Unlock instant, AI-driven research and patent intelligence for your innovation.

Intrusion detection method and device for industrial control system

An industrial control system and intrusion detection technology, applied in general control systems, control/regulation systems, program control, etc., can solve problems such as poor intrusion detection effects and inapplicability of intrusion detection mechanisms.

Inactive Publication Date: 2019-08-06
GUANGDONG UNIV OF TECH
View PDF10 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The existing intrusion detection for industrial control systems is often static, that is, the network status and connection relationship between the master station that issues control commands and the slave station that responds to control commands in industrial control systems is fixed, and with the development of Internet of Things technology , the industry is also moving towards automation, intelligence, and remoteness. The network framework of industrial control systems is gradually changing from fixed static to more flexible and dynamic. The traditional intrusion detection mechanism for static network frameworks cannot be applied to dynamic network frameworks. Therefore, the intrusion detection effect is not good

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method and device for industrial control system
  • Intrusion detection method and device for industrial control system
  • Intrusion detection method and device for industrial control system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] See figure 1 , figure 1 It is a flow chart of an intrusion detection method for an industrial control system provided in the embodiment of this application. It should be noted that the following steps in this embodiment are executed by the industrial control master station in the industrial control system, and include the following steps:

[0046] S101: Obtain the response data packet returned by the slave station in the actual running state and the request data packet corresponding to the response data packet;

[0047] The request data packet is the data packet sent by the industrial control master station to the corresponding industrial control slave station according to the control requirements, and the response data packet is the response made by the industrial control slave station receiving the request data packet in response to the control command in the request data packet. It should be noted that the response data packets and request data packets obtained in t...

Embodiment 2

[0070] See image 3 , image 3 A flow chart of a method for obtaining intrusion training samples according to intrusion characteristic parameters provided by the embodiment of the present application. On the basis of the first embodiment proposing to obtain as many intrusion training samples as possible through incremental processing, this embodiment gives An implementation scheme is proposed, including the following steps:

[0071] S301: Expressing the intrusion feature parameters as intrusion feature vectors, and obtaining true intrusion feature points according to the intrusion feature vectors;

[0072] The reason why it is called a real intrusion feature point is to distinguish it from the false intrusion feature point obtained by subsequent incremental processing. Among them, the real intrusion feature points are obtained by processing the intrusion feature parameters collected when the industrial control system is known to be in an intruded state, and are real, effecti...

Embodiment 3

[0078] See Figure 4 , Figure 4 A flow chart of a method for obtaining pseudo-intrusion feature points provided in the embodiment of the present application. On the basis of Embodiment 2, this embodiment specifically provides a preferred method for obtaining pseudo-intrusion feature points, including the following steps:

[0079] S401: Obtain the artificial intrusion feature points obtained when the artificially controlled industrial control system is in a preset intrusion state;

[0080] This step is the slightly complicated incremental processing method mentioned in the second embodiment, but the obtained feature points are not directly used as pseudo-intrusion feature points, but are used as a precursor to obtain pseudo-intrusion feature points. In order to obtain more suitable pseudo-intrusion feature points that are closer to the actual situation.

[0081] S402: Make a connection between each real intrusion feature point and its nearest artificial intrusion feature poi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion detection method of an industrial control system. On the basis of the prior art, TTL (Time To Live) values extracted from a response data packet and a corresponding request data packet are additionally added into characteristic parameters used for judging whether an intrusion phenomenon exists; since TTL can be changed when the data packets are forwarded between switches in a data network, the normal transmission direction of the data packets in the whole data network can be influenced once the data packets are tampered or otherwise operated due to intrusion, and the TTL values of the data packets are different from the TTL values of the data packets under a condition that intrusion does not occur; and therefore, with detection based on the characteristic parameters containing the TTL values adopted, a traditional intrusion detection scheme which can only be applied to a static network framework can be expanded to the application scene of a dynamicnetwork framework, and the application range of the traditional intrusion detection scheme can be wider. The invention further discloses an intrusion detection device of the industrial control system.The intrusion detection device has the same advantages with the intrusion detection method.

Description

technical field [0001] The present application relates to the technical field of intrusion detection, in particular to an intrusion detection method and device for an industrial control system. Background technique [0002] Data acquisition and monitoring system (Supervisory Control And Data Acquisition, SCADA) is an important component of the industrial control system, whether it is in a safe operating state is very important to the industrial control system. Because it contains a lot of important data, it often encounters intrusion attacks by criminals with the intention of stealing data or tampering with data, so it is very necessary to perform intrusion detection on it. [0003] The existing intrusion detection for industrial control systems is often static, that is, the network status and connection relationship between the master station that issues control commands and the slave station that responds to control commands in industrial control systems is fixed. , the i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G05B19/042
CPCG05B19/0423G05B2219/24215
Inventor 凌捷朱智燊蔡睿谢锐
Owner GUANGDONG UNIV OF TECH