摘要
为了提高工控系统入侵的检测率,讨论了传统工控入侵检测技术的原理,并从信息论的观点进行了对比研究.通过对工控系统特异性及其攻击手法的建模,归纳出工控攻击在协议栈、统计特性、通信行为等方面表现出的动态和静态指纹,基于一种新的异构信息的抽象方法,提出并实现了一个基于组合神经网络的启发式工控系统异常检测模型.测试结果表明该检测模型运行高效,相比一般智能方法检测结果更为准确.
In order to improve the intrusion detection rate of industrial control system, the principle of traditional industrial intrusion detection technology is discussed, and the comparative study is done from the viewpoint of information theory. The dynamic and static fingerprints of industrial control attacks in the protocol stack, statistical characteristics, and communication behavior are summarized based on the modeling of the specificity of the industrial control system and the attack methods. Based on a new ab- stract method of heterogeneous information, a heuristic industrial control system anomaly detection model based on combinatorial neural network is implemented. The test results show that the proposed model is more efficient, and the results are more accurate than the conventional intelligent methods.
出处
《四川大学学报(自然科学版)》
CAS
CSCD
北大核心
2017年第4期735-741,共7页
Journal of Sichuan University(Natural Science Edition)
基金
四川省教育厅青年基金(15ZB0026)
关键词
异常检测
组合神经网络
工控系统
启发式
模型
Anomaly detection
Combined neural network
Industrial control system
Heuristic
Model