Method and system for detecting S7 protocol abnormal communication behaviors based on PSO-SVM

A PSO-SVM, protocol technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as low recognition rate, inability to detect abnormal communication behavior, and no consideration of correlation

Active Publication Date: 2019-12-20
HUNAN UNIV
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above defects or improvement needs of the prior art, the present invention provides a method and system for detecting abnormal communication behaviors of the S7 protocol based on PSO-SVM. The detection of abnormal communication behavior of the S7 protocol in the middle, and the technical problem of low recognition rate caused by not considering the correlation between multiple data packets in the same connection (Connection)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting S7 protocol abnormal communication behaviors based on PSO-SVM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0047] The present invention analyzes the S7 protocol, selects the function code sequence as the research object, fully embodies the correlation between multiple data packets, and aims at the characteristics of limited functions and limited states in the industrial control network, using the PSO-SVM algorithm to respectively Modeling of normal communication behavior and abnormal communication be...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for detecting S7 protocol abnormal communication behaviors based on PSO-SVM. The method comprises the steps of obtaining connection from an industrial control network,the connection comprising a plurality of S7 protocol communication data packets; analyzing each S7 protocol communication data packet to obtain a function code or a sub-function code corresponding tothe S7 protocol communication data packet; and forming a function code sequence corresponding to each connection by a plurality of function codes and sub-function codes corresponding to all S7 protocol communication data packets included in each connection, and inputting the function code sequence corresponding to the connection into the trained S7 protocol anomaly detection model to obtain a detection result of the connection. According to the method, the technical problems that in an existing abnormal communication behavior recognition method, the S7 protocol abnormal communication behaviorin the industrial control network cannot be detected, and the recognition rate is low due to the fact that the relevance among the multiple data packets in the same connection is not considered can be solved.

Description

technical field [0001] The invention belongs to the field of industrial control network information security, and more specifically relates to a method and system for detecting abnormal communication behaviors of S7 protocol based on PSO-SVM. Background technique [0002] Industrial control networks usually use proprietary protocols for communication. These protocols often only consider functional requirements at the beginning of design, and security is guaranteed through physical isolation. However, with the rapid advancement of industrial informatization, the closed nature of industrial control networks has been broken. Inevitably, more and more industrial control networks are connected to public networks such as the Internet, which also makes industrial control networks The security problems of China have become more and more obvious. Since the 21st century, many nuclear power plants and power systems in many countries around the world have suffered from highly destructiv...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/18H04L63/1425H04L69/22
Inventor 李肯立边祥迪周旭阳王东杨志邦刘楚波李克勤张尧学
Owner HUNAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap