摘要
针对工控网络的攻击不断增多,工业防火墙在网络防火墙基础上增加工业协议过滤模块,在应用层深度解析工业协议内部,添加基于白名单策略的过滤规则表,只允许合法数据通过,从而提高工控网络安全。提出一种自生成过滤规则的方法,利用SVM算法对提取的工控网络数据特征学习生成识别模型,通过优化训练样本与模型参数提高模型识别性能,然后识别出正常数据自动添加进过滤规则表。实验结果表明,该方法生成过滤规则准确率高,提高了工业防火墙整体性能。
For increasing attacks on industrial control networks,the industrial firewall add an industrial protocol filtering module based on the network firewall to improve the security of industrial control networks. The industrial protocol filtering module internally analyzes the industrial protocol in the application layer and adds a filtering rule list based on the white list policy to only allow valid data to pass. A method of selflearning firewall rules was proposed,using Support Vector Machine( SVM) algorithm to learn the data features extracted from industrial control network and then generate recognition model. It will improve the overall performance of the mode by optimizing training samples and model parameters. It identifies the normal data automatically and then generates the filtering rules. The experimental results show that the proposed method has high accuracy of generating firewall rules and improves the overall performance of industrial firewall.
作者
潘峰
王世伟
薛萍
Pan Feng;Wang Shiwei;Xue Ping(Moutai Institute,Zunyi 564507,China;Taiyuan University of Science and Technology,Taiyuan 030024,China)
出处
《信息技术与网络安全》
2018年第5期29-33,共5页
Information Technology and Network Security
基金
横向科研项目
蓝盾PLC防火墙项目(201604)
关键词
工控网络安全
工业防火墙
自学习方法
支持向量机
不均衡数据
industrial control network security
industrial firewall
self-learning method
Support Vector Machine
imbalanced data sets