Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system

A network intrusion detection and intrusion detection technology, which is applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of SCADA systems lacking network security intrusion detection systems, lack of security considerations, failures, etc., to improve network security Effect

Inactive Publication Date: 2017-06-30
JIANGSU ELECTRIC POWER RES INST +3
View PDF2 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Due to the limited computing resources in traditional systems, and the lack of built-in security considerations, traditional IT security solutions may fail in SCADA systems using IEC / 104. Currently, traditional industrial control SCADA systems lack network security intrusion detection systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system
  • IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system
  • IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The technical solution of the present invention will be further introduced below in conjunction with the accompanying drawings and specific implementation methods.

[0041] This specific embodiment discloses a kind of SCADA network intrusion detection method based on IEC60870-5-104 agreement, such as figure 1 As shown, the method includes the following steps:

[0042] Determine the message to be detected;

[0043] Detect whether there are abnormal behaviors in the message. The detection process includes a feature-based intrusion detection process and a model-based intrusion detection process. The feature-based intrusion detection process is: match the message to be detected with the rule database of attack characteristics , if they match, a corresponding alarm will be generated; the model-based intrusion detection process is: to establish a model that characterizes the expected behavior of a specific protocol, and if the detected message violates these models, a corres...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system. According to the method, the detection processes of the method include a feature-based intrusion detection process and a model-based intrusion detection process. According to the feature-based intrusion detection process, matching is performed on a message to be detected and a rule database of attack features, if the message to be detected is matched with the rule database of attack features, a corresponding alarm is generated and stored in a log file. According to the model-based intrusion detection process, models that characterize specific protocol expected behaviors are established, if it is detected that the message violates the models, a corresponding alarm is generated and is stored in the log file. With the IEC60870-5-104 Protocol-based SCADA (supervisory control and data acquisition) network intrusion detection method and system of the invention adopted, the network security of an IEC / 104 protocol-based SCADA system can be improved.

Description

technical field [0001] The invention relates to the technical field of industrial control system network information security, in particular to a SCADA network intrusion detection method and system based on the IEC60870-5-104 protocol. Background technique [0002] Supervisory Control and Data Acquisition System (SCADA) is a computer-based production process control and scheduling automation system, which can monitor and control on-site operating equipment and play an important role in industrial control systems of key infrastructure such as electric power, petroleum, and chemical industry. play an important role. As industrial SCADA systems continue to grow in complexity and interconnectivity, so does the possibility of malicious cyber attacks. Industrial control networks that follow traditional communication protocols are often designed with insufficient consideration of network security threats. Evolving SCADA systems can be targeted by malicious actors or disgruntled i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0631H04L41/145H04L63/0236H04L63/1416H04L63/1425H04L63/1441H04L63/30
Inventor 杨毅高磊袁宇波黄伟姜海涛王琦李天然徐毅凯居佳琪
Owner JIANGSU ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products