Powerlink协议通讯的异常检测方法
|
摘要
为解决高效实时开源工业以太网协议Ethernet Powerlink面临的日益严峻的安全问题,提出一种基于Powerlink通讯协议的异常检测方法。针对Powerlink工控通讯网络的通信特点,通过对Powerlink工业控制通信网络的特殊性和安全性分析,以及可能遭受的恶意入侵行为的探索,提取可以表征通信行为的有效数据特征,建立SVDD异常检测分类模型,并通过改进的PSO算法对SVDD参数进行寻优,使检测精度进一步提高,优化异常检测模型。仿真结果表明,该方法能有效检测出异常的恶意攻击行为,提高工控通信网络的安全运行。
To deal with the increasingly serious security problem faced by the efficient and real-time Ethernet industrial protocol Ethernet Powerlink,an anomaly detection method based on Powerlink communication protocol was proposed.According to the particularity of Powerlink industrial control network,the security of Powerlink communication system was analyzed from the perspective of industrial safety,and the data flow characteristics were extracted from the communication network by revealing the abnormal attack behavior,a support vector data description(SVDD)anomaly detection algorithm model was built to identify abnormal network traffic.The improved particle swarm optimization(PSO)was used to optimize the model parameters,which further improved the detection accuracy.Experimental simulation and comparison with other algorithms show that the proposed method can detect abnormal malicious attacks effectively,and improve the safe operation of industrial communication network.
To deal with the increasingly serious security problem faced by the efficient and real-time Ethernet industrial protocol Ethernet Powerlink,an anomaly detection method based on Powerlink communication protocol was proposed.According to the particularity of Powerlink industrial control network,the security of Powerlink communication system was analyzed from the perspective of industrial safety,and the data flow characteristics were extracted from the communication network by revealing the abnormal attack behavior,a support vector data description(SVDD)anomaly detection algorithm model was built to identify abnormal network traffic.The improved particle swarm optimization(PSO)was used to optimize the model parameters,which further improved the detection accuracy.Experimental simulation and comparison with other algorithms show that the proposed method can detect abnormal malicious attacks effectively,and improve the safe operation of industrial communication network.
引文
[1]SHANG Wenli,ZHANG Shengshan, WAN Ming,et al.Modbus/TCP communication anomaly detection algorithm based on PSO-SVM[J].Acta Electronica Sinica,2014,42(11):2314-2320(in Chinese).[尚文利,张盛山,万明,等.基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报,2014,42(11):2314-2320.]
[2]LI Lin,SHANG Wenli,YAO Jun,et al.Overview of oneclass support vector machine in intrusion detection of industrial control system[J]. Application Research of Computers,2016,33(1):7-11(in Chinese).[李琳,尚文利,姚俊,等.单类支持向量机在工业控制系统入侵检测中的应用研究综述[J].计算机应用研究,2016,33(1):7-11.]
[3]Raman MRG,Somu N,Kirthivasan K,et al.An efficient intrusion detection system based on hypergraph-genetic algorithm for parameter optimization and feature selection in support vector machine[J]. Knowledge-Based Systems,2017,134:1-12.
[4]Erwinski K,Paprocki M,Grzesiak LM,et al.Application of ethernet powerlink for communication in a Linux RTAI open CNC system[J].IEEE Transactions on Industrial Electronics,2012,60(2):628-636.
[5]XU Guangxia.The robot system based on POWERLINK fieldbus[D].Jinan:Shandong University,2015(in Chinese).[徐广厦.基于POWERLINK总线的机器人控制系统研究[D].济南:山东大学,2015.]
[6]ZHU Tongwen.The design and implementation of multi-axis motion controller based on Ethernet PowerLink[D].Guangzhou:Guangdong University of Technology,2016(in Chinese).[朱同文.基于Ethernet PowerLink的多轴运动控制器的设计与实现[D].广州:广东工业大学,2016.]
[7]HUANG Yixin. Distributed clock synchronization method based on Ethernet POWERLINK and its application in control system[D].Hangzhou:Zhejiang University,2015(in Chinese).[黄益信.基于Ethernet POWERLINK的分布式时钟同步研究及其在控制系统中的应用[D].杭州:浙江大学,2015.]
[8]Ayoub S,Melek C,Denis GC.Performance analysis of Ethernet Powerlink protocol:Application to a new lift system generation[C]//Luxembourg:Emerging Technologies&Factory Automation,2015:1-6.
[9]WEI Haomin,WANG Wenhai.Architecture design of openSAFETY platform based on EPL[J].Computer Measurement&Control,2015,23(3):889-896(in Chinese).[魏昊旻,王文海.基于EPL的openSAFETY平台构架设计[J].计算机测量与控制,2015,23(3):889-896.]
[10]Knezic M,Dokic B,Ivanovic Z.Theoretical and experimental evaluation of Ethernet Powerlink PollResponse chaining mechanism[J].IEEE Transactions on Industrial Informatics,2016(99):1.
[11]ZHANG Yu.Research on anomaly detection based on Powerlink protocol analysis[D].Shenyang:Shenyang Ligong University,2018(in Chinese).[张瑜.基于Powerlink协议解析的异常检测方法研究[D].沈阳:沈阳理工大学,2018.]
[12]Hou T,Liu Y, Wang ke,et al.A new weighted SVDD algorithm for outlier detection[C]//Control&Decision Conference,2016:5456-5461.
[13]WANG Daoming,LU Changhua,JIANG Weiwei,et al.Study on PSO-based decision-tree SVM multi-class classification method[J].Journal of Electronic Measurement and Instrumentation,2015(4):611-615(in Chinese).[王道明,鲁昌华,蒋薇薇,等.基于粒子群算法的决策树SVM多分类方法研究[J].电子测量与仪器学报,2015(4):611-615.]
[14]Xu G,Yang YQ,Liu BB,et al.An efficient hybrid multiobjective particle swarm optimization with a multi-objective dichotomy line search[J].Journal of Computational&Applied Mathematics,2015,280(C):310-326.
[15]LIU Shengjian,LUO Lin,YANG Yan.A quickly adaptive particle swarm optimization algorithm[J].Software Guide,2017,16(9):42-45(in Chinese).[刘生建,罗林,杨艳.一种快速自适应粒子群算法[J].软件导刊,2017,16(9):42-45.]
[16]Jiang B, Wang N, Wang LP.Particle swarm optimization with age-group topology for multimodal functions and dataclustering[J].Communications in Nonlinear Science and Numerical Simulation,2013,18(11):3134-3145.
[17]Cabrerizo FJ, Herrera-Viedma E,Pedrycz W. A method based on PSO and granular computing of linguistic information to solve group decision making problems defined in heterogeneous contexts[J]. European Journal of Operational Research,2013,230(3):624-633.
[18]WAN Zhonghai,YE Shengjin,ZHENG Jiao.Application of particle swarm optimization with linear differential decline adaptive in operation optimization of hydropower station[J].Water Power,2017,43(9):85-88(in Chinese).[万忠海,叶生进,郑姣.线性微分递减自适应粒子群算法在水电站优化调度中的应用[J].水力发电,2017,43(9):85-88.]
[2]LI Lin,SHANG Wenli,YAO Jun,et al.Overview of oneclass support vector machine in intrusion detection of industrial control system[J]. Application Research of Computers,2016,33(1):7-11(in Chinese).[李琳,尚文利,姚俊,等.单类支持向量机在工业控制系统入侵检测中的应用研究综述[J].计算机应用研究,2016,33(1):7-11.]
[3]Raman MRG,Somu N,Kirthivasan K,et al.An efficient intrusion detection system based on hypergraph-genetic algorithm for parameter optimization and feature selection in support vector machine[J]. Knowledge-Based Systems,2017,134:1-12.
[4]Erwinski K,Paprocki M,Grzesiak LM,et al.Application of ethernet powerlink for communication in a Linux RTAI open CNC system[J].IEEE Transactions on Industrial Electronics,2012,60(2):628-636.
[5]XU Guangxia.The robot system based on POWERLINK fieldbus[D].Jinan:Shandong University,2015(in Chinese).[徐广厦.基于POWERLINK总线的机器人控制系统研究[D].济南:山东大学,2015.]
[6]ZHU Tongwen.The design and implementation of multi-axis motion controller based on Ethernet PowerLink[D].Guangzhou:Guangdong University of Technology,2016(in Chinese).[朱同文.基于Ethernet PowerLink的多轴运动控制器的设计与实现[D].广州:广东工业大学,2016.]
[7]HUANG Yixin. Distributed clock synchronization method based on Ethernet POWERLINK and its application in control system[D].Hangzhou:Zhejiang University,2015(in Chinese).[黄益信.基于Ethernet POWERLINK的分布式时钟同步研究及其在控制系统中的应用[D].杭州:浙江大学,2015.]
[8]Ayoub S,Melek C,Denis GC.Performance analysis of Ethernet Powerlink protocol:Application to a new lift system generation[C]//Luxembourg:Emerging Technologies&Factory Automation,2015:1-6.
[9]WEI Haomin,WANG Wenhai.Architecture design of openSAFETY platform based on EPL[J].Computer Measurement&Control,2015,23(3):889-896(in Chinese).[魏昊旻,王文海.基于EPL的openSAFETY平台构架设计[J].计算机测量与控制,2015,23(3):889-896.]
[10]Knezic M,Dokic B,Ivanovic Z.Theoretical and experimental evaluation of Ethernet Powerlink PollResponse chaining mechanism[J].IEEE Transactions on Industrial Informatics,2016(99):1.
[11]ZHANG Yu.Research on anomaly detection based on Powerlink protocol analysis[D].Shenyang:Shenyang Ligong University,2018(in Chinese).[张瑜.基于Powerlink协议解析的异常检测方法研究[D].沈阳:沈阳理工大学,2018.]
[12]Hou T,Liu Y, Wang ke,et al.A new weighted SVDD algorithm for outlier detection[C]//Control&Decision Conference,2016:5456-5461.
[13]WANG Daoming,LU Changhua,JIANG Weiwei,et al.Study on PSO-based decision-tree SVM multi-class classification method[J].Journal of Electronic Measurement and Instrumentation,2015(4):611-615(in Chinese).[王道明,鲁昌华,蒋薇薇,等.基于粒子群算法的决策树SVM多分类方法研究[J].电子测量与仪器学报,2015(4):611-615.]
[14]Xu G,Yang YQ,Liu BB,et al.An efficient hybrid multiobjective particle swarm optimization with a multi-objective dichotomy line search[J].Journal of Computational&Applied Mathematics,2015,280(C):310-326.
[15]LIU Shengjian,LUO Lin,YANG Yan.A quickly adaptive particle swarm optimization algorithm[J].Software Guide,2017,16(9):42-45(in Chinese).[刘生建,罗林,杨艳.一种快速自适应粒子群算法[J].软件导刊,2017,16(9):42-45.]
[16]Jiang B, Wang N, Wang LP.Particle swarm optimization with age-group topology for multimodal functions and dataclustering[J].Communications in Nonlinear Science and Numerical Simulation,2013,18(11):3134-3145.
[17]Cabrerizo FJ, Herrera-Viedma E,Pedrycz W. A method based on PSO and granular computing of linguistic information to solve group decision making problems defined in heterogeneous contexts[J]. European Journal of Operational Research,2013,230(3):624-633.
[18]WAN Zhonghai,YE Shengjin,ZHENG Jiao.Application of particle swarm optimization with linear differential decline adaptive in operation optimization of hydropower station[J].Water Power,2017,43(9):85-88(in Chinese).[万忠海,叶生进,郑姣.线性微分递减自适应粒子群算法在水电站优化调度中的应用[J].水力发电,2017,43(9):85-88.]