Supercharge Your Innovation With Domain-Expert AI Agents!

A machine learning-based industrial control behavior detection method and system

A technology of machine learning and detection methods, applied in machine learning, transmission systems, instruments, etc., can solve the problems of difficulty and low efficiency of automatic identification of abnormal industrial control behaviors, reduce manual configuration work, improve work efficiency, and improve ease of use. sexual effect

Active Publication Date: 2021-04-23
JIANGSU BOZHI SOFTWARE TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The invention provides a machine learning-based industrial control behavior detection method and system, which can solve the existing problems of difficulty and low efficiency in automatically identifying abnormal industrial control behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A machine learning-based industrial control behavior detection method and system
  • A machine learning-based industrial control behavior detection method and system
  • A machine learning-based industrial control behavior detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] 下面结合实施例详述本发明,但本发明并不局限于这些实施例。

[0022] 本发明实施例提供了一种基于机器学习的工控行为检测方法,如 figure 1 所示,所述检测方法包括以下步骤。

[0023] 步骤101、对工控协议通讯行为样本进行解析,提取协议样本。

[0024] 具体的,可以对工控协议通讯行为样本中的工控协议通讯报文进行深度解析以及识别,提取出源IP、目地IP、协议名称、协议控制命令、协议控制点位、协议控制值作为一条协议指令规则数据样本,即协议样本。

[0025] 步骤102、将协议样本输入机器学习模块中进行训练,确定通讯正常库和通讯异常库。

[0026] 其中,通讯正常库即为工控协议白名单规则库;通讯异常库即为工控协议黑名单规则库。

[0027] 步骤103、对实时工控协议通讯行为进行解析,提取实时协议数据。

[0028] 具体的,可以实时抓取工业环境中的工控协议通讯报文,对实时抓取的工控协议通讯报文进行深度解析以及识别,提取出源IP、目地IP、协议名称、协议控制命令、协议控制点位、协议控制值作为一条实时协议指令规则数据,即实时协议数据。

[0029] 步骤104、若实时协议数据与通讯正常库中的数据匹配,则判定实时工控协议通讯行为正常;若实时协议数据与通讯异常库中的数据匹配,则判定实时工控协议通讯行为异常。

[0030] 本发明提供的基于机器学习的工控行为检测方法,能够自动生成工控异常行为协议指令检测规则,根据协议指令检测规则对工控行为进行探测,识别出异常工控行为。该方法为工控网络协议审计提供自动生成协议指令级规则,不需人工配置协议指令级规则,达到协议指令级规则的精准性以及自动化配置特征,大幅度降低人工配置工作,提升工作效率,使得审计系统达到更高的易用性。

[0031] 进一步的,工控协议通讯行为样本包括第一行为样本和第二行为样本;对工控协议通讯行为样本进行解析,提取协议样本,具体为:对第一行为样本进行解析,提取第一协议样本;对第二行为样本进行解析,提取第二协议样本。

[0032] 相应的,将协议样本输入机器学习模块中进行训练,确定通讯正常库和通讯异常库,具体包括如下步骤。

[0033] 1)将第一协议样本输入机器学习模块中进行训练,确定通讯正常库;具体的,将第...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a machine learning-based industrial control behavior detection method and system, which belong to the technical field of industrial control network security and can solve the existing problems of difficulty and low efficiency in automatically identifying abnormal industrial control behaviors. The detection method includes: analyzing the communication behavior samples of the industrial control protocol, extracting the protocol samples; inputting the protocol samples into the machine learning module for training, and determining the normal communication library and the abnormal communication library; analyzing the communication behavior of the real-time industrial control protocol, extracting the real-time Protocol data; if the real-time protocol data matches the data in the normal communication database, it is determined that the communication behavior of the real-time industrial control protocol is normal; if the real-time protocol data matches the data in the abnormal communication database, it is determined that the communication behavior of the real-time industrial control protocol is abnormal. The invention is used for abnormal detection of industrial control behavior.

Description

technical field [0001] 本发明涉及一种基于机器学习的工控行为检测方法和系统,属于工控网络安全技术领域。 Background technique [0002] 随着工业控制网络和互联网络不断的融合,工业控制系统正朝着数字化、网络化、智能化的方向发展,越来越多的工控系统及相关设备与外部公共网络连接,工业互连已成为不可避免的趋势,高度网络化、开放协议和通用组件互联,带来了更多的攻击路径和攻击方式,网络空间的安全问题直接延伸到工业控制系统中,工控系统面临更加复杂的信息安全威胁,自动识别异常工控行为成为了亟待解决的问题。 [0003] 传统审计系统需要人工对协议进行检测规则配置,系统获取流量数据,并解析工控行为报文,根据检测规则判断该工控行为是否为异常操作行为。检测规则配置,需要运维人员对协议以及业务非常了解,随着工控设备使用协议越来越多,协议指令也越来越复杂,人工配置协议检测规则难度变大,且配置过程中容易配置错误;并且现有机器学习不完善,只能学习到行为,不能对协议操作指令检测规则进行自动化分类配置,需要人为配置;这些都会导致自动识别异常工控行为的难度较大,效率较低。 Contents of the invention [0004] 本发明提供了一种基于机器学习的工控行为检测方法和系统,能够解决现有自动识别异常工控行为的难度较大,效率较低的问题。 [0005] 一方面,本发明提供了一种基于机器学习的工控行为检测方法,所述检测方法包括:对工控协议通讯行为样本进行解析,提取协议样本;将所述协议样本输入机器学习模块中进行训练,确定通讯正常库和通讯异常库;对实时工控协议通讯行为进行解析,提取实时协议数据;若所述实时协议数据与所述通讯正常库中的数据匹配,则判定所述实时工控协议通讯行为正常;若所述实时协议数据与所述通讯异常库中的数据匹配,则判定所述实时工控协议通讯行为异常。 [0006] 可选的,所述工控协议通讯行为样本包括第一行为样本和第二行为样本;所述对工控协议通讯行为样本进行解析,提取协议样本,具体为:对所述第一行为样本进行解析,提取第一协议样本;对所述第二行为样本进行解析,提取第二协议样本;相应的,将所述协议样本输入机器学习模块中进行训练,确定通讯正常库和通讯异常库,具体为:将所述第一协议样本输入机器学习模...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06N20/00
CPCG06N20/00H04L63/1416H04L63/1425
Inventor 傅涛郑建平郑轶王力邓勇
Owner JIANGSU BOZHI SOFTWARE TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com