| 摘 要: 聚焦铁路牵引供电远动SCADA系统,分析其通信规约和网络安全风险点,研究基于单类支持向量机算法的异常攻击检测技术,以达到检测网络异常攻击的目的。本方法先分析正常的通信数据,选取报文序列中的时间戳、源地址、目的地址、源端口、目的端口等字段,构成训练样本序列集合,再对报文序列的数据预处理形成子序列特征数据库,最后采用Python语言、Sklearn机器学习库建立单类支持向量机的行为模型,并通过仿真数据测试,验证其可有效检测网络入侵等异常行为。 |
| 关键词: 牵引供电远动系统;单类支持向量机;异常检测 |
|
中图分类号: TP301.6
文献标识码: A
|
|
| Research on Abnormal Attack Detection Technology of Traction Power Supply SCADA System based on Machine Learning |
|
ZHOU Zeyan1, CHENG Peng2, FANG Fusheng2, LU Tao3
|
( 1.Electronic Computing Technology Institute of China Academy of Railway Sciences Co ., Ltd., Beijing 100081, China;
2.China Electronic Technology Cyber Security Co ., Ltd., Chengdu 610041, China;
3.Beijing ZhengXin Cyber Security Technology Co ., Ltd., Beijing 100160, China )
zhouzeyan8008@sina.com; cp975@163.com; fang4985@aliyun.com; lutao7@163.com
|
| Abstract: This paper proposes to study abnormal attack detection technology based on One-class SVM (Support Vector Machine) algorithm to achieve the purpose of detecting abnormal network attacks, through focusing on railway traction power supply SCADA (Supervisory Control and Data Acquisition System) system and analyzing its communication protocol and network security risk points. Firstly, normal communication data are analyzed, and fields in the message sequence, such as timestamp, source address, destination address, source port, destination port, are selected. Thus a training sample sequence set are formed. Then, the message sequence data are preprocessed to form a sub-sequence feature database. Finally, Python language and Sklearn machine learning library are used to establish a One-class SVM behavior model. Simulation data test verifies that the proposed technology can effectively detect abnormal behaviors such as network intrusions. |
| Keywords: traction power supply system; One-class SVM; abnormal detection |
