Industrial control system communication network anomaly classification method based on statistical learning and deep learning

A technology for industrial control systems and communication networks, which is applied in abnormal detection of industrial control system networks, and in the field of abnormal classification of industrial control system communication traffic based on statistical learning and deep learning. high degree problem

Active Publication Date: 2021-01-08
ZHEJIANG UNIV
View PDF13 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to solve the problem of dynamic modeling and abnormal classification detection of ICS communication traffic collected in real time without prior knowledge, because the existing ICS abnormal event classification detection algorithm is too dependent on prior knowledge, and the classification accuracy is not high. A comprehensive analysis method was proposed due to the high complexity of the algorithm and the impossibility of actual deployment; the designed ICS network anomaly event classification algorithm model based on statistical learning and deep learning has guidance for the network security protection and anomaly detection of major national industrial infrastructures significance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control system communication network anomaly classification method based on statistical learning and deep learning
  • Industrial control system communication network anomaly classification method based on statistical learning and deep learning
  • Industrial control system communication network anomaly classification method based on statistical learning and deep learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The purpose and effects of the present invention will become more apparent by referring to the accompanying drawings in detail of the present invention. figure 1 It is an overall flow chart of the present invention.

[0025] figure 2 Build the renderings for the experimental test bench of the present invention. In the experiment, an ICS network test platform that fits the experimental environment was built based on the communication network traffic collected from a virtual and real ICS shooting range in Zhejiang University in the early stage. The platform is equipped with industrial PLC controllers, industrial Ethernet switches and industrial control hosts. Among them, the communication protocol of TCP / IP is adopted between the upper computer and the PLC. The industrial Modbus protocol is adopted between the PLC and the field device layer. The actual ICS communication network traffic is collected and stored, and the characteristics of the traffic are analyzed offli...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control system (ICS) communication network anomaly classification method based on statistical learning and deep learning. According to the invention, the method comprises the steps: designing LSTM deep learning structure parameters on the basis of the flow of a large-data-volume industrial control system communication network during normal operation, and performing modeling analysis; designing a correlation algorithm to analyze a numerical relationship between background traffic and real-time traffic by analyzing a real-time communication traffic data threshold generated based on a SARIMA online statistical learning model in the early stage; and carrying out specific classification on the ICS communication network anomaly according to an ICS network anomaly event classification algorithm. According to the invention, experimental analysis is carried out by using a target range test board combining industrial control safety virtuality and reality inZhejiang Province; meanwhile, a physical simulation platform is built in a laboratory environment to carry out a verification experiment, and detailed examples are given to verify the reliability andaccuracy of the algorithm.

Description

technical field [0001] The invention relates to anomaly detection of an industrial control system network, in particular to a method for classifying abnormal communication traffic of an industrial control system based on statistical learning and deep learning, and belongs to the field of industrial information security detection. Background technique [0002] Key infrastructure such as energy, refining and transportation is the nerve center for the stable operation of the country, and it is the top priority of my country's network security. With the advancement of automation, interconnection, and intelligent construction of large-scale national infrastructure (smart substations, intelligent chemical process industrial systems, and industrial distributed control systems), the issue of cyberspace security has become increasingly prominent. In recent years, a series of cyber-attacks against the country's critical infrastructure have caused enormous national economic losses and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/18G06K9/62G06N3/04G06N3/08
CPCH04L63/1408H04L63/1433H04L63/1441G06N3/08G06F17/18G06N3/044G06N3/045G06F18/24G06F18/254G05B23/0281H04L63/1425G05B23/0275
Inventor 杨强郝唯杰杨涛阮伟王文海
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap