Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion detection method and intrusion detection system for industrial control system based on communication model

An industrial control system and communication model technology, applied in the field of information security, can solve problems such as false positive rate, high false positive rate, lack of practicability, and reduced availability of control systems, so as to improve accuracy, ensure practicability, and reduce leakage. The effect of positive rate and false positive rate

Inactive Publication Date: 2015-12-30
BEIJING UNIV OF POSTS & TELECOMM
View PDF6 Cites 45 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The existing method of detecting industrial control system intrusion from IT system components follows the idea of ​​IT system intrusion detection, which fails to fully consider the real-time and periodic characteristics of industrial control communication networks, and fails to fully consider the master-slave relationship between industrial control equipment. Not only the false alarm rate and false alarm rate are high, but also affect the control accuracy of the original control system, and even reduce the availability of the original control system
However, the existing method of detecting industrial control system intrusion from the monitored physical system needs to establish an approximate mathematical model of the control system, but the establishment of an approximate mathematical model of the control system itself is a difficult task, and many control processes in actual industrial production cannot use mathematical models. Indicates, and it is impossible to judge whether the abnormality is caused by an attack or by physical noise, which lacks practicability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method and intrusion detection system for industrial control system based on communication model
  • Intrusion detection method and intrusion detection system for industrial control system based on communication model
  • Intrusion detection method and intrusion detection system for industrial control system based on communication model

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0095] Example 1: Worms. If a node in the industrial control system is infected with a worm, the node will send a scanning detection message to the network. The communication connection mode of the scanning detection message does not match the communication rules of the industrial control system established by the present invention, and at this time, the IDS analysis and detection host will generate an alarm.

example 2

[0096] Example 2: Control command injection. If a control command is injected into the industrial control network, the period of the control command message does not match the original period of the control command. At this time, the IDS analysis and detection system will detect that the command period is abnormal and generate an alarm.

[0097] Example 3: The master-slave communication timing and polling sequence between the master station and the slave station are disordered due to control command hijacking. A typical example is that the Stunex virus can hijack the control commands of the Siemens industrial control system, making the Siemens S7-300PLC switch between start and stop. If there are S7-300PLCs in the master station and the slave station, the relationship between the master-slave communication timing and polling sequence will be confused. If there is similar hijacking of fame and fortune, the master-slave analysis and detection module in the present invention wil...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an intrusion detection method and an intrusion detection system for an industrial control system based on a communication model. The accuracy of intrusion detection is improved to the maximum degree while the practicability is guaranteed. The intrusion detection method comprises the steps of firstly establishing a communication model and communication rules of the industrial control system, wherein the communication model comprises node information and communication connection information; generating a legal communication rule set on the basis of the communication model after the communication model of the industrial control system is established, learning in an installation and debugging stage and a stage before an attack happens of the industrial control system, and establishing a communication model and a communication rule set; then deploying detectors in an industrial control network, capturing a datagram, analyzing and extracting the communication connection information through the datagram, comparing the communication connection information with the generated legal communication rule set, and giving out an alarm when communication connection which violates the legal communication rule set exists; and calling a system response module to adopt corresponding response strategies if intrusion is discovered, and carrying out analysis and learning again if actual detection is wrong.

Description

technical field [0001] The invention discloses an intrusion detection method and system of an industrial control system based on a communication model, belonging to the field of information security. Background technique [0002] Industrial control systems are widely used in electric power, water conservancy, sewage treatment, oil, natural gas, chemical, transportation, pharmaceutical and large-scale manufacturing industries, and are an important part of industrial automation and key infrastructure. Modern industrial control systems achieve automatic control of industrial production processes by deeply embedding computing intelligence, communication and automatic control capabilities in physical systems, and with the help of new sensors and actuators. Its core components include data acquisition and monitoring system (SCADA), distributed control system (DCS), programmable logic controller (PLC), remote terminal (RTU), intelligent electronic device (IED), various sensors and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G05B23/02
Inventor 郑康锋高大永张冬梅武斌伍淳华周杨查选
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products