Intrusion detection method based on support vector machine access of Modbus TCP protocol

被引：10

作者：

Deng, Li ^{[1
]}

Peng, Yisong ^{[1
]}

Liu, Cancheng ^{[1
]}

Xin, Xiaoshuai ^{[1
]}

Xie, YuCen ^{[1
]}

机构：

[1] Univ Elect Sci & Technol China, Sch Automat Engn, Chengdu, Sichuan, Peoples R China

来源：

2016 IEEE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS (ITHINGS) AND IEEE GREEN COMPUTING AND COMMUNICATIONS (GREENCOM) AND IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING (CPSCOM) AND IEEE SMART DATA (SMARTDATA) | 2016年

关键词：

Modbus TCP; function code; coil; support vector machine; intrusion detection; CLASSIFICATION;

D O I：

10.1109/iThings-GreenCom-CPSCom-SmartData.2016.90

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

As the mix of industrial automation control system and the Internet, the industrial control system is becoming more and more vulnerable. The key of information security is how to detect and resist attacks on industrial control systems. This paper proposes a data preprocessing method, this method can convert ModbusTCP traffic into another data that the support vector machine model can identify. This method is based on the frequency of Modbus protocol function code and coil appear in ModbusTCP traffic to detect the abnormal Modbus TCP traffic.

引用

页码：380 / 383

页数：4

共 15 条

[1] An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems [J].

Almalawi, Abdulmohsen ;

Yu, Xinghuo ;

Tari, Zahir ;

Fahad, Adil ;

Khalil, Ibrahim .

COMPUTERS & SECURITY, 2014, 46 :94-110

[2]

[Anonymous], 2011, ACM T INTEL SYST TEC, DOI DOI 10.1145/1961189.1961199

[3] Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems [J].

Erez, Noam ;

Wool, Avishai .

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2015, 10 :59-70

[4] Modbus/DNP3 State-based Intrusion Detection System [J].

Fovino, Igor Nai ;

Carcano, Andrea ;

Murel, Thibault De lacheze ;

Trombetta, Alberto ;

Masera, Marcelo .

2010 24TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2010, :729-736

[5] Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems [J].

Goldenberg, Niv ;

Wool, Avishai .

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2013, 6 (02) :63-75

[6] Attack taxonomies for the Modbus protocols [J].

Huitsing, Peter ;

Chandia, Rodrigo ;

Papa, Mauricio ;

Shenoi, Sujeet .

INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2008, 1 :37-44

[7] Future trends in process automation [J].

Jamsa-Jounela, Sirkka-Liisa .

ANNUAL REVIEWS IN CONTROL, 2007, 31 (02) :211-220

[8]

Mackay S., 2003, PRACTICAL DATA COMMU

[9] A review on solar energy use in industries [J].

Mekhilef, S. ;

Saidur, R. ;

Safari, A. .

RENEWABLE & SUSTAINABLE ENERGY REVIEWS, 2011, 15 (04) :1777-1790

[10] Semisupervised One-Class Support Vector Machines for Classification of Remote Sensing Data [J].

Munoz-Mari, Jordi ;

Bovolo, Francesca ;

Gomez-Chova, Luis ;

Bruzzone, Lorenzo ;

Camps-Valls, Gustavo .

IEEE TRANSACTIONS ON GEOSCIENCE AND REMOTE SENSING, 2010, 48 (08) :3188-3197

← 1 2 →