Improved TPOT Industrial Control Intrusion Detection Method
YANG Rui-jun1,HE Li-jun1,CHENG Yan2
1(Department of Computer Science and Information Engineering,Shanghai Institute of Technology,Shanghai 201418,China)2(School of Criminal Law,East China University of Political Science and Law,Shanghai 201620,China)
Abstract:In the process of automatic construction of machine learning model for intrusion detection in industrial control systems,a distributed D-TPOT method was proposed to solve the problem that TPOT,a tree-based Pipeline Optimization Tool,needs a lot of time and computational cost.By introducing block algorithm and dynamic task scheduling,this method can parallelize TPOT to construct the industrial intrusion detection model,so as to reduce the time of model construction.By changing the model building process of the number of reserved pipelines and the number of pipeline iterations,15 attack methods that did not appear in the training set were added in the test set to evaluate the model.Experiments show that,compared with TPOT,the optimal model constructed by D-TPOT is 92.89%,94.66%,and F3-score in multiple evaluation indexes without reducing the quality of the indexes of intrusion detection model constructed by distributed D-TPOT.92.45%,and can save 50% of the model building time.