A method for creating intrusion detection rules based on industrial control network variant attack

An industrial control network and intrusion detection technology, which is applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems that cannot be changed in time, unfavorable rule base establishment and upgrade, and low false alarm rate, so as to save time and energy effect

Active Publication Date: 2021-01-05
BEIJING UNIV OF TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The feature-based intrusion detection system can detect specific intrusion types and has the characteristics of low false alarm rate. However, traditional intrusion detection rules need to be manually established by experts and cannot be changed in a timely manner, which is not conducive to the establishment and upgrade of the rule base.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for creating intrusion detection rules based on industrial control network variant attack
  • A method for creating intrusion detection rules based on industrial control network variant attack
  • A method for creating intrusion detection rules based on industrial control network variant attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be described in detail below in conjunction with specific embodiments shown in the accompanying drawings.

[0039] Such as figure 1 As shown, the present invention provides a method for creating an intrusion detection rule based on an industrial control network variant attack, comprising the following steps:

[0040] Data acquisition step: use WinPcap to capture network data packets from the industrial control network through the data acquisition module, and save the data packets in the cache queue respectively according to the 502 port of the ModbusTCP protocol by judging the protocol of the network data;

[0041] Data analysis step: obtain the data packet from the cache queue through the data analysis module, and analyze the data field of the application layer of the ModubsTCP protocol through the deep data packet analysis technology;

[0042] Rule training step: use the rule training module to determine whether the sample type is single ru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection rule creation method based on an industrial control network variant attack. The existing rule library of ModbusTCP abnormal flow is designed and summarized by analyzing the vulnerability of the ModbusTCP industrial control protocol, the genetic algorithm is improved in combination with the common attack variation manners of the existing industrial control network so as to automatically create an intrusion detection rule, the created rule is stored according to the adaption value thereof, the variant attack can be effectively detected, the rule library is expanded, and the intrusion detection rule creation method has the advantages of high detection accuracy and high instantaneity.

Description

technical field [0001] The invention belongs to the technical field of industrial control networks, in particular to an intrusion detection rule creation method based on industrial control network variant attacks. Background technique [0002] Industrial Control Systems (ICS) is an automatic control system composed of computer equipment and industrial process control components. At present, it has become an important part of the country's key infrastructure, and is widely used in important fields such as power transmission, transportation, oil field exploration, food and pharmaceuticals, and realizes the automation of facilities. [0003] With the continuous integration of industrialization and informatization, more and more information and computer technologies are widely used in the field of industrial control. The use of standardized and facilitated Industrial Ethernet establishes a connection with enterprise networks in several ways. This greatly increases the risk of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L41/0806H04L63/0236H04L63/1425H04L63/1441
Inventor 赖英旭蔡晓田杨凯翔张聪张靖雯刘静庄俊玺
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap