| 基于行为模型的工控异常检测方法研究 |
| |
| 引用本文: | 宋站威,周睿康,赖英旭,范科峰,姚相振,李琳,李巍. 基于行为模型的工控异常检测方法研究[J]. 计算机科学, 2018, 45(1): 233-239 |
| |
| 作者姓名: | 宋站威 周睿康 赖英旭 范科峰 姚相振 李琳 李巍 |
| |
| 作者单位: | 北京工业大学计算机学院 北京100124,中国电子技术标准化研究院 北京100007,北京工业大学计算机学院 北京100124,中国电子技术标准化研究院 北京100007,中国电子技术标准化研究院 北京100007,中国电子技术标准化研究院 北京100007,中国电子技术标准化研究院 北京100007 |
| |
| 基金项目: | 本文受国家智能制造专项:面向智能制造的工业信息安全关键标准研制及验证平台建设项目(京财经一指[2015]1170号)资助 |
| |
| 摘 要: | 目前,工业控制系统(Industrial Control Systems,ICS)网络安全已经成为信息安全领域的重点问题,而检测篡改行为数据及控制程序等攻击是ICS网络安全的难点问题,据此提出了基于行为模型的工控异常检测方法。该方法从工控网络流量中提取行为数据序列,根据ICS的控制和被控过程构建正常行为模型,通过比较分析实时提取的行为数据与模型预测的行为数据,判断是否出现异常。通过实验分析,验证了所提方法能有效实现对篡改行为数据及控制程序等攻击的异常检测。
|
| 关 键 词: | 工业控制系统 网络安全 异常检测 行为模型 递推最小二乘 AIC Modbus TCP |
| 收稿时间: | 2016-11-02 |
| 修稿时间: | 2017-03-29 |
Anomaly Detection Method of ICS Based on Behavior Model |
| |
| SONG Zhan-wei,ZHOU Rui-kang,LAI Ying-xu,FAN Ke-feng,YAO Xiang-zhen,LI Lin and LI Wei. Anomaly Detection Method of ICS Based on Behavior Model[J]. Computer Science, 2018, 45(1): 233-239 |
| |
| Authors: | SONG Zhan-wei ZHOU Rui-kang LAI Ying-xu FAN Ke-feng YAO Xiang-zhen LI Lin LI Wei |
| |
| Affiliation: | College of Computer Science,Beijing University of Technology,Beijing 100124,China,China Electronics Standardization Institute,Beijing 100007,China,College of Computer Science,Beijing University of Technology,Beijing 100124,China,China Electronics Standardization Institute,Beijing 100007,China,China Electronics Standardization Institute,Beijing 100007,China,China Electronics Standardization Institute,Beijing 100007,China and China Electronics Standardization Institute,Beijing 100007,China |
| |
| Abstract: | At present,the ICS network security has become a key problem in the field of information security.Detecting attacks,such as behavior data tampering attack and control program tampering attack,is a difficult problem of ICS network security.Therefore,this paper proposed an anomaly detection method based on behavior model.This method extracts the behavior data sequence from the industrial control network traffic.Then it constructs the normal behavior model according to the control process and the controlled process of ICS.At last,it determines whether an exception occurs by comparing and analyzing the behavior data extracted in real time and the behavior data predicted by the model.The experimental analysis shows that it can effectively detect behavior data tampering attack,control program tampering attack and so on. |
| |
| Keywords: | ICS Network security Anomaly detection Behavior model RLS AIC Modbus TCP |
|
|
点击此处可从《计算机科学》下载全文 |
|
