摘要
针对智能配电系统在运行过程中经常遇到的关键技术问题,从防入侵的角度出发,分析研究了Snort开源入侵检测系统,总结了现有Modbus/TCP协议异常报文入侵检测规则。在此基础上提出了基于白名单模型的Modbus/TCP异常报文入侵检测方法,给出了白名单入侵检测模型及其算法。在Visual Studio平台设计开发了白名单规则生成系统,并说明了白名单规则的生成过程及原理。搭建了测试系统,通过试验证明了基于白名单模型的Modbus/TCP异常报文入侵检测方法的可行性。
From the point of view of intrusion prevention,the Snort open source intrusion detection system was analyzed and studied.This paper summarized the existing Modbus intrusion detection rules,put forward a Modbus intrusion detection method based on the white list model,and gave the Modbus white list intrusion detection model as well as its algorithm.The white list rule generation system was designed in Visual Studio,and the production process as well as the principle of white list rules were also introduced.An experiment based on the existing equipment and tools was carried out to prove the feasibility of the Modbus intrusion detection method based on the white list model.
作者
黄世泽
王梦莹
徐秋勇
郭其一
屠旭慰
HUANG Shize;WANG Mengying;XU Qiuyong;GUO Qiyi;TU Xuwei(Key Laboratory for Road and Transportation of the Ministry of Education,Tongji University,Shanghai 201804,China;Institute of Rail Transit,Tongji University,Shanghai 201804,China;College of Electronics&Information Engineering,Tongji University,Shanghai 201804,China;Zhejiang Zhongkai Science Company Limited,Wenzhou 325604,China)
出处
《电器与能效管理技术》
2018年第21期36-42,共7页
Electrical & Energy Management Technology
基金
国家自然科学基金(61703308)
中央高校基本科研业务
