| 采用蜜罐技术的工业控制网络入侵检测算法研究 |
| |
| 引用本文: | 张 成,李永忠.采用蜜罐技术的工业控制网络入侵检测算法研究[J].教育技术导刊,2009,19(11):202-205. |
| |
| 作者姓名: | 张 成 李永忠 |
| |
| 作者单位: | 江苏科技大学 计算机学院,江苏 镇江 212003 |
| |
| 摘 要: | 为提高工业控制系统入侵检测的准确性,针对工业控制系统应用最广泛的Modbus协议缺陷,采用蜜罐技术将ModbusTCP协议数据包引入蜜罐系统中,研究其在蜜罐系统的活动记录,提取Modbus通信协议特征和蜜罐活动特征。采用核主成分分析法对非线性、高复杂度的Modbus通信行为进行特征优化;针对蜜罐系统中正负样本不平衡特点,采用加权SVM进行有效地精准分类。最后搭建仿真环境,利用Conpot蜜罐模拟工业控制系统场景,通过准确率、误报率和检测时间3个维度对检测方法进行对比。实验结果表明,该方法整体准确率达98.2%,可以应用于工控系统入侵检测,精确判别异常行为。
|
| 关 键 词: | ModbusTCP 蜜罐技术 核主成分分析 支持向量机 网络安全 工业控制 |
| 收稿时间: | 2020-04-08 |
Research on Intrusion Detection Algorithm of Industrial Control Network Based on Honeypot Technology |
| |
| ZHANG Cheng,LI Yong-zhong.Research on Intrusion Detection Algorithm of Industrial Control Network Based on Honeypot Technology[J].Introduction of Educational Technology,2009,19(11):202-205. |
| |
| Authors: | ZHANG Cheng LI Yong-zhong |
| |
| Institution: | School of Computer, Jiangsu University of Science and Technology, Zhenjiang 212003,China |
| |
| Abstract: | In order to improve the accuracy of industrial control system intrusion detection, aiming at the defects of the Modbus protocol which is the most widely used, industrial control system, this article uses honeypot technology to introduce ModbusTCP protocol data packets into the honeypot system studies its activity records in the honeypot system and extracts Modbus communication protocol characteristics and honeypot activity characteristics. The kernel principal component analysis method is used to optimize the nonlinear and high-complexity Modbus communication behaviors; weighted SVM is used to accurately and accurately classify the characteristics of the imbalance between the positive and negative samples in the honeypot system. Finally, a simulation environment is set up, and the industrial control system scene is simulated by using the Conpot honeypot. The detection methods are compared through three dimensions, i.e., accuracy, false alarm rate and detection time. Experimental results show that the overall accuracy of the method reaches 98.2%, and the method can be applied to intrusion detection of industrial control systems to accurately discern abnormal behavior. |
| |
| Keywords: | Modbus TCP honeypot technology kernel principal component analysis support vector machine network security industrial control |
|
| 点击此处可从《教育技术导刊》浏览原始摘要信息 |
| 点击此处可从《教育技术导刊》下载免费的PDF全文 |
