Malicious behavior identification method for industrial control honey pot

An identification method and malicious technology, applied in the field of network security, can solve problems such as the inability to effectively identify malicious behavior of industrial protocols, and achieve the effect of improving the accuracy rate

Active Publication Date: 2021-07-16
辽宁谛听信息科技有限公司
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the problem that existing industrial control honeypots cannot effectively identify malicious behaviors of industrial protocols, the present invention proposes a malicious behavior identification method for industrial control honeypots

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious behavior identification method for industrial control honey pot
  • Malicious behavior identification method for industrial control honey pot
  • Malicious behavior identification method for industrial control honey pot

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The technical solution of the present invention is tested in combination with specific data.

[0031] Firstly, the data to be tested is input into the built neural network model, the model will give its classification probability vector and quasi-classification result, compare the vector with the category threshold, if it is less than the threshold, then output the neural network classification result, if If it is greater than the threshold, the sample is identified as an unknown category.

[0032] The method of the present invention is used to classify and identify the malicious traffic captured by the honeypot. The sample contains five types of malicious behaviors, including common detection attacks, FUZZ attacks, malicious response injection, malicious state command injection, and malicious function code injection. The experimental results are shown in Table 1. Experimental results show that the method adopted in the present invention can significantly improve the c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security, and discloses a malicious behavior identification method for an industrial control honey pot. The method comprises the following steps: capturing the flow of an attacker by using a built high-interaction industrial control honeypot, then carrying out segmentation operation on the network flow to generate a network session flow, inputting the generated network session flow into a one-dimensional convolutional neural network and a GRU network, introducing an attention mechanism to distribute different weights for each byte, and finally, separating the malicious behavior of an unknown type by calculating the Euclidean distance between the probability output by the neural network and the coordinates of each type. The method improves the classification accuracy, achieves the precise recognition of malicious behaviors captured by the industrial control honeypot and the separation of unknown behaviors, and enables a safety manager to more visually understand the attack means and real intention of an attacker.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a malicious behavior identification method for industrial control honeypots. Background technique [0002] With the gradual integration of informatization and industrialization, the degree of informatization of industrial control systems is getting higher and higher. The widespread use of general-purpose hardware and software and network facilities has broken the "isolation" of traditional industrial control systems and information networks, and is continuously promoting industrial control systems. While controlling the development and expansion of the network, it also brings great security threats. [0003] Because the industrial control site has extremely high requirements on the real-time, reliability and continuity of the network, some traditional passive network security products, such as industrial firewalls and intrusion detection systems, cannot be wi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62G06N3/04
CPCH04L63/1408H04L63/1416H04L63/1491G06N3/047G06N3/048G06N3/044G06N3/045G06F18/2415G06F18/241
Inventor 单垚姚羽杨巍李文轩刘莹李桉雨
Owner 辽宁谛听信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap