摘要
为解决传统工业网络异常检测系统具有误报率高、状态构建不够灵活等问题,提出一种基于信息量的双层确定性有限自动机模型(IDDFA)。引入信息量和时间参数的概念,通过状态之间的信息衰减智能提取实际SCADA网络当中主要状态,在内存操作的粒度上构建一个次级DFA,具备内存操作上的语义分析功能。实验结果表明,该方法在已有的基础上,有效改进了工业控制系统网络当中的异常流量检测。
To solve the problem that the traditional industrial network anomaly detection system has high false alarm rate and insufficient state construction,a two-level deterministic finite automata model(IDDFA)based on information was proposed.The concept of information volume and time parameter was introduced,through the information attenuation between the states to intelligently extract the actual state of the actual SCADA network,and build a secondary DFA on the granularity of the memory operation to provide semantic analysis for memory operations.The analysis of the experimental results shows that the method is improved on the basis of existing methods,and the abnormal flow detection in the industrial control system network is improved.
作者
程相
周安民
郑荣锋
刘嘉勇
CHENG Xiang;ZHOU An-min;ZHENG Rong-feng;LIU Jia-yong(College of Electronics and Information Engineering, Sichuan University, Chengdu 610065, China;College of Cybersecurity, Sichuan University, Chengdu 610065, China)
出处
《计算机工程与设计》
北大核心
2018年第5期1225-1230,1238,共7页
Computer Engineering and Design
