Anomaly Detection Approach based on Function Code Traffic by Using CUSUM Algorithm
文献类型:会议论文
| 作者 | Wan M(万明) ; Shang WL(尚文利); Zeng P(曾鹏)
|
| 出版日期 | 2015 |
| 会议名称 | 4th National Conference on Electrical, Electronics and Computer Engineering (NCEECE) |
| 会议日期 | December 12-13, 2015 |
| 会议地点 | Xi‘an, PEOPLES R CHINA |
| 关键词 | Anomaly detection Modbus/TCP Function code traffic Cumulative sum |
| 页码 | 1506-1511 |
| 中文摘要 | There is an increasing consensus that it is necessary to resolve the security issues in today's industrial control system. From this point, this paper proposes an anomaly detection approach based on function code traffic to detect abnormal Modbus/TCP communication behaviors efficiently. Furthermore, this approach analyzes the Modbus/TCP communication packets in depth, and obtains the function code in each packet. According to the function code traffic change, this approach uses the Cumulative Sum (CUSUM) algorithm for change point detection, and generates an alarm. Our simulation results show that, the proposed approach is very available and effective to provide the security for industrial control system. Besides, we also discuss some advantages and drawbacks when using this approach. |
| 收录类别 | CPCI(ISTP) |
| 产权排序 | 1 |
| 会议主办者 | Int Informatizat & Engn Assoc, Trans Tech Publicat |
| 会议录 | PROCEEDINGS OF THE 2015 4TH NATIONAL CONFERENCE ON ELECTRICAL, ELECTRONICS AND COMPUTER ENGINEERING ( NCEECE 2015)
 |
| 会议录出版者 | ATLANTIS PRESS |
| 会议录出版地 | PARIS |
| 语种 | 英语 |
| ISBN号 | 978-94-6252-150-6 |
| WOS记录号 | WOS:000373378400270 |
| 源URL | [http://ir.sia.cn/handle/173321/18598]  |
| 专题 | 沈阳自动化研究所_工业控制网络与系统研究室 |
| 推荐引用方式 GB/T 7714 | Wan M,Shang WL,Zeng P. Anomaly Detection Approach based on Function Code Traffic by Using CUSUM Algorithm[C]. 见:4th National Conference on Electrical, Electronics and Computer Engineering (NCEECE). Xi‘an, PEOPLES R CHINA. December 12-13, 2015. |
入库方式: OAI收割
来源:沈阳自动化研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。