Exception detection feature construction method, module, storage medium, device and system

A technology of anomaly detection and construction method, which is applied in transmission systems, digital transmission systems, error detection of redundant codes, etc., and can solve problems such as inability to deal with complex man-in-the-middle attacks

Active Publication Date: 2021-04-20
工业信息安全(四川)创新中心有限公司
View PDF15 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional Modbus anomaly detection model usually expresses the control behavior characteristics by constructing n-gram sequence of function codes, and statistical characteristics such as the duration and time interval of the current session flow, and cannot cope with complex man-in-the-middle attacks (such as replay attacks, unchanged Detection of Complex Response Injection Attack of Function Code

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Exception detection feature construction method, module, storage medium, device and system
  • Exception detection feature construction method, module, storage medium, device and system
  • Exception detection feature construction method, module, storage medium, device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] All features disclosed in all embodiments in this specification, or steps in all implicitly disclosed methods or processes, except for mutually exclusive features and / or steps, can be combined and / or extended and replaced in any way.

[0066] Such as Figure 1~5 As shown, a construction method of anomaly detection features includes the following steps:

[0067] S1, extract the traffic data of the sliding time window, and aggregate the traffic with the lower computer / slave as the source address in each sliding time window;

[0068] S2, within the current sliding time window, extract the current data flow time t for each slave / slave as the source address 0 The first n pieces of traffic data are constructed with n-gram communication behavior features, n is a positive real number greater than 2, and the constructed n-gram communication behavior features are combined with the detection algorithm model to construct and adjust the abnormality detection features.

[0069] Fur...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an exception detection feature construction method, module, storage medium, device and system, and the method comprises the following steps: S1, extracting the flow data of a sliding time window, and aggregating the flow taking a lower computer/slave computer as a source address in each sliding time window; and S2, in the current sliding time window, for each lower computer/slave computer serving as a source address, extracting the first n pieces of flow data of the current data flow time t0 to perform n-gram communication behavior feature construction, wherein n is a positive real number larger than 2, and the constructed n-gram communication behavior features are combined with a detection algorithm model to construct and adjust anomaly detection features and the like. The method is suitable for characterization of communication behaviors of different industrial control scenes, solves the problem that only a very small number of abnormal communication samples cannot be obtained or can be obtained in a real scene, can detect complex man-in-the-middle attacks, enhances the detection effect, improves the detection precision and the like.

Description

technical field [0001] The present invention relates to the field of industrial network security, and more specifically, to a construction method, module, storage medium, equipment and system of anomaly detection features. Background technique [0002] Among industrial control systems (ICS), the ones that contain the most vulnerabilities are human-machine interfaces, electronic devices, and SCADA systems. Due to the lack of security of SCADA systems and their increasing connectivity to the Internet, they are vulnerable to internal and external cyber-attacks. [0003] Compared with the data in the IT network, the control process in the SCADA system has regularity, and this regularity is also reflected in the underlying network data. Therefore, the network data of the industrial control system has the characteristics of limited state and limited behavior. The main detection methods can be divided into misuse detection and anomaly detection. [0004] Misuse detection is to es...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/40G06F21/55G06F11/10G06K9/62
Inventor 郭晓玲李杰张鑫徐砚刘朝羽
Owner 工业信息安全(四川)创新中心有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap