曹策等：变频矢量控制系统入侵检测技术 ·1083· 表6混沌粒子群优化后的LSSVM参数与常规LSSVM参数下入侵 有很好的表现，符合高速实时工业以太网数据传输 检测实时性与准确性比较 要求.同时，随着工业控制系统的日渐复杂，参数的 Table 6 Comparison of the real-time performance and accuracy of intru- sion detection between chaotic particle swarm optimization ISSVM param- 耦合关系、变化规律更灵活，未来可以以数据挖掘、 eters and conventional ISSVM parameters 神经网络等更高级的分类算法作为入侵检测技术的 支撑，使入侵检测更有效 LSSVM参数 检测时间/ms 检测准确率/% C=10,w=0.125 20 96.28 参考文献 C=50.w=0.625 27 91.12 [1]Haller P,Genge B.Using sensitivity analysis and cross-association C=100,0=1.250 23 90.45 for the design of intrusion detection systems in industrial cyber- C=500,g=1.955 17 89.98 physical systems.IEEE Access,2017,5:9336 C=1000,c=10.000 25 95.10 [2]Gao Y W,Zhou R K,Lai Y X,et al.Research on industrial con- 优化后的参数 21 98.96 trol system intrusion detection method based on simulation model. ling.JCommun,2017,38(7):186 100 (高一为，周容康，赖英旭，等.基于仿真建模的工业控制网 ◆C=10.0=0.125 多 络入侵检测方法研究.通信学报，2017,38(7)：186) 。C=50.0=0.625 98 wC=100.0=1.250 [3]Colbert E,Sullivan D,Hutchinson A,et al.A process-oriented ▲C=500.0=1.955 intrusion detection method for industrial control systems //11th In- ★C-1000.0=10 96 ■CPSO优化 ternational Conference on Cyber Warfare and Security.Boston, 2016:497 93 [4] Shao C,Zhong L G.An information security solution scheme of industrial control system based on trusted computing.Inf Control, 91/ 2015,44(5):628 90 (邵诚，钟梁高.一种基于可信计算的工业控制系统信息安全 16 18 20 22242628 解决方案.信息与控制，2015,44(5)：628) 检测时间ms [5]Sun Y A,Jing K,Wang Y Z.A network security protection re- 图12不同LSSVM参数值下入侵检测准确性与实时性比较 search for industrial control system./Inf Securyity Res,2017.3 Fig.12 Comparison of the intrusion detection accuracy and real-time (2):171 performance under different LSSVM parameter values (孙易安，井柯，汪义舟.工业控制系统安全网络防护研究 信息安全研究，2017,3(2)：171) 交-直-交变频矢量控制装置中的变频器控制指令 [6] Genge B,Haller P,Kiss I.Cyber-security-aware network design 与电机设备参数为检测对象，在协议分析与电机模 of industrial control systems.IEEE Syst J,2017,11(3):1373 型参数两个层面对感应电机变频矢量控制系统的入 [7]Knowles W.Prince D.Hutchison D,et al.A survey of eyber se- curity management in industrial control systems.Int Crit In- 侵检测技术进行了研究： frastruct Prot,2015,9:52 (1)对EtherCAT工业总线中的变频装置控制 [8]Chen X,Li D,Wan J F,et al.A clock synchronization method 指令与感应电机实时参数提取并解析数据，实现设 for EtherCAT master.Microprocessors Microsyst,2016,46:211 备级数据的实时获取并通过三维链表下的入侵检测 [9]Al-khatib A A,Hassan R.Impact of IPSee protocol on the per- formance of network real-time applications:a review.Int Net- 有效防止外部主机的扫描访问与注入攻击 cork Security,2017,19(11):800 (2)通过对感应电机转子磁场定向控制策略的 [10]Panten N,Hoffmann N,Fuchs F W.Finite control set model 物理模型构建，对坐标变换后解耦的定子电流励磁 predictive current control for grid-connected voltage-source con- 分量与转矩分量进行仿真计算并生成模型入侵检测 verters with LCL filters:A study based on different state feed- 子系统的规则库，以混沌粒子群优化算法选择网络 backs.IEEE Trans Power Electron,2016,31(7):5189 [11]Villarroel F,Espinoza J R,Rojas C A,et al.Multiobjective 状态特征和最小二乘支持向量机分类器参数的网络 switching state selector for finite-states model predictive control 入侵检测模型一CPSO-LSSVM作为人侵检测的 based on fuzzy decision making in a matrix converter.IEEE Trans 构架根据数据入侵特征进行分类，将LSSVM分类后 Ind Electron,2013,60(2):589 的电机变频矢量控制指令与电机参数利用Suricata [12] Song Z W,Zhou R K.Lai YX,et al.Anomaly detection method of 入侵检测引孳调用对应该分类的规则库进行矢量控 ICS based on behavior model.Comput Sci,2018,45(1):233 (宋站威，周容康，赖英旭，等.基于行为模型的工控异常检 制装置的参数监控与异常告警 测方法研究.计算机科学，2018,45(1)：233) 本文提出的入侵检测技术，在实时性、准确性上 [13]Ambusaidi M A.He X J.Nanda P,et al.Building an intrusion曹 策等: 变频矢量控制系统入侵检测技术 表 6 混沌粒子群优化后的 LSSVM 参数与常规 LSSVM 参数下入侵 检测实时性与准确性比较 Table 6 Comparison of the real鄄time performance and accuracy of intru鄄 sion detection between chaotic particle swarm optimization LSSVM param鄄 eters and conventional LSSVM parameters LSSVM 参数 检测时间/ ms 检测准确率/ % C = 10,滓 = 0郾 125 20 96郾 28 C = 50,滓 = 0郾 625 27 91郾 12 C = 100,滓 = 1郾 250 23 90郾 45 C = 500,滓 = 1郾 955 17 89郾 98 C = 1000,滓 = 10郾 000 25 95郾 10 优化后的参数 21 98郾 96 图 12 不同 LSSVM 参数值下入侵检测准确性与实时性比较 Fig. 12 Comparison of the intrusion detection accuracy and real鄄time performance under different LSSVM parameter values 交鄄鄄 直鄄鄄 交变频矢量控制装置中的变频器控制指令 与电机设备参数为检测对象,在协议分析与电机模 型参数两个层面对感应电机变频矢量控制系统的入 侵检测技术进行了研究: (1) 对 EtherCAT 工业总线中的变频装置控制 指令与感应电机实时参数提取并解析数据,实现设 备级数据的实时获取并通过三维链表下的入侵检测 有效防止外部主机的扫描访问与注入攻击. (2)通过对感应电机转子磁场定向控制策略的 物理模型构建,对坐标变换后解耦的定子电流励磁 分量与转矩分量进行仿真计算并生成模型入侵检测 子系统的规则库,以混沌粒子群优化算法选择网络 状态特征和最小二乘支持向量机分类器参数的网络 入侵检测模型———CPSO鄄鄄 LSSVM 作为入侵检测的 构架根据数据入侵特征进行分类,将 LSSVM 分类后 的电机变频矢量控制指令与电机参数利用 Suricata 入侵检测引擎调用对应该分类的规则库进行矢量控 制装置的参数监控与异常告警. 本文提出的入侵检测技术,在实时性、准确性上 有很好的表现,符合高速实时工业以太网数据传输 要求. 同时,随着工业控制系统的日渐复杂,参数的 耦合关系、变化规律更灵活,未来可以以数据挖掘、 神经网络等更高级的分类算法作为入侵检测技术的 支撑,使入侵检测更有效. 参 考 文 献 [1] Haller P, Genge B. Using sensitivity analysis and cross鄄association for the design of intrusion detection systems in industrial cyber鄄 physical systems. IEEE Access, 2017, 5: 9336 [2] Gao Y W, Zhou R K, Lai Y X, et al. Research on industrial con鄄 trol system intrusion detection method based on simulation model鄄 ling. J Commun, 2017, 38(7): 186 (高一为, 周睿康, 赖英旭, 等. 基于仿真建模的工业控制网 络入侵检测方法研究. 通信学报, 2017, 38(7): 186) [3] Colbert E, Sullivan D, Hutchinson A, et al. A process鄄oriented intrusion detection method for industrial control systems / / 11th In鄄 ternational Conference on Cyber Warfare and Security. Boston, 2016: 497 [4] Shao C, Zhong L G. An information security solution scheme of industrial control system based on trusted computing. Inf Control, 2015, 44(5): 628 (邵诚, 钟梁高. 一种基于可信计算的工业控制系统信息安全 解决方案. 信息与控制, 2015, 44(5): 628) [5] Sun Y A, Jing K, Wang Y Z. A network security protection re鄄 search for industrial control system. J Inf Securyity Res, 2017, 3 (2): 171 (孙易安, 井柯, 汪义舟. 工业控制系统安全网络防护研究. 信息安全研究, 2017, 3(2): 171) [6] Genge B, Haller P, Kiss I. Cyber鄄security鄄aware network design of industrial control systems. IEEE Syst J, 2017, 11(3): 1373 [7] Knowles W, Prince D, Hutchison D, et al. A survey of cyber se鄄 curity management in industrial control systems. Int J Crit In鄄 frastruct Prot, 2015, 9: 52 [8] Chen X, Li D, Wan J F, et al. A clock synchronization method for EtherCAT master. Microprocessors Microsyst, 2016, 46: 211 [9] Al鄄khatib A A, Hassan R. Impact of IPSec protocol on the per鄄 formance of network real鄄time applications: a review. Int J Net鄄 work Security, 2017, 19(11): 800 [10] Panten N, Hoffmann N, Fuchs F W. Finite control set model predictive current control for grid鄄connected voltage鄄source con鄄 verters with LCL filters: A study based on different state feed鄄 backs. IEEE Trans Power Electron, 2016, 31(7): 5189 [11] Villarroel F, Espinoza J R, Rojas C A, et al. Multiobjective switching state selector for finite鄄states model predictive control based on fuzzy decision making in a matrix converter. IEEE Trans Ind Electron, 2013, 60(2): 589 [12] Song Z W, Zhou R K, Lai Y X, et al. Anomaly detection method of ICS based on behavior model. Comput Sci, 2018, 45(1): 233 (宋站威, 周睿康, 赖英旭, 等. 基于行为模型的工控异常检 测方法研究. 计算机科学, 2018, 45(1): 233) [13] Ambusaidi M A, He X J, Nanda P, et al. Building an intrusion ·1083·