Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A network intrusion detection method for industrial control system based on improved suricata engine

A network intrusion detection and industrial control system technology, applied in the field of network security, can solve the problems that cannot meet the real-time transmission requirements of industrial control system network data, can not reduce the hardware system CPU usage, detection speed and memory consumption defects, etc., to speed up Matching processing speed, meeting real-time detection requirements, and avoiding the effect of decision-making lag

Active Publication Date: 2022-05-20
HEBEI UNIV OF TECH
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its disadvantages are: the libpcap and DPDK packet capture framework used cannot reduce the CPU usage of the hardware system, so the system loss is relatively large; at the same time, in the payload load identification analysis of the TCP message, it uses the DEC process To analyze the protocol data, the restoration library of this process is based on the traditional AC algorithm, which has great defects in detection speed and memory consumption, so it cannot meet the real-time transmission requirements of network data in industrial control systems
In addition, its application scenarios can be network traffic monitoring and spam identification, but there is a lack of protocol identification methods in industrial control systems, so there are great shortcomings in the application of industrial control systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network intrusion detection method for industrial control system based on improved suricata engine
  • A network intrusion detection method for industrial control system based on improved suricata engine
  • A network intrusion detection method for industrial control system based on improved suricata engine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] Specific examples of the present invention are given below. The specific embodiments are only used to further describe the present invention in detail, and do not limit the protection scope of the claims of the present application.

[0025] The present invention provides a kind of industrial control system network intrusion detection method based on improved Suricata engine (method for short, refer to figure 1 ), characterized in that the method comprises the following steps:

[0026] Step 1. Establish an attack mathematical model for the network attacks that can be carried out in the network environment of the industrial control system;

[0027] Preferably, in step 1, the network attack includes a tampering attack, a replay attack, an injection attack and a denial of service attack; use Attack(pl(i)) to describe the means of the network attack uniformly:

[0028]

[0029] In formula (1), pl(i) is the message at time i, sender represents the sender of the message i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control system network intrusion detection method based on an improved Suricata engine. The method is to first establish an attack mathematical model, then construct network attack data packets and filter them, then formulate intrusion detection rules, and then perform regular decomposition on the regular expressions of the intrusion detection rules. By improving the Suricata engine, the decomposed pattern string The storage structure of the industrial control system is reconstructed, and the check hash table is obtained and sent to the matching process; then the network communication traffic of the industrial control system is captured, decoded and hashed by improving the Suricata engine, and the hash operation result is passed to the matching process. During the process, the matching process will send the verification hash table and the hash operation result to multiple threads, improve the HashTries algorithm for matching, and finally output the detection result. The invention combines the improved HashTries algorithm with the intrusion detection engine Suricata to obtain the improved Suricata engine, which not only saves space resources, but also speeds up the matching processing speed of hardware and greatly reduces the system loss.

Description

technical field [0001] The invention relates to the field of network security, in particular to an industrial control system network intrusion detection method based on an improved Suricata engine. Background technique [0002] With the development of network informatization, the amount of information pouring into the network has increased significantly, which has brought great security risks to the security of the network management system, and the industrial control system is crucial to the country's key infrastructure. In the background, timely and effective detection of network intrusions of industrial control systems is the key to ensuring the network security of industrial control systems. Unlike passive anti-virus software, intrusion detection in network management systems is the Pre-set templates are matched and compared to complete the detection of unsafe information. Since all network access information needs to be checked, it takes a long time, consumes a lot of r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/12G06F17/10
CPCH04L63/0263H04L63/1416H04L67/12G06F17/10
Inventor 杜世泽周颖张磊王嘉旭诸葛琳娜
Owner HEBEI UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com