Dataflow Feature Analysis for Industrial Networks Communication Security

The autonomous security situation awareness on industrial networks communication has been a critical subject for industrial networks security analysis. In this paper, a CNN-based feature mining method for networks communication dataflow was proposed to intrusion detect industrial networks to extract security situation awareness. Specifically, a normalization technique uniforming different sorts of networks dataflow features was designed for dataflow features fusion in the proposed feature mining method. The proposed methods were used to detect the security situation of traditional IT networks and industrial control networks. Experiment results showed that the proposed feature analysis method had good transferability in the two network data, and the accuracy rate of network anomaly detection was ideal and had higher stability. 实现自主深度分析工业网络通信安全态势是工业互联网安全研究的重要课题。为了实现工业互联网安全态势分析，基于网络通信数据流特征的深度分析，进行通信数据特征挖掘和网络入侵检测。根据网络流特征的不同，提出从传统通信网络到工业网络的数据流特征知识迁移思想，利用卷积神经网络归一化处理网络流特征，实现网络安全异常检测。实验表明，提出的特征分析技术在2种网络数据中具有良好的迁移性，工业网络异常检测的正确率在93%以上，并且稳定性在0.29%的方差以内。