基于特征组合优化的工业互联网恶意行为实时检测方法

胡向东; 张琴

doi:10.12263/DZXB.20221394

您当前的位置：

首页 >

文章列表页 >

基于特征组合优化的工业互联网恶意行为实时检测方法

学术论文 | 更新时间：2025-12-08

- 基于特征组合优化的工业互联网恶意行为实时检测方法
- Real-Time Detection Method of Malicious Behaviors in Industrial Internet Based on Feature Combination Optimization
- 电子学报 2024年52卷第9期页码：3075-3085
- 作者机构：
  
  1.重庆邮电大学现代邮政学院，重庆 400065
  2.重庆邮电大学自动化学院/工业互联网学院，重庆 400065
- 作者简介：
  
  [ "胡向东男，1971年生，四川广安人，博士，重庆邮电大学教授，博士生导师. 主要研究方向为智能感知、网络化测量及工业互联网安全等. E-mail: huxd@cqupt.edu.com" ]
  [ "张琴女，1997年生，重庆开州人，硕士研究生，主要研究方向为工业互联网安全. E-mail: 1181937109@qq.com" ]
- 基金信息：
  
  重庆市级人才计划项目(cstc204ycjh-bgzxm0088)
- DOI：10.12263/DZXB.20221394
  中图分类号： TN918.91;TP391.9
- 收稿：2022-12-15，
  
  修回：2023-05-04，
  
  纸质出版：2024-09-25
- 稿件说明：
移动端阅览
胡向东, 张琴. 基于特征组合优化的工业互联网恶意行为实时检测方法[J]. 电子学报, 2024, 52(09): 3075-3085.

HU Xiang-dong, ZHANG Qin. Real-Time Detection Method of Malicious Behaviors in Industrial Internet Based on Feature Combination Optimization[J]. Acta Electronica Sinica, 2024, 52(09): 3075-3085.
胡向东, 张琴. 基于特征组合优化的工业互联网恶意行为实时检测方法[J]. 电子学报, 2024, 52(09): 3075-3085. DOI：10.12263/DZXB.20221394

HU Xiang-dong, ZHANG Qin. Real-Time Detection Method of Malicious Behaviors in Industrial Internet Based on Feature Combination Optimization[J]. Acta Electronica Sinica, 2024, 52(09): 3075-3085. DOI：10.12263/DZXB.20221394

摘要

工业互联网中节点数据具有高维、冗余和海量等特性，传统的恶意行为检测模型无法对工业互联网恶意攻击行为做出快速且准确的判断，提出基于特征组合优化的工业互联网恶意行为实时检测方法.采用改进的相关性快速过滤算法和基于奇异值分解的主成分分析算法对工业互联网恶意行为样本数据进行特征组合优化，基于对称不确定性信息度量指标和近似马尔科夫毯准则进行特征相关性计算、冗余特征识别与

排除，通过参数特征维度的不同配置得到若干候选特征组合；利用决策树评估器筛选出准确率最高的候选特征组合；通过奇异值分解的主成分分析进一步进行特征降维，得到低维高信息量的最优特征组合；结合极端梯度提升算法和优化的特征组合对工业互联网恶意行为样本进行分类，基于密西西比州立大学多分类电力系统攻击样本数据对本文方法进行了验证；实验结果表明，特征组合优化检测模型训练时间可缩减57.53%，单个样本的平均检测时间为0.002 ms，可减少23.99%，基于特征组合优化的检测模型的准确率、召回率和

1值较特征优化前分别提升了1.11%、1.25%和1.01%.本文方法的突出优势表现为在提升模型检测效果的同时可明显降低模型检测时间，能更好适应工业互联网的实时性要求.

Abstract

The data of nodes in industrial Internet have characteristics of high dimensionality

redundancy and mass and traditional malicious behaviors detection model cannot make a fast and accurate judgment on the malicious behaviors of industrial Internet. A real-time detection method of malicious behaviors in industrial Internet based on feature combination optimization is proposed. The feature combination of industrial Internet malicious behaviors sample data are optimized by improved fast correlation filtering algorithm and principal component analysis algorithm based on singular value decomposition. Based on symmetric uncertainty information measurement index and approximate Markov blanket criterion

feature correlation calculation

redundant feature identification and exclusion are performed. Several candidate feature combinations are obtained from different configurations of feature dimensions; Use decision tree evaluator to select the feature combination with the highest accuracy; To acquire the optimal feature combination of lower dimension and higher valuable information

the principal component analysis of singular value decomposition is used for further reduce dimension of feature; To classify malicious behaviors samples in industrial Internet through combing extreme gradient boosting algorithm and the optimized feature combination. The proposed method is verified based on Mississippi State University's multi-class power system attack sample data; The experiment demonstrate that training time of the feature combination optimization detection model can be reduced by 57.53%

and the average detectio

n time of a single sample is 0.002 ms

which can be reduced by 23.99%. The accuracy

recall and

1 value of the detection model based on feature combination optimization are improved by 1.11%

1.25% and 1.01%

respectively compared with those before feature optimization. The outstanding advantage of method in this paper is that it can significantly reduce model detection time while improving model detection effect

and can better adapt to the real-time requirements of industrial Internet.

关键词

Keywords

references

ALLADI T , CHAMOLA V , ZEADALLY S . Industrial control systems: Cyberattack trends and countermeasures [J ] . Computer Communications , 2020 , 155 : 1 - 8 .

胡向东 , 李之涵 . 基于胶囊网络的工业互联网入侵检测方法 [J ] . 电子学报 , 2022 , 50 ( 6 ): 1457 - 1465 .

HU X D , LI Z H . Intrusion detection method based on capsule network for industrial Internet [J ] . Acta Electronica Sinica , 2022 , 50 ( 6 ): 1457 - 1465 . (in Chinese)

崔鸿雁 , 徐帅 , 张利锋 , 等 . 机器学习中的特征选择方法研究及展望 [J ] . 北京邮电大学学报 , 2018 , 41 ( 1 ): 1 - 12 .

CUI H Y , XU S , ZHANG L F , et al . The key techniques and future vision of feature selection in machine learning [J ] . Journal of Beijing University of Posts and Telecommunications , 2018 , 41 ( 1 ): 1 - 12 . (in Chinese)

王进 , 孙万彤 . 基于相关性分析的多标签特征选择方法 [J ] . 重庆邮电大学学报(自然科学版) , 2021 , 33 ( 6 ): 1024 - 1037 .

WANG J , SUN W T . Multi-label feature selection method based on correlation analysis [J ] . Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition) , 2021 , 33 ( 6 ): 1024 - 1037 . (in Chinese)

GAO W F , HU L , ZHANG P , et al . Feature selection by integra-ting two groups of feature evaluation criteria [J ] . Expert Systems with Application , 2018 , 110 : 11 - 19 .

DONG R H , WU D F , ZHANG Q Y , et al . Mutual information-based intrusion detection model for industrial internet [J ] . International Journal of Network Security , 2018 , 20 ( 1 ): 131 - 140 .

PRIYANGA S , KRITHIVASAN K , PRAVINRAJ S , et al . Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraph-based convolution neural network (EPCA-HG-CNN) [J ] . IEEE Transactions on Industry Applications , 2020 , 56 ( 4 ): 4394 - 4404 .

任家东 , 张亚飞 , 张炳 , 等 . 基于特征选择的工业互联网入侵检测分类方法 [J ] . 计算机研究与发展 , 2022 , 59 ( 5 ): 1148 - 1159 .

REN J D , ZHANG Y F , ZHANG B , et al . Classification method of industrial Internet intrusion detection based on feature selection [J ] . Journal of Computer Research and Development , 2022 , 59 ( 5 ): 1148 - 1159 . (in Chinese)

SÜZEN A ALI . Developing a multi-level intrusion detection system using hybrid-DBN [J ] . Journal of Ambient Intelligence and Humanized Computing , 2021 , 12 ( 2 ): 1913 - 1923 .

尚文利 , 石贺 , 赵剑明 , 等 . 基于SAE-LSTM的工艺数据异常检测方法 [J ] . 电子学报 , 2021 , 49 ( 8 ): 1561 - 1568 .

SHANG W L , SHI H , ZHAO J M , et al . An anomaly detection method of process data based on SAE-LSTM [J ] . Acta Electronica Sinica , 2021 , 49 ( 8 ): 1561 - 1568 . (in Chinese)

ZHAO J M , ZENG P , CHEN C Y , et al . Deep learning anomaly detection based on hierarchical status-connection features in networked control systems [J ] . Intelligent Automation & Soft Computing , 2021 , 29 ( 3 ): 337 - 350 .

刘文军 , 郭志民 , 吴春明 , 等 . 基于深度学习的配电网无线通信入侵检测系统 [J ] . 电子学报 , 2020 , 48 ( 8 ): 1538 - 1544 .

LIU W J , GUO Z M , WU C M , et al . A deep learning based intrusion detection system for electric distribution grids [J ] . Acta Electronica Sinca , 2020 , 48 ( 8 ): 1538 - 1544 . (in Chinese)

SENLIOL B , GULGEZEN G , YU L , et al . Fast correlation based filter (FCBF) with a different search strategy [C ] // 2008 23rd International Symposium on Computer and Information Sciences . Piscataway : IEEE , 2008 : 1 - 4 .

唐宏 , 刘丹 , 姚立霜 , 等 . 面向类不平衡网络流量的特征选择算法 [J ] . 电子与信息学报 , 2021 , 43 ( 4 ): 923 - 930 .

TANG H , LIU D , YAO L S , et al . Feature selection algorithm for class imbalanced Internet traffic [J ] . Journal of Electronics & Information Technology , 2021 , 43 ( 4 ): 923 - 930 . (in Chinese)

LIU H , DONG H B , GE J , et al . High-precision sensor tuning of proton precession magnetometer by combining principal component analysis and singular value decomposition [J ] . IEEE Sensors Journal , 2019 , 19 ( 21 ): 9688 - 9696 .

CHEN T Q , GUESTRIN C . XGBoost: A scalable tree boosting system [C ] // Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining . New York : ACM , 2016 : 785 - 794 .

Mississippi State University Critical Infrastructure Protec-tion Center . Industrial control system cyber attack data set [EB/OL ] . ( 2014-04-15 ) [ 2022-05-26 ] . https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets .

李占山 , 刘兆赓 . 基于XGBoost的特征选择算法 [J ] . 通信学报 , 2019 , 40 ( 10 ): 101 - 108 .

LI Z S , LIU Z G . Feature selection algorithm based on XGBoost [J ] . Journal on Communications , 2019 , 40 ( 10 ): 101 - 108 . (in Chinese)

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于云边协作的工业互联网排产方法：以钢铁热轧生产为例

基于改进随机森林的工业互联网安全态势评估方法

基于优化支持向量回归的工业互联网安全态势预测方法

基于胶囊网络的工业互联网入侵检测方法