Security monitoring method for ICS based on information gain ratio and maximum entropy model

In today's information age, in order to meet the requirement of high efficiency outlier detection in the production process of industrial control system, the intrusion characteristics are analyzed and warned in time to prevent from happening. An intrusion detection scheme (IGR-MEM) based on information gain ratio feature selection and maximum entropy model is proposed. The collected industrial control data are normalized and a new information gain ratio feature selection method considering feature correlation and redundancy is proposed to choose the best feature subset from the network connection data. According to the extracted training sample feature subset, the maximum entropy model is devoted to construct the classifier, and finally the trained classifier is applied for intrusion detection. The test results express that the IGR-MEM scheme is able to select the best feature collection, improve the detection efficiency, and improve the accuracy of ICS security monitoring and reduce the false alarm rate compared with other algorithms.