Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal detection method of modbus TCP communication behavior based on ocsvm double contour model

An anomaly detection and double-contour technology, which is applied in safety communication devices, data exchange through path configuration, and general control systems, etc., can solve problems such as inability to detect abnormal communication behaviors of multiple data packets, and achieve the effect of improving efficiency

Active Publication Date: 2017-05-10
SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] In industrial control intrusion detection, the anomaly detection method based on the "white list" rule can effectively detect the abnormal behavior of a single communication protocol, but it cannot detect the abnormal communication behavior that exists in multiple data packets at the same time. The anomaly detection method based on the communication mode able to make up for its shortcomings

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal detection method of modbus TCP communication behavior based on ocsvm double contour model
  • Abnormal detection method of modbus TCP communication behavior based on ocsvm double contour model
  • Abnormal detection method of modbus TCP communication behavior based on ocsvm double contour model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0055] like figure 2 , 3 As shown, the communication behavior anomaly detection method based on OCSVM includes:

[0056] a. Data acquisition part, such as figure 1 as shown,

[0057] 1 Build a simulation experiment environment platform, make the system in normal operation state, use wireshark to capture traffic data packets, and the captured data packets at this time are normal communication traffic data.

[0058] 2 Insert a U disk with a virus into the computer. At this time, the system is invaded by the virus. Use wireshark to capture the traffic data packets. At this time, the captured data packets are abnormal communication traffic data.

[0059] 3 Store the captured communication traffic data in different files, and perform feature extraction respectively.

[0060] b. Feature extraction and preprocessing part

[0061] 1 The Modbus ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Based on the OCSVM algorithm, the invention proposes an abnormal detection method for the communication behavior of the industrial control system. The invention constructs the normal behavior profile model and the abnormal behavior profile model of the communication behavior of the industrial control system, that is, the dual profile model, and optimizes the parameters through the particle swarm optimization algorithm (PSO), obtains the optimal intrusion detection model, and identifies the abnormal Modbus TCP traffic flow. The invention reduces the false alarm rate through the collaborative discrimination of the double contour detection model, improves the efficiency and reliability of abnormal detection, and is more suitable for practical application.

Description

technical field [0001] The invention relates to an abnormal detection method of Modbus TCP communication behavior based on an OCSVM dual-contour model, and belongs to the field of network information security of industrial control systems. Background technique [0002] With the rapid advancement of industrial informatization, information, network, and Internet of Things technologies have been widely used in industrial control fields such as smart grids, intelligent transportation, and industrial production systems, greatly improving the overall benefits of enterprises. In order to achieve collaboration and information sharing between systems, industrial control systems have also gradually broken the previous closedness: using standard, general-purpose communication protocols and hardware and software systems, even some industrial control systems can be connected to public networks such as the Internet in certain ways. in the network. This makes the industrial control system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L12/40039H04L63/1425H04L9/40G05B19/4185H04L12/40H04L2012/40228
Inventor 尚文利万明李琳曾鹏于海斌
Owner SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI