Affiliation:
1. College of Information Engineering, Beijing Institute of Petrochemical Technology, 19 Qingyuan North Road, Daxing District, Beijing 102617, China
2. School of Mechanical Electronic & Information Engineering, China University of Mining & Technology, 11 Xueyuan Road, Haidian District, Beijing 100083, China
Abstract
The traditional industrial control security research mainly focuses on network intrusion detection or trapping system and lacks abnormal detection after intrusion, and the abnormal detection algorithm ability of the underlying operation data of industrial control is insufficient. The modern industrial control system is a side-cloud collaborative architecture that accesses the Internet, the edge side is usually an industrial computer with weak computing power, and the deep learning algorithm requires a lot of computing resources and is difficult to use directly on the edge side. In this paper, a lightweight convolutional neural network anomaly detection algorithm “SingleNet” suitable for the edge side of the industrial control system is proposed, which convolutes the data of each sensor for a period of time and calculates the feature correlation between points in the association calculation layer. Experimental results show that the accuracy rate on the oil depot dataset is increased from 73% to 99.4%, the training time is shortened from 2 hours to 3 minutes, and the model size is compressed from 101 MB to 1.6 MB. The accuracy rate is improved from 87% to 99.2% on the Mississippi dataset, the training time is shortened from 15 minutes to 3 minutes, and the model size is compressed from 10.6 MB to 1.63 MB. The accuracy rate is improved from 85% to 99.4% on the Batadal dataset, the training time is shortened from 18 minutes to 3 minutes, and the model size is compressed from 15.5 MB to 1.62 MB. Compared with several lightweight algorithms recently proposed, SqueezeNet, MobileNet, and ShuffleNet, the proposed algorithm has significantly improved the performance indicators of training speed, accuracy, model size, and iteration time on the industrial control datasets. Both the training and testing of the algorithm can be done on the CPU, making it possible to apply deep learning to the edge side of the industrial control system.
Subject
Computer Networks and Communications,Computer Science Applications
Reference40 articles.
1. NetworkQ. E.2015 industrial control network security situation report2016http://wenku.it168.com/d_001674462.shtml
2. Spread like cancer: the world's first PLC virus comes out industrial control network security becomes an important battlefield for cyberspace confrontation;P. Hua;Information Security and Communication Confidentiality,2016
3. Ransomware detection and mitigation using software-defined networking: The case of WannaCry
4. National and Local Joint Engineering Laboratory for Industrial Control System SecurityIT/OT Integrated Industrial Information Security Situation Report2018http://zt.360.cn/1101061855.php?dtid=1101062514&did=610131448.2019.03