Unlock instant, AI-driven research and patent intelligence for your innovation.

A svm-based IEC60870-5-104 abnormal traffic detection method

A technology of abnormal traffic and detection method, which is applied in transmission systems, electrical components, etc., and can solve problems such as inability to prevent attacks and inability to identify firewalls

Active Publication Date: 2020-12-01
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the data packets of spoofing attacks conform to the IEC60870-5-104 protocol rules, but traditional firewalls cannot recognize them, so they cannot prevent such attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A svm-based IEC60870-5-104 abnormal traffic detection method
  • A svm-based IEC60870-5-104 abnormal traffic detection method
  • A svm-based IEC60870-5-104 abnormal traffic detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0020] In order to better illustrate the technical solution of the present invention, a brief introduction to the IEC60870-5-104 protocol is firstly made. The application protocol data unit (APDU) of the IEC60870-5-104 protocol is composed of the application protocol control information (APCI) and the application service data unit (ASDU). APCI mainly defines the start and end of ASDU, which consists of start character (68H), length, and control field. The control field defines the control information to protect the message from loss and repeated transmission, the start and stop of message transmission, and the monitoring of transmission links. According to the different control fields, the message structure of IEC60870-5-104 is divided into three different formats, namely I format (Information Transmit Format), S format (Numbered supervisory Functions), and U format (Unnumbered Control Format). Only I-format messages can be used to transmit ASDUs. figure 1 It is the structur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a SVM-based IEC60870-5-104 abnormal traffic detection method. First, according to actual needs, a representative transmission cause that can characterize the characteristics of the IEC60870-5-104 protocol is selected, and then several Group the data packets of normal flow and abnormal flow, filter to obtain I format data packets, extract the transmission reason of each group of data packets from it, divide the transmission reason sequence of each group of data packets into transmission reason short sequences according to the preset interval time, and then The frequency vector corresponding to the short sequence of each transmission reason is obtained according to the statistics of the representative transmission reasons, and the frequency vector is used as the feature input, and the SVM classifier is obtained by training according to whether the data packet belongs to the normal traffic label as the expected output, and abnormal traffic detection is required. When , extract the sending cause sequence within the interval time, and get the frequency vector by statistics, and input it into the SVM classifier to get the detection result. Based on the important protocol feature of the transmission reason, the present invention effectively realizes the abnormal flow detection of IEC60870-5-104.

Description

technical field [0001] The invention belongs to the technical field of power network information security, and more specifically relates to an SVM-based IEC60870-5-104 abnormal flow detection method. Background technique [0002] IEC60870-5-104 is a communication protocol suitable for power energy management systems. It has the advantages of large communication data, easy upgrades, good real-time performance, and high reliability. The energy management system connects telecontrol terminals ( The power monitoring data collected by RTU, Remote Terminal Unit) is sent to the dispatch center. Therefore, the IEC60870-5-104 protocol is an important part of the power energy management system and plays an important role in the stable operation of the power energy management system. [0003] However, when the IEC60870-5-104 protocol was formulated, the transmission data was sent in clear text, and its message structure and data format were open. Without sufficient security measures, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L69/26
Inventor 何建郭娅雯辛晓帅邹见效徐红兵
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA