Intrusion detection method, device and equipment for industrial control proprietary protocol

A proprietary protocol and intrusion detection technology, applied in electrical components, transmission systems, etc., can solve problems such as uncertainty, inability to detect intrusion detection of proprietary protocols in industrial control, difficulty in intrusion detection, etc., and achieve the effect of maintaining safe and stable operation

Active Publication Date: 2021-11-12
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

These industrial control proprietary protocols not only have the problem of undisclosed protocol specifications, but also have the problem of encrypted data transmission, which brings difficulty and uncertainty to intrusion detection, making the existing intrusion detection methods unable to detect such industrial control Proprietary protocol for effective intrusion detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method, device and equipment for industrial control proprietary protocol
  • Intrusion detection method, device and equipment for industrial control proprietary protocol
  • Intrusion detection method, device and equipment for industrial control proprietary protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] figure 1 A flow chart of an intrusion detection method for an industrial control proprietary protocol provided in the embodiment of this application; figure 2 It is a VNET / IP protocol architecture diagram; image 3 It is a schematic structural diagram of a distributed control system provided in the embodiment of this application.

[0049] Such as figure 1 As shown, the intrusion detection method of the industrial control proprietary protocol provided in the embodiment of the present application includes:

[0050]S101: Acquire in advance the original communication traffic transmitted by the industrial control system based on the industrial control proprietary protocol, and establish the first detection feature library based on the communication process parameters according to the communication traffic transmitted by the undisclosed protocol based on the industrial control proprietary protocol in the original communication traffic, and according to the original In the...

Embodiment 2

[0066] Since each automation manufacturer adopts the tag list (taglist) method to determine the communication process parameters in the process of formulating the industrial control proprietary protocol, and then writes the industrial control proprietary protocol. Then, on the basis of the above-mentioned embodiments, in the intrusion detection method of the industrial control proprietary protocol provided by the embodiment of the present application, the first detection feature library is specifically: the number of bytes and the time dimension of the bit number list used by the communication process parameters A tag list feature library composed of two-dimensional normal distribution data.

[0067] Since most factories have multiple operator stations to perform different process operations, for example, a thermal power plant includes operations of units 1 to N, auxiliary control operations (auxiliary control includes water supply system, coal supply system, ash system, wind s...

Embodiment 3

[0085] The protocol content of the VNET / IP protocol used in the Ethernet communication part is public. For this part, a second detection feature library can be established by referring to the intrusion detection method based on the protocol feature in the prior art. In addition, on the basis of the above-mentioned embodiments, in the intrusion detection method of the industrial control proprietary protocol provided in the embodiment of the present application, in step S101, the protocol-based The second detection feature library of features may specifically include: a third rule set of station type and protocol type, and a fourth rule set of inter-station access relationship and protocol type.

[0086] A maximum of 64 devices can communicate in a VNET / IP network, and each VNET / IP device has fixed hardware dialing addresses ranging from 1 to 64. In the scanning cycle of a distributed control system (usually 1 second or custom, the minimum 50ms) the real-time scheduling process ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection method, an intrusion detection device and intrusion detection equipment for an industrial control proprietary protocol, and a computer readable storage medium. A white environment baseline, namely a first detection feature library and a second detection feature library, for detection in combination with communication process parameters of an undisclosed protocol part and protocol features of a disclosed protocol part is established; according to the method, abnormal feature detection is performed on the to-be-detected traffic based on the first detection feature library and the second detection feature library, and when abnormal features violating the first detection feature library and/or the second detection feature library are detected, corresponding intrusion response actions are executed according to the detected abnormal features, so that intrusion behaviors can be identified timely and accurately, intrusion response is carried out, and safe and stable operation of the industrial control system is maintained.

Description

technical field [0001] The present application relates to the technical field of industrial control, in particular to an intrusion detection method, device, equipment and computer-readable storage medium of an industrial control proprietary protocol. Background technique [0002] Industrial control systems are widely used in critical infrastructure and are the brains of industry. The industrial control system mainly completes the collection of process parameters, the issuance of control instructions and the safety interlock protection function to realize the safety, stability and order of the industrial process. Once damaged, it will not only cause property losses, but also bring social damage. Repercussions are even national security concerns. Therefore, it is imminent to strengthen the information security of industrial control systems, and the country has also issued a series of laws and regulations to strengthen the information security protection and intrusion detectio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441H04L63/16H04L63/0236
Inventor 安成飞范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap