Abstract:Aiming at the problems of the high dimension of features, high complexity of feature processing, and low efficiency of model detection of traditional industrial control network traffic data in complex network environments, this study uses an abnormal network flow identification and detection method based on random forest (RF) and long short-term memory (LSTM) network. Firstly, the random forest algorithm is used to calculate the importance score of flow characteristics, screen out important features, and eliminate redundant features. Then, LSTM is adopted to identify and detect abnormal flows. In order to evaluate the effectiveness and superiority of the model, the accuracy, precision, recall, and F1-score are used in this study to evaluate the model, and the model is compared with traditional machine learning methods including Naive Bayes, QDA, and KNN algorithms. The experimental results show that the overall accuracy of abnormal flow identification reaches 99% on the CIC-IDS-2017 public data set. In addition, compared with traditional machine learning algorithms, the proposed method has effectively improved the accuracy and efficiency of anomaly detection in complex network environments, and it has practical application value in industrial control network security and anomaly detection.