Netinfo Security ›› 2019, Vol. 19 ›› Issue (11): 8-13.doi: 10.3969/j.issn.1671-1122.2019.11.002

Previous Articles     Next Articles

Industrial Control System Intrusion Detection Model Based on S7 Protocol

Zheng TIAN, Shu LI(), Yizhen SUN, Xi LI   

  1. State Grid Hunan Electric Power Company Limited Information and Communication Branch,Changsha Hunan 410000, China
  • Received:2019-09-16 Online:2019-11-10 Published:2020-05-11

Abstract:

With the proposal of “made in China 2025” strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control network has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens company in Germany, which is widely used in the communication process of industrial control network. This paper proposes an industrial control composite intrusion detection model based on deep analysis and white list self-learning. The model uses deep analysis algorithm to realize the analysis of S7 data packets, dynamically builds a white list through white list self-learning algorithm, and uses the composite intrusion detection method of white list detection and abnormal behavior detection to detect anomalies. The experiments show that the method can effectively detect the abnormal S7 protocol packets in the industrial control network, and the detection accuracy can reach 98.3% at 5000/s packet rate.

Key words: protocol analysis, intrusion detection, white list self-learning, S7 protocol

CLC Number: