LAUSR

Abstract In response to the problem of low detection rate on different types of attacks in industrial control networks safety by traditional single detection algorithm models, a multi-level adaptive coupled method combining white list technology and machine learning was proposed. The white list was used to filter the communication behaviors that could not match with the rules at first level, then machine learning model were used to anomaly detect the abnormal communication behaviors at second level. Firstly, In the process of machine learning, the original dataset was preprocessed by Principal Component Analysis (PCA). Then the off-line data training was carried out by adaptive coupled algorithm, and the classifier model was constructed secondly. Finally, on-line anomaly detection was realized. The experimental results show that the proposed method was improved the detection rate than other algorithm significantly.