Limited known industrial communication protocol abnormal behavior detection method based on feature association

A feature correlation, industrial communication technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as security rule errors, real-time operation effects and limitations of industrial control systems, and achieve the effect of ensuring network security.

Active Publication Date: 2018-11-02
辽宁工控科技有限公司
View PDF8 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First of all, in terms of protection, the typical protection technology is industrial firewall technology. Although it realizes communication access control and network isolation, it also has shortcomings: (1) The rule setting of the white list is done manually. If there is a deviation, It will lead to errors in security rules; (2) As a kind of network security middleware,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Limited known industrial communication protocol abnormal behavior detection method based on feature association
  • Limited known industrial communication protocol abnormal behavior detection method based on feature association
  • Limited known industrial communication protocol abnormal behavior detection method based on feature association

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0039] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0040] The method of the invention belongs to the category of industrial control system information security. figure 1 It shows a schematic diagram of an application deployment embodiment of the method of the present invention in a petrochemical liquid level control system network. As a third-party monitoring method, this method can be deployed on the mirror port of an industrial switch to capture the communication data between workstatio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a limited known industrial communication protocol abnormal behavior detection method based on feature association. For a feature that a message format of a limited known industrial communication protocol has a known part and an unknown part, through association of the two parts of information, abnormality detection is carried out on communication behaviors of the limited known industrial communication protocol. The method specifically comprises a decision tree establishment phase and an abnormality judgment phase. In the decision tree establishment phase, feature extraction is carried out on original communication data in a control system, known features and unknown features are bound through feature association identities, a feature association decision tree is established, and a mass center and a distance threshold of an unknown feature space are obtained. In the abnormality judgment phase, decision tree searching and mahalanobis distance calculation are carried out on data preprocessed feature information, and through comparison with the distance threshold, the abnormality detection is carried out on limited known protocol communication behaviors. According to the method, analysis, modeling and detection can be carried out on industrial control communication data, this kind of industrial communication behavior abnormalities can be discovered in real time, alarm is generated, and network security is ensured.

Description

technical field [0001] The invention relates to the technical field of industrial control system network security, and more specifically relates to a method for detecting abnormal behaviors of limited-knowledge industrial communication protocols based on feature association. Background technique [0002] At this stage, industrial control systems have been widely used in many modern industrial industries such as electric power, metallurgy, rail transit, petrochemical, nuclear facilities, etc. According to statistics, more than 80% of the key infrastructure related to the national economy and people's livelihood rely on industrial control systems to realize automatic operations . With the deep integration of informatization and industrialization and the rapid development of the Internet of Things, the degree of interconnection and interoperability of industrial control systems is getting higher and higher, and its security is also facing severe challenges. In recent years, va...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L41/0636H04L43/18H04L63/1416
Inventor 万明景源李鹏尹凤杰
Owner 辽宁工控科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap