PSO-OCSVM based industrial control system communication behavior anomaly detection method

A technology of PSO-OCSVM and industrial control system, applied in the direction of transmission system, digital transmission system, electrical components, etc., can solve the problem of inability to detect abnormal behavior of multiple data packet communication, and achieve the effect of improving efficiency

Active Publication Date: 2016-06-22
SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
View PDF3 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In industrial control intrusion detection, the anomaly detection method based on the "white list" rule can effectively detect the abnormal behavior of a single communication protocol, but it cannot detect the abnormal communication behavior that exists in multiple data packets at the same time. The anomaly detection method based on the communication mode able to make up for its shortcomings

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PSO-OCSVM based industrial control system communication behavior anomaly detection method
  • PSO-OCSVM based industrial control system communication behavior anomaly detection method
  • PSO-OCSVM based industrial control system communication behavior anomaly detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0051] Such as figure 2 , 3 As shown, the communication behavior anomaly detection method based on OCSVM includes:

[0052] a. Feature extraction and preprocessing part

[0053] 1ModbusTCP message format has expanded some data structures on the basis of retaining all the functions of Modbus. The message format of ModbusTCP mainly includes three parts: MBAP message header, Modbus function code and data. When the client computer sends a message to the server device, the function code field is the only basis for the server to distinguish between read operations, write operations, data types, and data types, so the Modbus function code is used as a feature vector, such as figure 1 shown.

[0054] 2 The ModbusTCP traffic captured by wireshark contains redundant and unimportant features, remove redundant or unimportant features, and only retai...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention puts forward a PSO-OCSVM based industrial control system communication behavior anomaly detection method based on an OCSVM algorithm. According to the invention, an improved one-class support vector machine algorithm is adopted to establish a normal communication behavior profile according to a normal Modbus function code sequence, a PSO-OCSVM method for parameter optimization based on a particle swarm optimization (PSO) algorithm is designed, and an intrusion detection model is established to identify abnormal Modbus TCP communication traffic. The method of the invention improves the reliability and efficiency of anomaly detection, and is more suitable for practical application.

Description

technical field [0001] The invention belongs to the field of network information security of industrial control systems, and specifically relates to a PSO-OCSVM-based method for detecting abnormal communication behaviors of industrial control systems. Background technique [0002] With the deep integration of informatization and industrialization and the rapid development of the Internet of Things, industrial control system products increasingly adopt common protocols, common hardware and common software. The wave of networking has integrated emerging technologies such as embedded technology, multi-standard industrial control network interconnection, and wireless technology, thereby expanding the development space of industrial control and bringing new development opportunities. information security issues. [0003] In 2010, the "Stuxnet" virus incident destroyed Iran's nuclear facilities and shocked the world. This marks the upgrade of cyber attacks from the traditional "...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 尚文利万明李琳曾鹏于海斌
Owner SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap