural networks based wireless network intrusion detection and classification model construction and optimization [J]. Journal of Electronics and Information Technology, 2019, 41(6): 1427-1433. (in Chinese)
11	HEY B, MENDISG J, WEIJ. Real-time detection of false data injection attacks in smart grid: A deep learning-based intelligent mechanism[J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2505-2516.
12	SABOURS, FROSSTN, HINTONG E. Dynamic routing between capsules[C]//Neural Information Processing Systems. California: NIPS Proceeding, 2017: 3856-3866.
13	DENGF, PUS L, CHENX H, et al. Hyperspectral image classification with capsule network using limited training samples[J]. Sensors, 2018, 18(9): 3153.
14	HEK M, ZHANGX Y, RENS Q, et al. Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. USA: IEEE, 2016: 770-778.
15	赵耀霞, 吴桐, 韩焱. 基于卷积神经网络的复杂构件内部零件装配正确性识别[J]. 电子学报, 2018, 46(8): 1983-1988.
	ZHAOY X, WUT, HANY. Nearest identifying the correctness of fit of internal components based on a convolutional neural network [J]. Acta Electronica Sinica, 2018, 46(8): 1983-1988. (in Chinese)
16	DONGX Y, HUANGJ S, YANGY, et al. More is less: A more complicated network with less inference complexity[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. USA: IEEE, 2017: 5840-5848.
17	LIJ Q, YUF R, DENGG, et al. Industrial Internet: A survey on the enabling technologies, applications, and challenges[J]. IEEE Communications Surveys & Tutorials, 2017, 19(3): 1504-1526.
18	魏琴芳, 吕博文, 胡向东. 基于稀疏化LSSVM的物联网轻量级入侵检测方法[J]. 重庆邮电大学学报(自然科学版), 2021, 33(3): 475-481.
	WEIQ F, LVB W, HUX D. A lightweight intrusion detection method for the Internet of things based on sparse LSSVM[J]. Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition), 2021, 33(3): 475-481. (in Chinese)
19	MANTEREM, SAILIOM, NOPONENS. Network traffic features for anomaly detection in specific industrial control system network[J]. Future Internet, 2013, 5(4):460-473.
20	MORRIST, GAOW. Industrial control system traffic data sets for intrusion detection research[C]//International Conference on Critical Infrastructure Protection. Berlin: Springer, 2014: 65-78.
21	TAVALLAEEM, BAGHERIE, LUW, et al. A detailed analysis of the KDD CUP 99 data set[C]//2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Ottawa: IEEE, 2009: 1-6.
22	KRAWCZYKB. Learning from imbalanced data: Open challenges and future directions[J]. Progress in Artificial Intelligence, 2016, 5(4): 221-232.

数据类型	数量	标签值	描述
Normal	61 156	0	正常数据
NMRI	2 763	1	简单恶意响应注入攻击
CMRI	15 466	2	复杂恶意响应注入攻击
MSCI	782	3	恶意状态命令注入攻击
MPCI	7 637	4	恶意参数命令注入攻击
MFCI	573	5	恶意功能命令注入攻击
Dos	1 837	6	拒绝服务攻击
RECO	6 805	7	侦查攻击

数据类型	数量	标签值	描述
Normal	61 156	0	正常数据
NMRI	2 763	1	简单恶意响应注入攻击
CMRI	15 466	2	复杂恶意响应注入攻击
MSCI	782	3	恶意状态命令注入攻击
MPCI	7 637	4	恶意参数命令注入攻击
MFCI	573	5	恶意功能命令注入攻击
Dos	1 837	6	拒绝服务攻击
RECO	6 805	7	侦查攻击

数据种类	数据来源
数据种类	训练集	测试集
合计	38 808	9 702
Normal	24 513	6 107
NMRI	1 107	268
CMRI	6 036	1 622
MSCI	346	71
MPCI	3 099	746
MFCI	222	56
Dos	776	169
RECO	2 709	663

数据种类	数据来源
数据种类	训练集	测试集
合计	38 808	9 702
Normal	24 513	6 107
NMRI	1 107	268
CMRI	6 036	1 622
MSCI	346	71
MPCI	3 099	746
MFCI	222	56
Dos	776	169
RECO	2 709	663

类别	参数
操作系统	Centos 7
处理器	Intel Core i7-8550U
内存	2×4 GB DDR4 2133 MHz
Keras	2.2.4
Tensorflow	1.14
Python	3.6.10