Netinfo Security ›› 2017, Vol. 17 ›› Issue (7): 45-51.doi: 10.3969/j.issn.1671-1122.2017.07.007

• Orginal Article • Previous Articles     Next Articles

The Design and Implement of Rule Matching-based Distributed Intrusion Detection Framework for Industry Control System

Dongmei CHENG1, Biao YAN2,3, Hui WEN3(), Limin SUN2,3   

  1. 1. Information Center of the 305 Hospital of Chinese People’s Liberation Army, Beijing 100017, China;
    2. University of Chinese Academy of Sciences, Beijing 100049, China
    3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2017-05-15 Online:2017-07-20 Published:2020-05-12

Abstract:

This paper proposed a rule-based distributed intrusion detection system (RDIDS) framework to reduce the impact of traditional industrial control system problems. Furthermore, RDIDS construct a set of rules that contains network status, traffic and industrial operation for intrusion detection. The network status rules that defined by operator can detect unauthorized access for protecting the safety of physical system from information disclosure. The traffic rules learned from the analysis of traffic characteristics can detect abnormal network data flow. The industrial operation rules extracted from the industrial operating sequence can detect abnormal industrial operation. Finally, an industrial control system was built for validation, which contains several hardware or software. The experimental results that conduct on the simulation of industrial control system show that our system have a considerable performance.

Key words: industrial control system, intrusion detection system, distributed system, rule matching

CLC Number: