用於工控系統非均衡網路流量資料之降噪自動編碼器極限梯度提升異常的偵測與分類;Anomaly Detection and Classification Based on Denoising Autoencoder and XGBoost for Imbalanced Network Traffic Data in Industrial Control Systems

NCU Institutional Repository > 資訊電機學院 > 資訊工程研究所 > 博碩士論文 > Item 987654321/86480

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/86480

题名:	用於工控系統非均衡網路流量資料之降噪自動編碼器極限梯度提升異常的偵測與分類;Anomaly Detection and Classification Based on Denoising Autoencoder and XGBoost for Imbalanced Network Traffic Data in Industrial Control Systems
作者:	陳沿廷;Chen, Yan-Ting
贡献者:	資訊工程學系
关键词:	異常分類;異常偵測;自動編碼器;資料不平衡;F1-分數;工業控制系統;精確度;召回率;極限梯度提升;Anomaly Classification;Anomaly Detection;Autoencoder;Data Imbalance;F1-score;Industrial Control System;Precision;Recall;XGBoost
日期:	2021-07-16
上传时间:	2021-12-07 12:53:21 (UTC+8)
出版者:	國立中央大學
摘要:	工控系統(Industrial Control System, ICS)整合資訊技術(Information Technology, IT)與運營技術(Operational Technology, OT)，是近年工業領域熱門的研究主題。 ICS 廣泛應用於控制與管理透過網路聯結的重要機器設備，若 ICS 遭受來源不明的網路攻擊，可能導致設備運作異常，因而造成巨大經濟損失甚至於影響人員的安危。因此，針對ICS 網路安全的研究是關鍵且必要的。本篇論文提出一個關於ICS 網路安全的異常偵測與分類方法，用以偵測使用工業傳輸協定 Modbus 與 S7 Comm (S7 Communication) 的網路流量資料 (network traffic data)是否異常，並對異常資料進行分類。本論文提出的方法包含三項主要步驟，以最大化異常偵測與分類效果。首先，使用降噪自動編碼器 (Denoising Autoencoder, DAE) 去除資料中潛在的雜訊。其次，面對含有異常行為的不平衡(imbalanced)資料，採用SMOTE (Synthetic Minority Oversampling Technique) 與 Tomek link (T-Link) 結合的資料過採樣(oversampling)與欠採樣(undersampling)方法，用以增加特定樣本的特徵代表性。最後使用極限梯度提升(eXtreme Gradient Boosting, XGBoost)建立異常偵測與分類模型。本篇論文採用真實鐵路工業ICS的Electra資料集，用以評估所提方法的效能並和其他相關方法進行比較。實驗結果顯示，本篇論文提出的異常偵測與分類的方法，相較於其他異常偵測方法有較佳的精確度 (precision)、召回率 (recall) 與 F1-score 。 ;The industrial control system (ICS), which integrates information technology (IT) and operational technology (OT), is a hot research topic in the industrial field in recent years. ICS is widely used to control and manage important machines and devices connected through networks. If the ICS suffers from network attacks, machines and devices may work abnormally, causing huge economic losses and even affecting the safety of personnel. Therefore, research on ICS network security is critical and necessary. This thesis proposes an anomaly detection and classification method for ICS network security to detect and classify abnormalities in network traffic data of industrial field protocols like Modbus and S7 Communication (S7 Comm). The proposed method contains three major steps, as shown below. First, it uses the denoising autoencoder (DAE) to remove potential noise in data. Second, in face of imbalanced data of abnormalities, the synthetic minority oversampling technique (SMOTE) and the Tomek link (T-Link) mechanism are used to oversample and undersample data to increase representative characteristics of particular samples. Finally, extreme gradient boosting (XGBoost) is used to build anomaly detection and classification models. The real-life railway industry ICS dataset Electra is used to evaluate the effectiveness of the proposed method. The evaluation results are compared with those of other related methods. The proposed method is shown to have better precision, recall and F1-score than others in terms of both anomaly detection and anomaly classification.
显示于类别:	[資訊工程研究所] 博碩士論文

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	55	检视/开启

在NCUIR中所有的数据项都受到原著作权保护.

社群 sharing

数据加载中.....