基于时间序列分析的工业控制以太网流量异常检测
Anomaly Detection Scheme Using Time Series Analysis for Industrial Control Systems
-
摘要: 为提高工业网络中异常流量的检测精度,提出了基于结构时间序列分析的流量异常检测方案,将工业以太网流量分解成不同组分,并辅以状态空间模型,将复杂的网络流量进行分层建模,从而有效提高了工业网络异常流量检测精度,降低了误报率.与传统的X-12结构时间序列分析法相比,其平均精度上升38%,所以本文方法对于异常检测系统的效率改善明显.Abstract: To improve the detecting accuracy of malicious traffic in industrial control systems(ICS),an innovative approach based on structural time series model is proposed. Industrial Ethernet traffic can be decomposed into four components. Each component is established by a state space model respectively,which brings out high fitting precision. Therefore compared with X-12,the average positive rate of this method increases by 38%. In the meanwhile,this method provides a way to decrease false positive rate and time complexity.