摘要
针对工业控制系统中Modbus_TCP协议存在的诸多安全隐患问题,提出了基于机器学习的Modbus_TCP通信异常检测方法,分析了Modbus_TCP报文类型与结构特点,介绍了机器学习中决策树分类模型算法的实现过程,建立了Modbus_TCP协议的模拟通信,使用了Scapy工具构造伪报文实现异常检测。设置了朴素贝叶斯分类模型、逻辑回归分类模型和传统支持向量机分类模型的实验与之对比,并且对模型的准确率、误报率、漏报率和时间性能进行分析。分析结果表明,决策树分类模型准确率高,消耗时间短,具有一定的优越性。
Aiming at the hidden security problems of Modbus_TCP protocol in industrial control systems,this paper pro-poses a Modbus_TCP communication anomaly detection method based on machine learning,analyzes the types and struc-tural characteristics of Modbus_TCP messages,introduces the implementation process of decision tree classification model algorithm in machine learning,establishes the simulation communication of Modbus_TCP protocol,and uses Scapy tool to construct pseudo message to realize anomaly detection.The experiments of Naive Bayes classification model,logistic regression classification model and traditional support vector machine classification model are also set up to compare with the pro-posed method,and the accuracy,false positive rate,false negative rate and time performance of the models are analyzed.The analysis results show that the decision tree classification model has high accuracy,short time consumption,and cer-tain advantages.
作者
陈鑫龙
陈志翔
周小方
Chen Xinlong;Chen Zhixiang;Zhou Xiaofang(School of Computer Science,Minnan Normal University,Zhangzhou 363000,China;Key Laboratory of Data Science and Intelligence Application,Zhangzhou 363000,China;School of Physics and Information Engineering,Minnan Normal University,Zhangzhou 363000,China)
出处
《信息技术与网络安全》
2020年第10期55-60,共6页
Information Technology and Network Security
基金
福建省中青年教师教育科研项目(JAT191414)
漳州市自然科学基金(ZZ2020J33)
闽南师范大学研究生教改项目(MSYJG8)。