工业控制系统未知协议特征提取及异常流量检测
|
摘要
工业控制场景为了满足自动化和机械化生产的需求,往往具有高度的周期性,因此工业控制系统的流量也具有周期性的特点,同时为了保证生产安全,工业协议基本都是私有协议。针对工业控制系统的流量研究,可以从周期特性入手,利用自然语言分析的方法,结合统计学规律与关联规则算法,提取出工业控制系统数据流中未知协议的流量特征,建立有限状态机模型,通过西门子工控实验仿真平台验证流量检测模型的有效性。
In order to meet the needs of automation and mechanized production, industrial control scenarios often have a high degree of periodicity.Therefore, the flow of industrial control systems is also cyclical. At the same time, in order to ensure production safety, industrial protocols are basically proprietary protocols. For the traffic research of industrial control system, we can start from the cycle characteristics, use natu?ral language analysis method, combine statistical rules and association rules algorithm, extract the traffic characteristics of unknown proto?cols in the data flow of industrial control system, and establish a finite state machine model. Finally, the effectiveness of the flow detection model was verified by the Siemens industrial control simulation platform.
In order to meet the needs of automation and mechanized production, industrial control scenarios often have a high degree of periodicity.Therefore, the flow of industrial control systems is also cyclical. At the same time, in order to ensure production safety, industrial protocols are basically proprietary protocols. For the traffic research of industrial control system, we can start from the cycle characteristics, use natu?ral language analysis method, combine statistical rules and association rules algorithm, extract the traffic characteristics of unknown proto?cols in the data flow of industrial control system, and establish a finite state machine model. Finally, the effectiveness of the flow detection model was verified by the Siemens industrial control simulation platform.
引文
[1]尚文利,安攀峰,万明,赵剑明,曾鹏.工业控制系统入侵检测技术的研究及发展综述[J].计算机应用研究,2017,34(02):328-333+342.
[2]张凤登,谢力,应启戛.噪声环境中采用探询机制的局域网性能分析[J].通信学报,2002,23(6):7-13.
[3]Barbosa R,Pras A. Intrusion Detection in SCADA Networks[C]. The 4th International Conference on Autonomous Infrastructure,Manage-ment and Security,2010:163-166.
[4]Pleijsier E. Towards Anomaly Detection in SCADA Networks Using Connection Patterns[C]. 18th Twenty Student Conference on IT,2013.
[5]Goldenberg N,Wool A. Accurate Modeling of Modbus/TCP for Intrusion Detection in SCADA systems[J]. International Journal of CriticalInfrastructure Protection,2013.
[6]Kleinmann A,Wool A. A State Chart-Based Anomaly Detection Model for Multi-Threaded SCADA Systems[C]. International Conferenceon Critical Information Infrastructures Security. Springer International Publishing,2015.
[7]贾涛.西门子S7-200以太网通讯协议研究[J].电子技术与软件工程,2014(24):30-32.
[8]彭勇,向憧,张淼,陈冬青,高海辉,谢丰,戴忠华.工业控制系统场景指纹及异常检测[J].清华大学学报(自然科学版),2016,56(01):14-21.
[9]余小军,刘峰,张春.基于N-Gram文本特征提取的改进算法[J].现代计算机(专业版),2012(34):3-7.
[10]张忠友.齐夫定律的理论基础及其实践意义[J].情报科学,1989(05):62-66+78.
[11]俞婷婷,徐彭娜,江育娥,林劼.基于改进的Jaccard系数文档相似度计算方法[J].计算机系统应用,2017,26(12):137-142.
[12]崔妍,包志强.关联规则挖掘综述[J].计算机应用研究,2016,33(02):330-334.
[2]张凤登,谢力,应启戛.噪声环境中采用探询机制的局域网性能分析[J].通信学报,2002,23(6):7-13.
[3]Barbosa R,Pras A. Intrusion Detection in SCADA Networks[C]. The 4th International Conference on Autonomous Infrastructure,Manage-ment and Security,2010:163-166.
[4]Pleijsier E. Towards Anomaly Detection in SCADA Networks Using Connection Patterns[C]. 18th Twenty Student Conference on IT,2013.
[5]Goldenberg N,Wool A. Accurate Modeling of Modbus/TCP for Intrusion Detection in SCADA systems[J]. International Journal of CriticalInfrastructure Protection,2013.
[6]Kleinmann A,Wool A. A State Chart-Based Anomaly Detection Model for Multi-Threaded SCADA Systems[C]. International Conferenceon Critical Information Infrastructures Security. Springer International Publishing,2015.
[7]贾涛.西门子S7-200以太网通讯协议研究[J].电子技术与软件工程,2014(24):30-32.
[8]彭勇,向憧,张淼,陈冬青,高海辉,谢丰,戴忠华.工业控制系统场景指纹及异常检测[J].清华大学学报(自然科学版),2016,56(01):14-21.
[9]余小军,刘峰,张春.基于N-Gram文本特征提取的改进算法[J].现代计算机(专业版),2012(34):3-7.
[10]张忠友.齐夫定律的理论基础及其实践意义[J].情报科学,1989(05):62-66+78.
[11]俞婷婷,徐彭娜,江育娥,林劼.基于改进的Jaccard系数文档相似度计算方法[J].计算机系统应用,2017,26(12):137-142.
[12]崔妍,包志强.关联规则挖掘综述[J].计算机应用研究,2016,33(02):330-334.