Industrial control system anomaly detection method based on dual-contour model

An industrial control system, anomaly detection technology, applied in general control systems, control/regulation systems, testing/monitoring control systems, etc., can solve problems such as wrong decision-making by enterprise management, poor security awareness, and difficult to detect attacks, and achieve Improve accuracy and improve real-time effect

Active Publication Date: 2017-03-15
CHONGQING UNIV OF POSTS & TELECOMM
View PDF6 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

That is to say, the relative closeness of the industrial control system in the physical environment and the specificity of the software and hardware of the industrial control system will be broken. It will be possible to obtain more detailed information about the relevant industrial control system through the Internet or the intranet, and then In addition, the security awareness of enterprises operating industrial control systems is generally poor, which creates opportunities for hostile governments, terrorist organizations, commercial espionage, internal criminals, and external illegal intruders.
[0003] There are the following disadvantages in ICS (Industrial Control System): 1) Due to the large number of equipment manufacturers in ICS, there is a lack of unified system hardware, operating software, application software, and protocol specification standards, which leads to its own vulnerability in ICS configuration
2) The widely used Modbus TCP protocol in this system lacks authentication and authorization mechanisms, and the data is transmitted in plain text. It is only possible to protect the data collected at the field device layer through the security gateway in the network, while the traditional security protection methods mainly It is a filtering technology based on protocol data packet format matching. This rule configuration method is difficult to intercept the attacks of many malicious attackers, such as constructing data packets that conform to the protocol specifications to attack
3) In the field device layer, the value of the device register is easily tampered by the attacker, but the format of the data packet still conforms to the protocol specification. This attack is not easy to be detected, which makes the enterprise management make wrong decisions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control system anomaly detection method based on dual-contour model
  • Industrial control system anomaly detection method based on dual-contour model
  • Industrial control system anomaly detection method based on dual-contour model

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0054] The ICS anomaly detection method based on the dual-contour model mainly involves the following three modules: data packet deep analysis system, anomaly detection subsystem, and security management platform.

[0055] The data packet deep analysis system is to deeply analyze the message layer by layer. Regarding the Modbus application protocol message header, it includes the transmission identification, protocol identification, length and unit identification, as well as the periodic characteristics of the marking function code, and summarizes the characteristics of each protocol. Command and status characteristics, and record the communication behavior frequency according to the master-slave communication cycle.

[0056] The anomaly detection subsystem conducts real-time data analysis based on the information from the data packet deep analysis system, and constructs the characteristics of the transaction identifier frequency, read slave station function code frequency, wri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an industrial control system anomaly detection method based on a dual-contour model. Involved industrial control network equipment comprises a security gateway, a programmable logic controller (PLC), onsite sensor equipment, a security management platform, and an engineer station. The method comprises the following steps of S1, the engineer station configures and operates a system, the PLC of each region discriminates controlled equipment connected to an IP module of the PLC, an information list is distributed to the controlled equipment, and a periodic communication mode is formed for master and slave stations; S2, the PLC timely feeds back data information to the security gateway, a data packet deep analysis system of the security gateway extracts data features and eliminates superfluous attribute features, and only features related to a system behavior mode are left, wherein the features related to the system behavior mode comprises protocol features, data packet transmission direction features and register value variation rules based on the communication frequency; and S3, an anomaly detection subsystem carries out anomaly detection and sends an alarm to the security management platform for an abnormal result.

Description

technical field [0001] The invention belongs to the technical field of industrial control systems, and relates to an abnormality detection method of an industrial control system based on a double-contour model. Background technique [0002] Due to the widespread use of common software, hardware and network facilities in industrial control systems, as well as the integration with enterprise management information systems, industrial control systems have become more and more open, and data exchange has occurred with enterprise intranets and even with the Internet. That is to say, the relative closeness of the industrial control system in the physical environment and the specificity of the software and hardware of the industrial control system will be broken. It will be possible to obtain more detailed information about the relevant industrial control system through the Internet or the intranet, and then In addition, the security awareness of enterprises operating industrial co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G05B23/02
CPCG05B23/0213G05B2219/24065
Inventor 王浩廖杰王平李勇胡润
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap