Electric power communication protocol exception detection method based on dynamic extensible finite state

Abstract

The invention discloses an electric power communication protocol exception detection method based on a dynamic extensible finite state. The method includes describing definitions of L2 to L7 (link layer to the application layer) of an electric power communication protocol, protocol state machine logic and exception handling logic according to protocol description rules, acquiring protocol rule definition files, translating the protocol rule definition files to form a protocol rule database through a protocol rule analytic engine, and performing protocol analysis, state detection and exception processing on network data packages according to the protocol rule database. The dynamic extensible support is provided for various application layer protocols and is further provided for application layer context state detection and exception processing, electric power communication protocol exception detection is facilitated, and the method has promised application prospect.

Description

technical field [0001] The invention relates to an anomaly detection method of a network communication protocol, in particular to a dynamically scalable power communication protocol anomaly detection method based on a finite state machine. Background technique [0002] In recent years, network attacks against specific application-layer services have occurred continuously. Traditional network security protection devices (such as firewalls, IDS, etc.) are difficult to detect such application-layer attacks because they only detect the network layer. Therefore, it is urgent to strengthen the protection against Security monitoring of network application layer data. [0003] Compared with the communication protocols at the network layer, there are a large number of application layer protocols, not only a large number of general application layer protocols (such as HTTP, FTP, SSH, etc.), but also many industry-specific application layer protocols (such as the power communication in...

AI Technical Summary

Problems solved by technology

[0004] At present, the methods adopted for the identification and analysis of application layer protocols in the electric power communication industry are roughly divided into the following categories: 1. Using hard coding, the identification and analysis of the supported application layer protocols are directly written into the program code, When using this method, when it is necessary to modify the protocol analysis method or to expand and support more application layer protocols, it needs to be hard-coded again, and the scalability is poor; Expand support for new application layer protocols, but program coders are required to carry out customized development, which is time-consuming and laborious; 3. Use an intermediate scripting language to realize the analysis of network protocols. For example, Wireshark supports adding support for new network protocols through Lua scripting language Analysis support, but users need to master the syntax of Lua, and the functions provided by Lua are limited, so it is not suitable for complex processing such as state detection and tracking of data packet context

Images