An Industrial Network Intrusion Detection Algorithm Based on Multifeature Data Clustering Optimization Model

Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8% and the FP of detection is decreased by 8.8%.