Method for detecting anomaly of Modbus TCP (transmission control protocol) communication on basis of SVM (support vector machine)

An anomaly detection and communication technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as unidentifiable attack behaviors and Modbus communication anomalies

Inactive Publication Date: 2015-06-10
SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
View PDF7 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Aiming at the problem that the attack behaviors with unknown characteristics cannot be identified in several Modbus TCP communication securit

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting anomaly of Modbus TCP (transmission control protocol) communication on basis of SVM (support vector machine)
  • Method for detecting anomaly of Modbus TCP (transmission control protocol) communication on basis of SVM (support vector machine)
  • Method for detecting anomaly of Modbus TCP (transmission control protocol) communication on basis of SVM (support vector machine)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0058] Such as figure 2 As shown, the abnormal detection method of SVM-based Modbus TCP communication includes:

[0059] a. Traffic collection part

[0060] 1 Use the Netfilter mechanism of the Linux kernel to write a traffic capture module to capture the ModbusTCP communication traffic in the industrial control system, and classify and store it according to the key-value pairs of the source address and the destination address. On this basis, due to the focus on the security of the application layer protocol, it is necessary to eliminate data packets that do not contain Modbus function codes such as handshake, confirmation, and retransmission at the socket level, and further eliminate the Modbus server to the client. The data packet that the machine responds to.

[0061] 2 In view of the fact that the Modbus function code can best reflect ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for detecting anomaly of Modbus TCP (transmission control protocol) communication of industrial control systems on the basis of a SVM (support vector machine). The method has the advantages that processes for selecting and processing features of Modbus TCP communication sequences, preprocessing processes for obtaining data formats required by an SVM anomaly detection model by means of conversion and PSO (particle swarm optimization)-SVM anomaly detection processes for optimizing parameters by the aid of particle swarm optimization (PSO) are designed, so that the classification and identification precision of the method can be improved; abnormal Modbus TCP communication flow in the industrial control systems can be identified by the aid of the method on the basis of frequencies of occurrence of mode short sequences in Modbus function code sequences, and accordingly unknown attack behavior can be identified.

Description

technical field [0001] What this paper invented is a method for abnormal detection of communication flow in industrial control system, which uses support vector machine method to detect abnormality of function code sequence, which belongs to the field of network information security of industrial control system. Background technique [0002] At the beginning of the design of the industrial control system, due to the common use of proprietary communication protocols, operating systems, hardware devices, and isolation from other networks, more attention is paid to physical security and functional security, and lack of information and network security considerations. With the demand for informatization, the closedness of industrial control systems is constantly being broken: TCP / IP technology, open industrial communication protocols, general-purpose operating systems, etc. are more and more widely used, making there are many information security and network Industrial control s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26
Inventor 尚文利万明曾鹏赵剑明刘贤达张华良
Owner SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap