Industrial communication intrusion detection algorithm based on improved one-class SVM

Anomaly detection based on communication behavior is one of difficult problems of industrial control systems for intrusion detection. A normal communication behavior control model is established by using improved one-class SVM and a PSO-OCSVM algorithm based on particle swarm algorithm is designed to optimize parameters in this paper. This method established an intrusion detection model to identify abnormal Modbus TCP traffic according to the normal Modbus function code sequence. And the efficiency, reliability and real-time of the proposed method met the industrial control system for anomaly detection are proved by simulation results.

[1]  Huang Shao-rong,et al.  Survey of particle swarm optimization algorithm , 2009 .

[2]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[3]  Stephen M. Papa,et al.  A behavioral intrusion detection system for SCADA systems , 2013 .

[4]  Ni Qing,et al.  Survey of Particle Swarm Optimization Algorithm , 2007 .

[5]  Li Wei,et al.  Background Modeling Approach Based on Self-adaptive Learning Rate , 2011 .

[6]  Yang Xiao-jun SCADA intrusion detection system based on self-learning Semi-Supervised One-Class Support Vector Machine , 2013 .

[7]  Chen Yu A Real-time Intrusion Detection System Based on One-class SVM , 2006 .

[8]  Venkatesh Saligrama,et al.  A new one-class SVM for anomaly detection , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[9]  S. L. P. Yasakethu,et al.  Intrusion Detection via Machine Learning for SCADA System Protection , 2013, ICS-CSR.

[10]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[11]  Chen Fei Review of One-class Classification Method Based on Support Vector , 2011 .

[12]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[13]  G. Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[14]  Jianmin Jiang,et al.  One class support vector machine for anomaly detection in the communication network performance data , 2007 .

[15]  Wu Ning,et al.  Multi-scale and fast region merge method for image segmentation , 2012 .