期刊文献+

一种基于DNP3协议的IFAR攻击检测算法 被引量:1

IFAR Attack Detection Algorithm Based on DNP3 Protocol
下载PDF
导出
摘要 分布式网络协议(DNP3)是现代监控和数据采集网络协议之一,是主设备和从设备之间进行通信的双向协议。为了提高可靠性,DNP3在其应用层中包含了传输功能。因为DNP3并未考虑安全机制,所以它很容易遭受到攻击。基于DNP3的通信系统,文章搭建了Pfsense防火墙,并结合Snort进行攻击检测,采用孤立森林与关联规则算法(IFAR),将数据分为异常与非异常,并将异常数据处理为强规则,扩充入侵检测系统。测试结果表明,该算法能有效检测异常攻击,检测率可达到93.35%。 Distributed network protocol(DNP3)is one of the modern monitoring and data acquisition network protocols.DNP3 is a two-way protocol for communication between the master device and the slave device through various communication media.In order to improve reliability,DNP3 includes a transmission function in its application layer.However,in its design stage,DNP3 is vulnerable to attacks.Based on the DNP3 communication system,this paper builds a Pfsense firewall,combines Snort for attack detection,proposes the iForest-Association Rules(IFAR)method,uses the IFAR to divide the data into abnormal and non-abnormal,and handles the abnormal data into strong rules and expands intrusion detection system.Test results show that the algorithm can effectively detect abnormal attacks.The test data set is compared with the attack formula,and the final detection rate is 93.35%.
作者 李彤馨 王勇 邹春明 田英杰 周宇昊 LI Tongxin;WANG Yong;ZOU Chunming;TIAN Yingjie;ZHOU Yuhao(College of Science,Shanghai University of Electric Power,Shanghai 200120,China;National Quality Supervision and Testing Center of Security Products for Network and Information Systems,the Third Research Institute of Ministry of Public Security,Shanghai 200031,China;Electric Power Research Institute,State Grid Shanghai Municipal Electric Power Company,Shanghai 200437,China;National Energy Distributed Energy Technology Research and Development(Experimental)Center,Huadian Electric Power Research Institute Co.,Ltd.,Hangzhou 310030,China)
出处 《微型电脑应用》 2022年第11期1-5,共5页 Microcomputer Applications
基金 国家自然科学基金面上项目(61772327) 上海自然科学基金面上项目(20ZR1455900) 奇安信大数据协同安全国家工程实验室开放课题(QAX-201803) 浙江大学工业控制技术国家重点实验室开放式基金(ICT1800380) 上海市科委电力人工智能工程技术研究中心项目(19DZ2252800)。
关键词 分布式网络协议 网络攻击 防火墙 关联规则 distributed network protocol(DNP3) network attack firewall association rules
  • 相关文献

参考文献3

二级参考文献23

共引文献7

同被引文献9

引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部