作者：文元美, 余雪晨

作者单位：广东工业大学信息工程学院, 广东 广州 510006

关键词：用户操作异常; 数据挖掘; 模式匹配; 工业控制网

摘要：

针对工业控制网络终端控制系统软件的用户行为安全问题,提出用户操作层面行为可信评估的方法。首先从软件日志文档中提取出整数数列的历史序列,然后引入Apriori方法进行用户操作行为序列频繁模式挖掘,并基于挖掘出的模式集建立概率矩阵,最后通过提取当前用户行为序列,基于BLAST-SSAHA算法与历史序列模式集序列匹配,对用户行为可信性进行检测,为后续系统平台可信性评估提供依据。实验表明:文章提出的方法是有效可行的。

User operation anomaly detection method of software in industrial control system

WEN Yuan-mei, YU Xue-chen

School of Information Engineering, Guangdong University of Technology, Guangzhou 510006, China

Abstract: A behavior trust evaluation method was proposed to solve the problem of user behavior security of terminal control system software for industrial control network. Firstly, history sequences in the form of numerical array were extracted from the log file of software. Then, the Apriori mining algorithm was exploited to obtain the frequent sequential patterns from user action sequence, and a matrix of probabilities was established upon mined patterns. Finally, the credibility of user behavior was detected by extracting the current user behavior sequence to match with the sequence in historical sequence pattern set based on BLAST-SSAHA algorithm. These results can provide the basis for evaluating the credibility of the system. The experimental and analytical results show that the effectiveness and feasibility of the methods are validated.

Keywords: user abnormal operation; data mining; pattern matching; inclustrial control netnork

2014, 40(4): 98-101  收稿日期: 2013-12-9;收到修改稿日期: 2014-1-24

基金项目: 

作者简介: 文元美(1968-),女,湖北荆州市人,副教授,博士,主要从事智能信息处理与可信研究。

参考文献

[1] Won Y J, Choi M J, Park B, et al. An approach for failure recognition in IP-based industrial control networks and systems[J]. International Journal of Network Management,2012,22(6):477-493.
[2] Roosta T, Nilsson D, Lindqvist U, et al. An intrusion detection system for wireless process control system[C]//America,2008.
[3] Ahonen P. Constructing network security monitoring systems[Z]. Vtt Research Notes,2011.
[4] 柴洪峰,李锐,王兴建,等. 基于数据挖掘的异常交易检测方法[J]. 计算机应用与软件,2013,30(1):165-171.
[5] 彭成,杨路明,满君丰. 网络化软件交互行为动态建模[J].电子学报,2013,41(2):314-320.
[6] 陈岭,陈元中,陈根才. 基于操作序列挖掘的OLAP查询推荐方法[J]. 东南大学学报,2011,41(3):499-503.
[7] Kundu A, Panigrahi S, Sural S, et al. BLAST-SSAHA hybridization for credit card fraud detection[J]. IEEE Transactions on Dependable and Secure Computing,2009,6(4):309-315.
[8] 毛伊敏. 数据量频繁模式挖掘关键算法及其应用研究[D].长沙:中南大学,2011.
[9] Han J W, Kamber M, Pei J A. 数据挖掘:概念与技术[M].北京:机械工业出版社,2012:147-154.