Modbus protocol-oriented data flow anomaly analysis method

A technology of protocol data and analysis methods, applied in electrical components, transmission systems, etc., can solve problems such as no defense means, interruption of household power supply, leakage; 2012 "flame" virus attack, etc., to achieve good comprehensiveness and practicability, The effect of improving efficiency

Inactive Publication Date: 2016-12-07
工业和信息化部电子工业标准化研究院
View PDF5 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In recent years, network security incidents targeting industrial control systems have occurred frequently. For example: in 2010, the "Stuxnet" virus carried out a "ferry" attack on Iran's Bushehr nuclear power plant, resulting in the scrapping of 20% of centrifuges and the leakage of toxic radioactive substances; The "flame" virus attacked the energy industry in the Middle East and collected a large amount of key information on the Iranian oil industry, intending to attack the economic lifeline of the oil country; in 2016, the "dark force" attacked the Ukrainian smart grid industrial control system, resulting in a large-scale interruption of household power supply
These milestone secur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Modbus protocol-oriented data flow anomaly analysis method
  • Modbus protocol-oriented data flow anomaly analysis method
  • Modbus protocol-oriented data flow anomaly analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0044] Considering the differences between data flow anomaly analysis of industrial field control system and IT system in terms of industrial communication protocol, data flow periodicity, data flow stability, etc., data flow anomaly analysis of industrial control system is more suitable for data flow anomaly analysis, The abnormal behavior analysis method of data packets has a theoretically higher accuracy than the method implemented on traditional IT networks...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control network Modbus protocol-oriented data flow anomaly analysis method. The method comprises the following steps of 1, an initialization phase, wherein a Modbus protocol data flow anomaly analysis model is generated; 2, an initialization phase, wherein a Modbus protocol self-learning normal behavior model is generated; 3, a run phase, wherein the run state of Modbus protocol data flow is judged; 4, a run phase, wherein the normal/abnormal behavior state of Modbus protocol data messages is judged; 5, representing, wherein the results in the step 3 and the step 4 are visibly represented. The method is designed on the basis of deeply knowing the Modbus protocol and the anomaly analysis technology, good comprehensiveness and practicality are achieved, the efficiency of anomaly analysis can be effectively improved, and Modbus abnormal data flow existing in an industrial control system can be efficiently found through the method.

Description

technical field [0001] The invention in this paper belongs to the field of security technology of industrial control systems, and specifically relates to an abnormal analysis method of data flow oriented to industrial control network Modbus protocol. Background technique [0002] More than 80% of the critical infrastructure in the industrial field relies on industrial control systems to automate operations. In recent years, network security incidents targeting industrial control systems have occurred frequently. For example: in 2010, the "Stuxnet" virus carried out a "ferry" attack on Iran's Bushehr nuclear power plant, resulting in the scrapping of 20% of centrifuges and the leakage of toxic radioactive substances; The "flame" virus attacked the energy industry in the Middle East and collected a large amount of key information on the Iranian oil industry, intending to attack the economic lifeline of the oil country; in 2016, the "dark force" attacked the Ukrainian smart gri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1425
Inventor 范科峰周睿康姚相振高林李琳
Owner 工业和信息化部电子工业标准化研究院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap