Industrial control network (ICN) is characterized by real-time responsiveness and reliability, which plays a key role in increasing production speed, rational and efficient processing, and managing the production process. Despite tremendous advantages, ICN inevitably struggles with some challenges, such as malicious user intrusion and hacker attack. To detect malicious intrusions in ICN, intrusion detection systems have been deployed. However, in ICN, network traffic data is equipped with characteristics of large scale, irregularity, multiple features, temporal correlation and high dimensionality, which greatly affect the efficiency and performance. To properly solve the above problems, we design a new intrusion detection method for ICN. Specifically, we first design a novel neural network model called associative recurrent network (ARN), which can properly handle the relationship between past moment hidden state and current moment information. Then, we adopt ARN to design a new intrusion detection method that can efficiently and accurately detect malicious intrusions in ICN. Subsequently, we demonstrate the high efficiency of our proposed method through theoretical computational complexity analysis. Finally, we develop a prototype implementation to evaluate the accuracy. The experimental results prove that our proposed method has sate-of-the-art performance on both the ICN dataset SWaT and the conventional network traffic dataset UNSW-NB15. The accuracies on the SWaT dataset and the UNSW-NB15 dataset reach 95.48% and 97.61%, respectively.
翻译:工业控制网络(ICN)具有实时响应性和可靠性特点,在提升生产速度、合理高效处理及管理生产流程方面发挥着关键作用。尽管优势显著,ICN仍不可避免地面临恶意用户入侵和黑客攻击等挑战。为检测ICN中的恶意入侵行为,入侵检测系统已被部署应用。然而在ICN中,网络流量数据具有规模庞大、不规则、多特征、时序相关及高维度等特性,这些特性极大影响了检测效率与性能。为有效解决上述问题,我们设计了一种新型ICN入侵检测方法。具体而言,我们首先设计了一种称为关联循环网络(ARN)的新型神经网络模型,该模型能妥善处理历史隐藏状态与当前时刻信息间的关联关系。随后,我们采用ARN设计出能够高效精准检测ICN恶意入侵的新型检测方法。继而通过理论计算复杂度分析论证了所提方法的高效性。最后,我们开发了原型系统进行精度评估。实验结果表明,所提方法在ICN数据集SWaT和传统网络流量数据集UNSW-NB15上均展现出最先进的性能,在SWaT数据集和UNSW-NB15数据集上的准确率分别达到95.48%和97.61%。