论文信息 - Research on abnormal detection of ModbusTCP/IP protocol based on one-class SVM

Research on abnormal detection of ModbusTCP/IP protocol based on one-class SVM

In order to discover security risks of industrial control system using the Modbus TCP/IP protocol, this paper proposed a construct frequency feature vector data preprocessing methods. This method taken the Modbus TCP/IP message sequence of the normal communication state in the industrial control system as the research object, and extracted the combination of the function code and the register start address as feature. After processing the collected data, an anomaly detection model based on the one-class Support Vector Machine was designed to identify the abnormal traffic in the communication process. Finally, the flow collection was carried out under the environment of 1000MW power plant semi physical communication, and the detection model was simulated and verified. The experimental results showed that the model can accurately identify the abnormal Modbus TCP/IP traffic.

Daogang Peng | Hao Dong | D. Peng | Hao Dong

[1] Cas Beijing. Industrial Control System Security Analysis and Solution , 2013 .

[2] Li Hong. An intrusion detection system model based on the neural network , 1999 .

[3] Liu Jin-gang. Network protocol parser and verification method based on Wireshark , 2011 .

[4] R. Brereton,et al. Support vector machines for classification and regression. , 2010, The Analyst.

[5] Avishai Wool,et al. Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems , 2015, Int. J. Crit. Infrastructure Prot..

[6] Anatoliy Sachenko,et al. Intrusion detection system based on neural networks , 2014 .

[7] Qi Zhi-quan. Kernel-parameter Selection Problem in Support Vector Machine , 2005 .

[8] Xu Zhi-gao. Regression Forecast and Abnormal Data Detection Based on Support Vector Regression , 2009 .

[9] Feng Guoh,et al. Parameter optimizing for Support Vector Machines classification , 2011 .

[10] J. Weidong. Selection of Kernel Functions and Parameters for Support Vector Machines in System Identification , 2006 .

[11] Ming Wan,et al. Modbus/TCP Communication Anomaly Detection Based on PSO-SVM , 2014 .