摘要
如何有效检测和防御工业病毒对应用层协议数据的攻击是目前工业安全网关研究的难点问题.本文提出了将Modbus TCP通讯流量转换为异常检测模型所需数据形式的预处理方法,设计了一种利用粒子群PSO算法进行参数寻优的PSO-SVM算法.该方法根据Modbus功能码序列中的模式短序列出现的频率,识别出异常的Modbus TCP通讯流量.最后,通过实验数据分析,说明了提出方法可以有效实现对Modbus功能码序列的异常检测.
To detect and defend industry virus attacks to application layer protocol data is difficult issues in study of industrial security gateway. In this paper,a data pre-processing method is presented,which can convert Modbus TCP traffic into anomaly detection model,and a PSO-SVM algorithm is designed,which optimizes parameters by advanced Particle Swarm Optimization( PSO) algorithm. The method identifies anomalies of Modbus TCP traffic according to appear frequencies of the mode short sequence of Modbus function code sequence. Finally,experimental data analysis shows that the proposed method can effectively detect abnormal of Modbus function code sequence.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2014年第11期2314-2320,共7页
Acta Electronica Sinica
基金
国家自然科学基金(No.61164012)
国家863高技术研究发展计划(No.2012AA041102-03)
