###

计算机系统应用英文版:2020,29(12):234-238

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

基于图神经网络的工控网络异常检测算法

刘杰^1,2, 李喜旺²

(1.中国科学院大学, 北京 100049;2.中国科学院沈阳计算技术研究所, 沈阳 110168)

Anomaly Detection Algorithm in Industrial Control Network Based on Graph Neural Network

LIU Jie^1,2, LI Xi-Wang²

(1.University of Chinese Academy of Sciences, Beijing 10004, China;2.Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 927次下载 2641次
Received:April 21, 2020 Revised:June 03, 2020

中文摘要: 网络异常检测技术成为入侵检测领域的重点研究内容, 但由于目前网络异常检测大多都停留在单点网络异常检测, 对不断更新的联合异常攻击和恶意软件无法做出快速及时的相应. 本文提出了一种基于图神经网络的工控网络异常检测算法, 融合网络节点自身属性以及网络拓扑结构中邻域节点的信息实现对网络异常的检测. 首先, 每个网络节点获取蕴含了连接节点的特征信息以及节点之间交互信息的状态向量; 其次, 每个节点使用不动点理论对网络进行迭代更新; 最后, 根据节点自身信息以及邻域节点信息通过神经网络提取更高层次的特征作为该节点的表示, 最后用聚类进行工控网络节点异常行为检测. 实验结果表明, 本文提出算法在具有较高检测率的同时, 也具有较高的鲁棒性.

中文关键词: 图神经网络异常检测入侵检测信息融合聚类

Abstract:Network anomaly detection technology has become the focus of research in the field of intrusion detection. However, because most of the current network anomaly detection remains at a single point of network anomaly detection, it cannot respond quickly and timely to joint anomaly attacks and malware that are constantly updated. In this study, a industrial control network anomaly detection algorithm based on graph neural network is proposed, which combines the network node’s own attributes and the information of neighbor nodes in the network topology to realize the network anomaly detection. First, each network node obtains a state vector that contains the feature information of the connected nodes and the interaction information between the nodes. Second, each node uses the fixed point theory to iteratively update the network. Thirdly, according to the node’s own information and neighbor node’s information, extract higher-level features through the neural network as the representation of the node. Finally, clustering is used to detect the abnormal behavior of industrial control network nodes. Experimental results show that the algorithm proposed in this study has high detection rate and high robustness.

keywords: graph neural network anomaly detection intrusion detection information fusion clustering

文章编号： 中图分类号： 文献标志码：

基金项目:辽宁省“兴辽英才计划”(XLYC1908019)

Author Name	Affiliation	E-mail
LIU Jie	University of Chinese Academy of Sciences, Beijing 10004, China Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China	2276426207@qq.com
LI Xi-Wang	Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China

Author Name	Affiliation	E-mail
LIU Jie	University of Chinese Academy of Sciences, Beijing 10004, China Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China	2276426207@qq.com
LI Xi-Wang	Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China

引用文本：
刘杰,李喜旺.基于图神经网络的工控网络异常检测算法.计算机系统应用,2020,29(12):234-238
LIU Jie,LI Xi-Wang.Anomaly Detection Algorithm in Industrial Control Network Based on Graph Neural Network.COMPUTER SYSTEMS APPLICATIONS,2020,29(12):234-238