Decentralized control system attack intrusion detection device and method thereof

Abstract

The invention relates to a decentralized control system attack intrusion detection device and a method thereof. The system comprises a data processing module connected with a decentralized control system network router, the data processing module is connected to a database module, and the database module is in bidirectional connection with an attack intrusion detection module. The data processing module obtains communication link data from the distributed control system network router and extracts attack symptom feature data from the communication link data; the attack intrusion detection module analyzes the attack symptom feature data according to a set attack intrusion confidence rule base to obtain an attack detection result; and the database module receives and stores the attack symptom feature data and the attack detection result. Compared with the prior art, the method has the advantages that the attack intrusion confidence rule base mutually mapped with different attack intrusion types is established, so that the attack intrusion can be reliably detected and early warned in real time, the detection efficiency and accuracy are ensured, and the operation safety of the distributed control system is effectively improved.

Description

technical field [0001] The invention relates to the technical field of security monitoring of industrial control systems, in particular to an attack and intrusion detection device and method for a distributed control system. Background technique [0002] The distributed control system is a new generation of instrument control system based on the microprocessor, which adopts the design principles of decentralized control functions, centralized display and operation, taking into account the design principles of division and autonomy and comprehensive coordination. The distributed control system is called DCS (Distributed Control System) for short. It adopts the basic design concept of decentralized control, centralized operation and management, and adopts a multi-layer hierarchical, cooperative and autonomous structure. Its main feature is its centralized management and decentralized control. At present, DCS has been widely used in various industries such as electric power, me...

AI Technical Summary

Problems solved by technology

[0003] As the distributed control system gradually uses open and generalized protocols, the network security threats and risks faced by the distributed control system are also increasing. Since the distributed control system directly controls the work of field equipment, once it is attacked and invaded, it will not only cause huge damage. Economic loss and possible danger to personal safety and the environment

Intrusion detection technology is one of the most important security precautions in the decentralized control system. It can detect known and unknown attacks and improve the ability to identify attacks and early warning. However, due to the real-time requirements of the decentralized control system and limited equipment resources, the current Some intrusion detection efficiency is low, its false negative rate and false positive rate are high

Images