An abnormal detection system for industrial control behavior based on data dependence

A technology of data dependence and anomaly detection, applied in transmission systems, electrical components, etc., can solve problems such as tampering attacks, and achieve the effect of fast intrusion identification and fewer false negatives and false positives.

Active Publication Date: 2019-07-05
BEIJING UNIV OF TECH +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the traditional anomaly detection technology only statistically builds a model for network behavior characteristics for anomaly detection, but the tampering of the process behavior of the industrial control system will not cause changes in the network behavior characteristics, so the traditional anomaly detection technology cannot identify the tampering attack of the process behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An abnormal detection system for industrial control behavior based on data dependence
  • An abnormal detection system for industrial control behavior based on data dependence
  • An abnormal detection system for industrial control behavior based on data dependence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be described in detail below in conjunction with specific embodiments shown in the accompanying drawings.

[0027] Such as figure 1 As shown, the embodiment of the present invention provides an industrial control anomaly detection system based on data dependence, including:

[0028] The data acquisition module uses WinPcap to capture network data packets from the network environment of the industrial control system, and saves them in the first-level cache queue of the system; then judges whether the data packets belong to the industrial control ModbusTCP protocol, and if they belong to this protocol, save them to the ModbusTCP protocol in the L2 cache queue, otherwise the packet is discarded.

[0029] The behavior data extraction module is used for extracting behavior data for the rule learning module or the rule detection module. This module first judges whether it is the rule learning mode or the rule detection mode. If it is the rule lea...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control behavior anomaly detection system based on data dependence. The system comprises a data collection module, a behavior data extraction module, a rule learning module and a rule detection module, wherein the data collection module is used for acquiring a network data packet; the behavior data extraction module is used for extracting behavior data in the network data packet, and building an input output behavior data list used for learning a rule and an input output behavior data list used for detecting the rule; the rule learning module is used for generating a rule file according to the pre-stored input output behavior data lists used for learning a configuration file and learning the rule; and the rule detection module is used for detecting anomaly of the behavior data according to the input output behavior data list used for detecting the rule of the rule file. According to the technical scheme of the system of the invention, anomaly detection on process behaviors of controllers (PLCs and the like) and controlled objects (valves and the like) can be effectively implemented, and the system has the characteristics of high detection accuracy and strong real-time.

Description

technical field [0001] The invention relates to the technical field of industrial control networks, in particular to a data-dependent-based industrial control system behavior anomaly detection system. Background technique [0002] Industrial Control System (Industrial Control System) is composed of various automation control components and process control components for real-time data acquisition and monitoring. Industrial control system is a management and control system, which can ensure the normal operation of industrial equipment, control and monitor industrial production process. The industrial control system is mainly composed of SCADA (Supervisory Control And Data Acquisition), DCS (Distribution Control System), PLC (Programmable Logic Controller), RTU (Remote Terminal Unit), IED (Intelligent Electronic Device) and interface technology. Industrial control systems are ubiquitous in petroleum, nuclear power plants, chemical industry, transportation and electric power, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 宋站威姚相振赖英旭范科峰高林周睿康李琳王宇盛杨凯翔蔡晓田
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap