Intrusion detection for industrial control systems based on an improved SVM method

doi:10.16511/j.cnki.qhdxxb.2018.25.019

Download: PDF(1251 KB)
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks

Abstract Industrial control system intrusion detection models based on the support vector machine (SVM) optimized by Kalman particle swarm optimization (KPSO) can become trapped in a local minimum. This paper presents a multi-innovation theory based KPSO that not only considers the current time observation information, but also uses previously useful information for predicting the particle states. Therefore, the algorithm provides sufficient momentum for updating the particle position so that the algorithm can jump out of a local minimum for better optimization accuracy. The algorithm was used to optimize the parameters for an SVM based intrusion detection model with the simulation results evaluated using the industrial intrusion detection standard dataset. The results show that the detection rate, false negative rate and false positive rate are significantly better with the SVM intrusion detection model optimized by this algorithm than with the KPSO, PSO and genetic algorithms.

Keywords industry control system intrusion detection multi-innovation Kalman particle swarm optimization (MIKPSO) support vector machine (SVM)

ZTFLH:

TP309

Issue Date: 15 April 2018

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	CHEN Dongqing
	ZHANG Puhan
	WANG Huazhong

Cite this article:

CHEN Dongqing,ZHANG Puhan,WANG Huazhong. Intrusion detection for industrial control systems based on an improved SVM method[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(4): 380-386.

URL:

http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.25.019 OR http://jst.tsinghuajournals.com/EN/Y2018/V58/I4/380

[1] SIWAR K, LUDOVIC P C, MARC B, et al. A survey of approaches combining safety and security for industrial control systems[J]. Reliability Engineering and System Safety, 2015, 139:156-178.
[2] GAO W, MORRIS T, REAVES B, et al. On SCADA control system command and response injection and intrusion detection[C]//eCrime Researchers Summit (eCrime), 2010. Dallas, TX, USA:IEEE, 2010:1-9.
[3] JIANG J, LASITY Y. Anomaly detection via one class SVM for protection of SCADA systems[C]//International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery. Beijing, China:IEEE, 2013:82-88.
[4] NADER P, HONEINE P, BEAUSEROY P. One-class classification for intrusion detection in SCADA systems[J]. IEEE Transactions on Industrial Informatics, 2014, 10(4):2308-2317.
[5] BEAVER J M, BORGES-HINK R C, Buckner M A. An evaluation of machine learning methods to detect malicious SCADA communications[C]//International Conference on Machine Learning and Applications. Miami, FL, USA:IEEE, 2013:54-59.
[6] ONDREJ L, TODD V, MILOS M. Neural network based intrusion detection system for critical infrastructures[C]//Proceedings of the International Joint Conference on Neural Networks. Atlanta, GA, USA:IEEE, 2009:14-19.
[7] 张腾飞, 范启富, 刘伟. 基于支持向量机的SCADA系统入侵检测[J]. 化工自动化及仪表, 2015(2):153-156. ZHANG T F, FAN Q F, LIU W. A support vector machine-based intrusion detection method for SCADA system[J]. Control and Instruments in Chemical Industry, 2015(2):153-156. (in Chinese)
[8] HUANG C, WANG C. A GA-based feature selection and parameters optimization for support vector machines[J]. Expert Systems with Applications, 2006, 31(2):231-240.
[9] 王华忠, 杨智慧, 颜秉勇, 等. 融合PCA和PSO-SVM方法在工控入侵检测中的应用[J]. 科技通报, 2017, 33(1):80-85. WANG H Z, YANG Z H, YAN B Y, et al. Application of fusion PCA and PSO-SVM method in industrial control intrusion detection[J]. Bulletin of Science and Technology, 2017, 33(1):80-85. (in Chinese)
[10] MONSON C K, SEPPI K D. The Kalman swarm:A new approach to particle motion in swarm optimization[C]//Lecture Notes in Computer Science. Berlin Heidelberg, Germany:Springer-Verlag, 2004:140-150.
[11] SATAPATHY S C, CHITTINENI S, KRISHNA S M, et al. Kalman particle swarm optimized polynomials for data classification[J]. Applied Mathematical Modelling, 2012, 36(1):115-126.
[12] 戴邵武, 王克红, 钱俭学. 基于AKPSO算法的加速度计快速标定方法[J]. 传感器与微系统, 2015, 34(2):69-72. DAI S W, WANG K H, QIAN J X. Rapid calibration method for accelerometer based on AKPSO algorithm[J]. Transducer and Microsystem Technologies, 2015, 34(2):69-72. (in Chinese)
[13] 丁锋, 谢新民. 时变系统辨识的多新息方法[J]. 自动化学报, 1996, 22(1):85-91. DING F, XIE X M. Multi-innovation identification method for time-varying systems[J]. Acta Automatica Sinica, 1996, 22(1):85-91. (in Chinese)
[14] 潘峰, 周倩, 李位星, 等. 标准粒子群优化算法的马尔科夫链分析[J]. 自动化学报, 2013, 39(4):381-389. PAN F, ZHOU Q, LI W X, et al. Analysis of standard particle swarm optimization algorithm based on Markov chain[J]. Acta Automatica Sinica, 2013, 39(4):381-389. (in Chinese)
[15] HSU J, MUDD D, THORNTON Z. Mississippi State University Project Report-SCADA Anomaly Detection[R]. http://www.ece.uah.edu/~thm0009/icsdatasets/MSU_SCADA_Final_Report.pdf.