Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method for Abnormal Behavior Detection of Finite-knowledge Industrial Communication Protocols Based on Feature Association

A feature correlation, industrial communication technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve problems such as security rule errors, real-time operation effects and limitations of industrial control systems, and achieve the effect of ensuring network security.

Active Publication Date: 2021-04-13
沈阳邦粹科技有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First of all, in terms of protection, the typical protection technology is industrial firewall technology. Although it realizes communication access control and network isolation, it also has shortcomings: (1) The rule setting of the white list is done manually. If there is a deviation, It will lead to errors in security rules; (2) As a kind of network security middleware, it will have an impact on the real-time operation of industrial control systems
However, most of the above-mentioned anomaly detection technologies for industrial control systems are limited to the research of anomaly detection methods for known and unknown protocols, and rarely involve the research of anomaly detection for limited-knowledge industrial communication protocols.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method for Abnormal Behavior Detection of Finite-knowledge Industrial Communication Protocols Based on Feature Association
  • A Method for Abnormal Behavior Detection of Finite-knowledge Industrial Communication Protocols Based on Feature Association
  • A Method for Abnormal Behavior Detection of Finite-knowledge Industrial Communication Protocols Based on Feature Association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0040] The method of the invention belongs to the category of industrial control system information security. figure 1 A schematic diagram of an embodiment of the application and deployment of the method of the present invention in a petrochemical liquid level control system network is shown. As a third-party monitoring method, this method can be deployed on the mirror port of the industrial switch to capture the communication data between the workstation (suc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for detecting abnormal behaviors of limited-knowledge industrial communication protocols based on feature association. This method is oriented to the characteristics of known and unknown parts in the message format of limited-knowledge industrial communication protocols. Anomaly detection of communication behavior, specifically including the decision tree construction stage and the abnormal judgment stage, in which the decision tree construction mainly realizes the feature extraction of the original communication data in the control system, binds known features and unknown features through feature association identification, and constructs feature association The decision tree obtains the centroid and distance threshold of the unknown feature space; the anomaly judgment performs decision tree search and Mahalanobis distance calculation on the feature information after data preprocessing, and completes the abnormal detection of the communication behavior of the finite-knowledge protocol by comparing with the distance threshold. This method can analyze, model and detect industrial control communication data, find abnormal industrial communication behaviors in real time and generate alarms to ensure network security.

Description

technical field [0001] The invention relates to the technical field of industrial control system network security, and more specifically relates to a method for detecting abnormal behaviors of limited-knowledge industrial communication protocols based on feature association. Background technique [0002] At this stage, industrial control systems have been widely used in many modern industrial industries such as electric power, metallurgy, rail transit, petrochemical, nuclear facilities, etc. According to statistics, more than 80% of the key infrastructure related to the national economy and people's livelihood rely on industrial control systems to realize automatic operations . With the deep integration of informatization and industrialization and the rapid development of the Internet of Things, the degree of interconnection and interoperability of industrial control systems is getting higher and higher, and its security is also facing severe challenges. In recent years, va...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L41/0636H04L43/18H04L63/1416
Inventor 万明景源李鹏尹凤杰
Owner 沈阳邦粹科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com