Industrial control network is a direct interface between information system and physical control process. Due to the lack of authentication, encryption, and other necessary security protection designs, it has become the main target of malicious attacks under the trend of increasing openness. In order to protect the industrial control systems, we examine the detection of abnormal traffic in industrial control network and propose a method of detecting abnormal traffic in industrial control network based on autoencoder technology. What is more, a new deep autoencoder model was designed to reduce the dimensionality of traffic data in industrial control network. In this article, the Kullback–Leibler divergence was added to the loss function to improve the ability of feature extraction and the ability to recover raw data. Finally, this model was compared with the traditional data dimensionality reduction method (principal component analysis (PCA), independent component analysis, and singular value decomposition) on gas pipeline dataset. The results show that the approach designed in this article outperforms the three methods in different scenes in terms of f₁ score.

工业控制网络是信息系统与物理控制过程之间的直接接口。由于缺乏身份验证，加密和其他必要的安全保护设计，在开放程度不断提高的趋势下，它已成为恶意攻击的主要目标。为了保护工业控制系统，我们研究了工业控制网络中异常流量的检测，并提出了一种基于自动编码器技术的工业控制网络异常流量的检测方法。此外，设计了一种新的深度自动编码器模型，以减少工业控制网络中交通数据的维数。在本文中，Kullback-Leibler散度被添加到损失函数中，以提高特征提取的能力和恢复原始数据的能力。最后，将该模型与天然气管道数据集上的传统数据降维方法（主要成分分析（PCA），独立成分分析和奇异值分解）进行了比较。结果表明，在不同场景下，本文设计的方法优于三种方法。F₁分。