Traffic Characteristic Map-based Intrusion Detection Model for Industrial Internet

After the Stuxnet security event in Iran, the security issues on industrial Internet are very serious. Besides, there are many flaws existing in the modern traffic modelling approaches to the industrial field network. Aiming at these problems, the traffic characteristic map-based intrusion detection model for industrial Internet was proposed. Firstly, information entropy method was adopted to select vital traffic characteristics attributes set which is used to form traffic characteristic vectors. Secondly, multiple correlation analysis approach was applied to transform traffic characteristics vector into triangle area mapping matrix and traffic characteristic map can be established. Finally, using discrete cosine transform (DCT) and singular value decomposition (SVD) methods, perceptual hash digest database of normal and abnormal traffic characteristics maps was obtained. Thereafter, the corresponding intrusion detection rule set can be generated, which is essential for the modelling of network traffic periodic characteristics in industrial field network. In particular, the robustness and discrimination of the traffic characteristics map perceptual hash algorithm (TCM-PH) were proved. Experimental results show that the proposed approach has a good performance of intrusion detection in the industrial field network.