A Method of Industrial Communication Anomaly Detection Based on Dual Similarity Measures

A similarity measurement and industrial communication technology, applied in the field of industrial communication anomaly detection based on double similarity measurement, can solve the problems of lack of comprehensive consideration of industrial communication characteristics and limited ability of anomaly detection, so as to improve the ability of anomaly detection, Feature Detection Comprehensive Effect

Active Publication Date: 2021-08-24
沈阳邦粹科技有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The above-mentioned industrial anomaly detection methods often only provide anomaly detection capabilities from a certain aspect of industrial network communication. For example, many statistical-based methods use the CUSUM algorithm to calculate abnormal change points of Changes in industrial activities (such as changes in function codes) to achieve anomaly discovery lack comprehensive consideration of all industrial communication characteristics, and its anomaly detection capabilities are limited. At the same time, the adoption of anomaly detection engine methods is also one-sided.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method of Industrial Communication Anomaly Detection Based on Dual Similarity Measures
  • A Method of Industrial Communication Anomaly Detection Based on Dual Similarity Measures
  • A Method of Industrial Communication Anomaly Detection Based on Dual Similarity Measures

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Embodiment 1: The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of them. Example. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An industrial communication anomaly detection method based on dual similarity measures. This method analyzes the communication data in the industrial control network and extracts the industrial communication behavior characteristics according to the industrial communication interaction mode and the industrial protocol specification. Based on these characteristics, the behavior characteristic tree is constructed, respectively. Intra-tree similarity measurement and inter-tree similarity measurement, so as to discover abnormal communication conditions in industrial control networks. Through the above method, the present invention can comprehensively consider general network behavior characteristics and industrial protocol semantic characteristics, and detect industrial communication abnormalities caused by malicious attacks or misoperations and generate alarms through real-time analysis and abnormal judgment of industrial communication data to ensure Industrial control system security.

Description

technical field [0001] The invention relates to the technical field of industrial control system network security, and more particularly to an industrial communication anomaly detection method based on double similarity measurement. Background technique [0002] At present, the hidden dangers of information security risks in my country's industrial control systems are particularly prominent, and the situation is very serious. According to the security report of the Industrial Control System Cyber ​​Emergency Response Team under the U.S. Department of Homeland Security, information security incidents targeting industrial control systems have shown a step-by-step growth trend in recent years, among which energy, manufacturing and other industries account for the largest proportions. Especially in recent years, the integration of the Internet and industrial control systems has broken the original inherent closedness of industrial systems, and the information security problems h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 万明宋岩景源王俊陆刘允
Owner 沈阳邦粹科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap