Intrusion detection method based on Markov chains

A Markov chain and intrusion detection technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as labeling difficulties, and achieve the effects of reducing false alarm rates, high detection efficiency and accuracy

Active Publication Date: 2017-01-11
HARBIN ENG UNIV
View PDF5 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

1. The fully supervised mode training technology assumes that the data set used for training contains not only normal class but also abnormal class label instances, but the disadvantage of this technology is that the number of abnormal data instances in the training data is much smaller than the number of normal data instances. And it is usually difficult to get accurate and representative labels through abnormal class analysis; 2. Unsupervised mode training technology does not require training data, but it must ensure that the number of normal data instances is far greater than the number of abnormal data instances; 3. Semi The supervised mode training technique assumes that only the data instances belonging to the normal class have labels in the training data set

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on Markov chains
  • Intrusion detection method based on Markov chains
  • Intrusion detection method based on Markov chains

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The following examples describe the present invention in more detail.

[0038] combine figure 1 , the Markov chain-based intrusion detection method of the present invention mainly includes: First, define a time-based event sequence for network data; Afterwards, the Markov chain model is established for the learning phase and the detection phase respectively; finally, the intrusion detection algorithm is applied to the two models, and two methods are used to screen abnormalities, namely, whether the data comparison of the two models and the difference value are within the threshold range Inside. Specifically, the following technical means are included:

[0039] 1. Define time-based event sequences for network data.

[0040]The present invention is illustrated with the Modbus protocol. The definition of time-based event sequences mainly depends on two attributes: function code and time. For the Modbus protocol, the specific formal description of the time-based event ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an intrusion detection method based on Markov chains. Network data package characteristics are extracted, and data models based on the Markov chains are constructed. Markov chain models are respectively constructed in a training phase and a detection phase. An intrusion detection algorithm is improved according to event importance. By adopting the improved intrusion detection algorithm, the abnormity detection of the Markov chains in the training phase and the detection phase is carried out to acquire abnormity results. The intrusion detection method mainly focuses on special attack types of an industrial control field ICS system, and under a condition of completely normal network communication data package formats, sequence attacks based on a sequence and time can still happen. According to experimental verification, the intrusion detection method is advantageous in that a false alarm rate is effectively reduced, higher detection efficiency and higher accuracy are provided.

Description

technical field [0001] The invention relates to an ICS system intrusion detection method, in particular to an intrusion detection method for establishing a Markov chain model in the ICS system. Background technique [0002] In today's world, the field of information security has ushered in a new challenge that has attracted the attention of various countries, companies and organizations - Advanced Persistent Threats (APT). APT attacks are constantly attracting the attention of various security companies and organizations because of their clear attack targets, good organization, very advanced hacking techniques, diverse and complex attack methods, and attack persistence and concealment. APT attacks not only exist in traditional information technology (referred to as IT) systems, but also in the field of industrial control. Industrial Control Systems (ICS for short) are widely used in automating industrial processes, covering the country's critical infrastructure, such as pow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/145H04L63/1416H04L63/1425
Inventor 吴艳霞孙彬姬翔卢文祥王胜
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap