Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal behavior detection method for unknown industrial communication protocol specification

A technology of industrial communication and detection method, applied in the direction of electrical components, transmission systems, etc., can solve problems such as safety rule errors, system real-time operation impact, etc., and achieve the effect of ensuring safety

Active Publication Date: 2017-12-05
SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
View PDF3 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above two methods can protect the industrial control system from network attacks to a certain extent, there are also shortcomings: first, the rule setting of the white list is done manually, and any deviation will lead to errors in security rules; second, as a network Security middleware, which affects the real-time operation of the system
Most of the above-mentioned anomaly detection technologies for industrial control systems are limited to the research on anomaly detection methods of known industrial communication protocol protocols, and rarely involve research on anomaly detection of unknown industrial communication protocol protocols.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal behavior detection method for unknown industrial communication protocol specification
  • Abnormal behavior detection method for unknown industrial communication protocol specification
  • Abnormal behavior detection method for unknown industrial communication protocol specification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0036] The method of the invention belongs to the category of industrial control system information security. As a third-party bypass monitoring method, figure 1 The application deployment diagram of the method under the typical industrial control system network architecture is shown. see figure 1 As shown, this method can be deployed on the mirror port of the industrial control system network switch. By capturing and analyzing the communication data packets...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal behavior detection method for an unknown industrial communication protocol specification. The abnormal behavior detection method is divided into an online self-learning stage and a real-time detection stage, wherein the online self-learning stage mainly completes the analysis and feature extraction of network original network communication data, forms an event sequence, takes the event sequence as the input of a hidden Markov model to train the model, and finally obtains the optimized hidden Markov model and a behavior probability threshold through iteration; and the real-time detection stage uses the optimized hidden Markov model to perform behavior probability calculation on the event sequence which is processed in real time, and completes the abnormal detection of an industrial communication behavior by comparing the behavior probability with the behavior probability threshold. The abnormal behavior detection method for the unknown industrial communication protocol specification provided by the invention can detect the legitimacy of an industrial communication data stream using the unknown industrial communication protocol specification, and detect the abnormal industrial communication behavior and give an alarm in real time, so as to guarantee the network communication security of an industrial control system.

Description

technical field [0001] The invention relates to the technical field of industrial control system network security, and more specifically relates to an abnormal behavior detection method for unknown industrial communication protocols. Background technique [0002] With the development of modern communication, computing, network and control technology, and the continuous development of the application field of information technology, the integration of industrialization and informatization has become an inevitable trend of development. As a symbolic product, the networked industrial control system has been highly valued by the state and has become one of the strategic plans for future national economic and social development. However, the development of networking and informatization has gradually broken the original inherent closedness of industrial control systems, and the subsequent information security issues have also been increasingly exposed, showing an intensifying tre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 万明尚文利赵剑明曾鹏于海斌
Owner SHENYANG INST OF AUTOMATION - CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com