Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Industrial control network active defense system based on honeynet and method thereof

An industrial control system and industrial control network technology, applied in the field of network security, can solve the problem of insufficient network administrators to understand the network situation and make decisions

Active Publication Date: 2020-09-08
NORTHEASTERN UNIV
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although some industrial control-level security methods have been proposed, they are more inclined to detect abnormal traffic or abnormal activities of the normal network, but these are not enough for network administrators to understand the network situation and make decisions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control network active defense system based on honeynet and method thereof
  • Industrial control network active defense system based on honeynet and method thereof
  • Industrial control network active defense system based on honeynet and method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0118] Embodiment 1: Extracting network traffic characteristics of an industrial control system

[0119] It is assumed that different network entities have different capabilities and intentions, thus different network entities always generate different communication patterns. The present invention uses these communication patterns as fingerprints of different network entities to detect abnormal traffic in a large amount of industrial control system network traffic. In this embodiment, the effectiveness of the fingerprint industrial control system network traffic of the present invention is studied with the accuracy rate as the main index.

[0120] First, the present invention extracts sessions from the original industrial control system network traffic according to the feature vectors of different industrial control system protocols; 60% of the sessions are used for training, and the remaining 40% of the sessions are used for testing models, wherein the training data and test ...

Embodiment 2

[0121] Embodiment 2: Detect abnormal traffic

[0122] The present invention has two methods of "non-updating" and "updating" in detecting abnormal traffic, and evaluates the effect of detecting traffic with four standards of Accuracy, Precision, Recall and F1 score. The standard is defined as follows:

[0123]

[0124]

[0125]

[0126]

[0127] Among them, TP means that members of the same organization are classified into the same group; TN means that members of different organizations are grouped into different groups; FP means that members of different organizations are grouped into the same cluster; FN means that members of the same Members of an organization are grouped into different clusters.

[0128] First divide the dataset into two parts, train the "non-updating" method with part 1 data, and test with part 2 data; Train and test with the remaining 40% of the data; finally experiment with the "Update" method with a threshold of 0.3, train on the part 1 d...

Embodiment 3

[0131] Example 3: Assessing the degree of threat

[0132] First, this embodiment assigns different threat levels to the data in the second part based on professional knowledge, maliciousness and attack type. Next, use the data in Part 1 as the training data to generate the threshold T of the three characteristics of maximum depth, number of connections, and number of groups MD ,T NoC and T NoP . The present invention evaluates the threat level of the second part data with these three thresholds, and the result precision is 0.948, such as Figure 8 There are four evaluation errors shown: the first error is due to the scanned IC device not returning a correct response, thereby interrupting the subsequent scanning activity, and the remaining three errors are caused by the write operation in the data, because the write operation does not should appear in the data. Experimental results show that the invention can not only accurately evaluate the threat level of industrial cont...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control network active defense system based on a honeynet and a method thereof. The system comprises an information collection assembly, a flow analysis assemblyand a knowledge management assembly. The information collection assembly comprises an industrial control system honeynet, a web crawler and a flow mirror image; the flow analysis assembly comprises aflow processing module, a flow modeling module and a flow evaluation module; the knowledge management component manages all information of an industrial control system network through a knowledge graph, and is divided into an internal network knowledge graph and an external network knowledge graph which are stored in a graph database. The honeynet-based industrial control network active defense system and the method thereof provided by the invention not only can accurately detect the abnormal condition in the network flow of the industrial control system, but also can evaluate the threat degree of the industrial control system and find the attack organization associated with the industrial control system.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a honeynet-based industrial control network active defense system and a method thereof. Background technique [0002] At present, industrial control systems are widely used in my country's modern industries, including petroleum and petrochemical, national defense technology, electric power and water conservancy, energy machinery, metallurgical industry, automobile manufacturing and aerospace, and many other key industries related to the national economy and people's livelihood. Most of these industries involve national critical infrastructure and are closely connected with the lifeline of the country. [0003] With the gradual deepening of the integration of industrialization and industrialization, the degree of informatization in industrial control systems is increasing day by day, and the widespread use of general software, hardware and network facilities h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1491H04L63/1416H04L63/1425H04L63/20G06F18/24323
Inventor 姚羽盛川刘莹杨巍安红娜陈腾
Owner NORTHEASTERN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products