Intrusion Detection Algorithm Based on Optimized One-class Support Vector Machine for Industrial Control System

The detection of anomalous communication behavior is a challenging problem with respect to detecting intrusions in industrial control systems. We utilize the particle swarm optimization (PSO) algorithm to optimize the parameters of the one-class support vector machine (OCSVM), and further propose the PSO-OCSVM algorithm. According to the function codes of the standard Modbus transmission control protocol (TCP), we developed an intrusion detection model of normal communication behavior to enable the identification of abnormal Modbus TCP communication. A comparison and analysis of the simulation confirms that the proposed algorithm is demonstrably efficient, reliable, and operates in real-time, and thus has the potential to meet the requirements of anomaly detection in industrial control systems.