Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof

An industrial control network, intrusion detection technology, applied in the direction of character and pattern recognition, instruments, electrical components, etc., can solve the problem of high false positive rate and false negative rate of intrusion detection, to improve the intrusion detection rate, reduce the false positive rate and False negative rate, the effect of reducing complexity

Inactive Publication Date: 2017-04-26
SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In the prior art, the intrusion detection model is established according to the network communication traffic data, and then the intrusion detection model is always used for intrusion detection of abnormal behaviors. However, industrial communication is real-time, and the traffic data of communication behavior is also continuously changing. Therefore, the existing technology The false positive rate and false negative rate of intrusion detection are high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof
  • Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] see figure 1 , the embodiment of the present invention provides a method for automatically establishing an intrusion detection model based on an industrial control network, the method comprising:

[0034] 101. Determine whether the first intrusion detection model meets the preset detection requirements, if not, perform step 102;

[0035] Specifically, the preset detection requirements include one or more of parameters such as the detection rate threshold, detection time threshold, false alarm rate threshold, and false alarm rate threshold, which can be selected according to actual conditions, and this embodiment of the present invention does not make any Specific restrictions.

[0036] 102. Real-time extraction of communication behavior traffic data;

[0037] The communication behavior traffic data extracted in real time in the embodiment of the present invention may be normal communication behavior traffic data, or communication behavior traffic data including abnorm...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an automatic establishing method of an intrusion detection model based on an industrial control network. The method comprises the following steps of determining whether a first intrusion detection model accords with a preset detection requirement, and if the first intrusion detection model does not accord with the preset detection requirement, extracting communication behavior flow data in real time; according to the communication behavior flow data, setting a training data set and a test data set; according to the training data set, creating an initial intrusion detection model; and using the test data set to test the initial intrusion detection model, and according to a test result, creating a second intrusion detection model according with a preset detection requirement. Detection precision of the second intrusion detection model is high so that an intrusion detection rate of abnormal behaviors is increased, and a false alarm rate and a missing report rate are reduced.

Description

technical field [0001] The application relates to a method and device for automatically establishing an intrusion detection model based on an industrial control network, and belongs to the technical field of industrial control network security protection. Background technique [0002] Industrial Control Systems (hereinafter referred to as ICS) is an automatic control system composed of computer equipment and industrial process control components. It is widely used in industrial basic fields such as industry, energy, transportation, and petrochemical industry. Since ICS is more and more connected with enterprise network and the Internet, forming an open network environment, the network security protection technology of ICS is of great significance to ensure the safe, reliable and stable operation of ICS. [0003] At present, intrusion detection technology is mainly used to ensure the network security of ICS. Intrusion detection is an active security protection technology. By...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L67/12H04L63/1425G06F18/2113G06F18/217G06F18/2411G06F18/214G06F18/2111
Inventor 曾鹏尚文利赵剑明万明安攀峰
Owner SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap