基于混合随机边缘计算的工控入侵检测系统设计

针对传统工控入侵检测系统缺少对边缘入侵信号段的研究,无法及时检测到边缘入侵行为,导致系统入侵潜伏期过长、威胁工控系统网络安全的问题,提出了基于混合随机边缘计算的工控入侵检测系统设计;使用中央服务器处理并发送告警信息,形成统一的告警日志;选择JY211-QTQ-04型号光缆探测器,实时显示信号强度;通过高速网络I/O架构Netmap网络流量采集器采集流量信息,再由TCP/IP协议下的数据预处理器处理数据,利用入侵检测引擎检测入侵行为;构建入侵检测动态模型,结合混合随机边缘算法,确定待检测段的最高能量和信噪比,通过检测到的入侵信号段,判断入侵行为;由实验结果可知,该系统在异常入侵情况下,能够及时发现入侵行为,在入侵时间为7 s时,潜伏期达到最长为2.4 s,与实际入侵后潜伏期变化一致,能够精准检测工控入侵行为。

Design of Industrial Intrusion Detection System Based on Hybrid Random Edge Computing

Aiming at the problem that the traditional industrial control intrusion detection system lacks the research on the edge intrusion signal segment and cannot detect the edge intrusion in time, which leads to the long incubation period of system intrusion and threatens the network security of the industrial control system, an industrial control intrusion detection system based on hybrid random edge computing is proposed. design. Use the central server to process and send alarm information to form a unified alarm log. Select JY211-QTQ-04 optical cable detector to display the signal strength in real time. The flow information is collected by the high-speed network I/O architecture Netmap network flow collector, and then the data is processed by the data preprocessor under the TCP/IP protocol, and the intrusion detection engine is used to detect intrusion behavior. Construct a dynamic model of intrusion detection, combined with a hybrid random edge algorithm, determine the highest energy and signal-to-noise ratio of the segment to be detected, and judge the intrusion behavior through the detected intrusion signal segment. It can be seen from the experimental results that the system can detect intrusion behaviors in time under abnormal intrusion conditions. When the intrusion time is 7s, the incubation period reaches 2.4s, which is consistent with the actual incubation period after the intrusion, and can accurately detect industrial control intrusion behaviors.