Attack sample generation algorithm based on data association group by GAN in industrial control dataset

Abstract The importance of industrial control networks security is growing, but the intrusion detection research of industrial control networks is seriously restricted by the existing attack samples of the business dataset, especially the quantity and quality. In order to solve the problem of the scarcity of attack industrial control datasets, this paper proposes an attack sample generation algorithm. Firstly, based on the weight and degree of membership distribution, calculate the value of membership distance between dimensions, and the data association is strong when the membership distance of dimensions is small. Then, divide dimensions which have small distance into a group, so as to realize the association grouping of the original data. The data association of dimensions in an association group is strong when the association group appears frequently. According to the frequency of the association group, all the association groups are divided into strong association group and weak association group. Attack all the dimensions of one strong association group in the original data by false data injection attack, realized attack sample generation algorithm in the original data. Finally, expand the attack sample into a large amount of attack sample industrial control dataset by the Generative Adversarial Network. In this paper, the attack samples are generated by the BATADAL dataset and the business dataset of an oil depot, and the data is expanded by 100 times through the algorithm. Compared with the attack samples provided by the BATADAL dataset, the coincidence degree and fitting degree of generated data is improved by 38.20%–42.94% and 98.22%–98.36%, respectively. The classification results of XGBoost and SVM are 100% and 98.01%, which is close to the classification result of attack samples provided by BATADAL dataset.