Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model

A technology of intrusion detection and intrusion detection system, which is applied in the field of security, can solve problems such as inability to perform timing detection, difficulty in intrusion behavior, and high false alarm rate, and achieve the effects of improving timing detection capabilities, high use value, and high detection efficiency

Active Publication Date: 2020-01-03
BEIJING UNIV OF TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, different network structures have their own advantages and disadvantages when used alone in industrial control intrusion detection. The traditional detection method based on convolutional neural networks (CNN) has strong feature learning ability, but cannot perform timing detection. Many intrusion Behaviors are difficult to detect; traditional intrusion detection methods based on long-short-term memory (LSTM) networks, although they can take advantage of the timing relationship between network packets, rely heavily on feature extraction methods and have poor performance when dealing with long-sequence tasks , a higher false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model
  • Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model
  • Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be described in detail below in conjunction with specific embodiments shown in the accompanying drawings.

[0025] figure 1 It is an industrial control intrusion detection method diagram based on the multi-classification GoogLeNet-LSTM model, including:

[0026]The data acquisition module uses the SCADA system to capture industrial control data. The collected data includes not only the system status data obtained by reading the sensor, but also the control data from the host. The collected data is divided into two types: training data and test data. The collected network packets carrying data and the network packets not carrying data used as requests and confirmations are stored in the cache sequence for subsequent intrusion detection, information addition and network packet storage.

[0027] The network packet classification module judges the category and function of the network packet according to the key field values ​​in the network pack...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control intrusion detection method based on a multi-classification GoogLeNet-LSTM model. The industrial control intrusion detection method comprises the steps: firstly carrying out the classification of network packages for an industrial control communication process employing a Modbus protocol; then, detecting the network packets without information by usinga feature template comparison method; for a network packet carrying information, constructing a time sequence detection sequence by using original network packets, carrying out one-hot coding on eachnetwork packet, carrying out feature extraction by using GoogLeNet, and inputting an obtained feature vector sequence into an LSTM network based on an attention mechanism to carry out time sequence detection to obtain a detection result; and designing a detection result multi-classification method, and outputting specific intrusion categories by using two detection methods. The industrial controlintrusion detection method has universality, and has the characteristics of high detection precision and strong real-time performance for different types of invasion.

Description

technical field [0001] The invention is applied to the security field in the industrial control system, and particularly relates to an industrial control intrusion detection method aimed at the communication process using the Modbus protocol. Background technique [0002] The industrial control system (Industrial Control System, ICS) is composed of various automatic control components and process control components for real-time data collection and monitoring, and realizes functions such as data collection and processing, monitoring, remote communication and maintenance. With the development of the industrial level and the advancement of informatization, industrial control components are characterized by wide distribution and large quantities. In order to achieve stable communication and centralized management among components, ICS uses more and more public software and communication protocols, which exposes a large number of security holes in the system and faces more and m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06K9/62G06N3/04G06N3/08H04L12/40
CPCH04L63/1416H04L63/1425G06N3/08H04L12/40H04L2012/40228G06N3/047G06N3/044G06N3/045G06F18/2415G06F18/241
Inventor 赖英旭褚安康刘静
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com