Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (3): 301-307.doi: 10.11896/jsjkx.210200078

• Information Security • Previous Articles     Next Articles

Industrial Serial Protocol State Detection Algorithm Based on DTMC

LIU Kai-xiang1, XIE Yong-fang1, CHEN Xin2, LYU Fei2, LIU Jun-jiao2   

  1. 1 School of Automation,Central South University,Changsha 410083,China
    2 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
  • Received:2021-02-07 Revised:2021-05-26 Online:2022-03-15 Published:2022-03-15
  • About author:LIU Kai-xiang,born in 1995,postgra-duate.His main research interests include security of industrial control systems and so on.
    CHEN Xin,born in 1990,master,intermediate engineer.His main research interests include ICS security and ICS intrusion detection.
  • Supported by:
    Young Scientists Fund of National Natural Science Foundation of China(61702506) and National Science Fund for Distinguished Young Scholars of China(61725306).

PDF (PC)

397

Abstract: Aiming at the problem that the existing research on industrial security mainly focuses on industrial ethernet and lacks the research on serial link protocol protection,an industrial serial protocol state detection algorithm based on discrete time Mar-kov chain (DTMC) is proposed.This method utilizes the characteristics of limited behavior and state of the industrial control system (ICS),and automatically constructs the normal behavior model of ICS——DTMC,based on the historical traffic data of the serial link protocol.The model contains behavior information such as state event,state transition,state transition probability and state transition time interval.Then the behavior information contained in the model is used as the state detection rule set.When the state information generated in the detection phase is different from the state detection rule set information or the deviation exceeds the threshold,actions such as alarm or rejection are generated.At the same time,combined with the comprehensive packet inspection (CPI) technology,the detectable range of protocol payload data is increased.Finally,the experimental results show that the proposed algorithm can effectively detect semantic attacks and protect the security of serial links,the false positive rate is 5.3% and false negative rate is 0.6%.

Key words: CPI, DTMC, ICS, Industrial security, Serial link protocol, State detection

CLC Number: 

  • TP393.08
[1]LAI Y,LIU Z,LIU J.Abnormal detection method of industrial control system based on behavior model[J].Computers & Security,2019,84(JUL.):166-178.
[2]SUO Y F,WANG S J,QIN Y,et al.Summary of Security Technology and Application in Industrial Control System[J].Computer Science,2018,45(4):25-33.
[3]YANG A,SUN L M,WANG X S,et al.Intrusion detectiontechniques for industrial control systems[J].Journal of Compu-ter Research and Development,2016,53(9):2039-2054.
[4]GUO X,WANG Y Y,FENG T,et al.Blockchain-based Role-Delegation Access Control for Industrial Control System[J].Computer Science,2021,48(9):306-316.
[5]FENG C,LI T,CHAN A D.Multi-level anomaly detection inindustrial control systems via package signatures and LSTM networks[C]//2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.IEEE,2017:261-272.
[6]LANGNER R.Stuxnet:dissecting a cyberwarfare weapon[J].IEEE Security and Privacy,2011,9(3):49-51.
[7]LV X F,XIE Y B.An Anomaly Detection Method for Industrial Control Systems via State Transition Graph[J].Acta AutomaticaSinica,2018,44(9):1662-1671.
[8]LEI Y Q,SHANG W L,WAN M,et al.Industrial firewall rules self-learning algorithm design[J].Computer Engineering and Design.2016,37(12):613-617.
[9]PAN F,WANG S W,XUE P.Self-learning method of industrial firewall rules based on SVM algorithm[J].Information Technology and Network Security,2018,37(5):29-33.
[10]DHEERAJ R,GUO H,VEERAVALLI B,et al.Design and Development of SCADA Firewall Security Features for Protecting Industrial Operations[C]//2019 IEEE VTS Asia Pacific Wireless Communications Symposium.IEEE,2019:1-5.
[11]YAN B,YIN L B,YING H,et al.Hierarchical Intrusion Detection Algorithm based on White List for Industrial Control Network[J].Communication Technology,2018,51(4):907-912.
[12]LU Y.Research on a New Hybrid Intrusion Detection Algo-rithm for Cloud Computing[J].Journal of Chongqing Univer-sity of Technology (Natural Science),2020,34(10):153-159.
[13]SONG Z W,ZHOU R K,LAI Y X,et al.Anomaly DetectionMethod of ICS Based on Behavior Mode[J].Computer Science,2018,45(1):233-239.
[14]CHEN Z,HUANG Y,ZOU H.Anomaly Detection of Industrial Control System Based on Outlier Mining[J].Computer Science,2014,41(5):178-181,203.
[15]FOVINO I N,CARCANO A,MUREL T D L,et al.Modbus/DNP3 state-based intrusion detection system[C]//2010 24th IEEE International Conference on Advanced Information Networking and Applications.IEEE,2010:729-736.
[16]CARCANO A,COLETTA A,GUGLIELMI M,et al.A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems[J].IEEE Transactions on Industrial Informa-tics,2011,7(2):179-186.
[17]MORRIS T,VAUGHN R,DANDASS Y.A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems[C]//2012 45th Hawaii International Conference on System Sciences.IEEE,2012:2338-2345.
[18]MORRIS T,JONES B,VAUGHN R,et al.Deterministic intrusion detection rules for MODBUS protocols[C]//2013 46th Hawaii International Conference on System Sciences.IEEE,2013:1773-1781.
[19]TYLMAN W.Native support for Modbus RTU protocol inSnort intrusion detection system[M]//New Results in Dependa-bility and Computer Systems.Heidelberg:Springer,2013:479-487.
[20]ZHANG Y.Research on Industrial Control System IntrusionDetection Technology[D].Chengdu:University of Electronic Science and Technology of China,2018.
[21]SHANG W L,QIAO Q S,WAN M,et al.Self-learning method for generation and optimization of industrial firewall rules[J].Computer Engineering and Design,2016,37(7):1752-1756.
[22]ROSS S M.Introduction to Probability Models [M].Ninth Edition.Singapore:Elesevier,2007:185-263.
[23]GB/T 19582.1-2008.Modbus industrial automation networkspecification-Part 1:Modbus application protocol[S].Beijing:China Standard Press,2008.
[24]GB/T 19582.2-2008.Modbus industrial automation networkspecification-Part 2:Modbus protocol implementation guide over serial link[S].Beijing:MarkovChain,2008.
[25]MODBUS IDA.MODBUS over Serial Line Specification and Implementation Guide v1.02[EB/OL].http://www.modbus.org/docs/Modbus_over_serial_line_V1_02.pdf,December 20,2006.
[26]LI D,GUO H,ZHOU J,et al.SCADAWall:A CPI-enabled firewall model for SCADA security[J].Computers & Security,2019,80(JAN.):134-154.
[27]CASELLI M,ZAMBON E,KARGL F.Sequence-aware intru-sion detection in industrial control systems[C]//Proceedings of the 1st ACM Workshop on Cyber-Physical System Security.2015:13-24.
[28]FOUNDATIONS C.Protecting America’s Infrastructures:The Report of the President’s Commission on Critical Infrastructure Protection[R].Washington DC:The President’s Commission on Critical Infrastructure Protection.
[29]ZHANG J T,ZHOU J,XU H L,et al.An Arterial Travel Time Estimation Model Based on Discrete Time Markov Chains[J].System Engineering,2014,32(5):98-104.
[30]KARLIN S,TAYLOR H.A First Course in Stochastic Pro-cesses[M].Second Edition.Beijing:Posts & Telecom Press,2007.
[31]ZHAO Z Y,XIA X J.Intrusion Detection Algorithm of Power Grid Industrial Control System Based on CNN[J].Computer Systems & Applications,2020,29(8):179-184.
[32]SHANG W L,ZHANG S S,WAN M,et al.Modbus/TCPCommunication Anomaly Detection Algorithm Based on PSO-SVM[J].Acta Electronica Sinica,2014,42(11):2314-2320.
[1] GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[2] HUANG Jue, ZHOU Chun-lai. Frequency Feature Extraction Based on Localized Differential Privacy [J]. Computer Science, 2022, 49(7): 350-356.
[3] LIU Bao-bao, YANG Jing-jing, TAO Lu, WANG He-ying. Study on Prediction of Educational Statistical Data Based on DE-LSTM Model [J]. Computer Science, 2022, 49(6A): 261-266.
[4] LIU Wei-ye, LU Hui-min, LI Yu-peng, MA Ning. Survey on Finger Vein Recognition Research [J]. Computer Science, 2022, 49(6A): 1-11.
[5] CHEN Hui-pin, WANG Kun, YANG Heng, ZHENG Zhi-jie. Visual Analysis of Multiple Probability Features of Bluetongue Virus Genome Sequence [J]. Computer Science, 2022, 49(6A): 27-31.
[6] CHEN Xin, LI Fang, DING Hai-xin, SUN Wei-ze, LIU Xin, CHEN De-xun, YE Yue-jin, HE Xiang. Parallel Optimization Method of Unstructured-grid Computing in CFD for DomesticHeterogeneous Many-core Architecture [J]. Computer Science, 2022, 49(6): 99-107.
[7] LIN Jin-cheng, JI Qing-ge, ZHONG Zhen-wei. Modified Social Force Model Considering Pedestrian Characteristics and Leaders [J]. Computer Science, 2022, 49(5): 347-354.
[8] WANG Xue-guang, ZHU Jun-wen, ZHANG Ai-xin. Identification Method of Voiceprint Identity Based on ARIMA Prediction of MFCC Features [J]. Computer Science, 2022, 49(5): 92-97.
[9] LIU Jiang, LIU Wen-bo, ZHANG Ju. Hybrid MPI+OpenMP Parallel Method on Polyhedral Grid Generation in OpenFoam [J]. Computer Science, 2022, 49(3): 3-10.
[10] XIA Jing, MA Zhong, DAI Xin-fa, HU Zhe-kun. Efficiency Model of Intelligent Cloud Based on BP Neural Network [J]. Computer Science, 2022, 49(2): 353-367.
[11] DONG Lin, HUANG Li-qing, YE Feng, HUANG Tian-qiang, WENG Bin, XU Chao. Survey on Generalization Methods of Face Forgery Detection [J]. Computer Science, 2022, 49(2): 12-30.
[12] LI Jia-wen, GUO Bing-hui, YANG Xiao-bo, ZHENG Zhi-ming. Disease Genes Recognition Based on Information Propagation [J]. Computer Science, 2022, 49(1): 264-270.
[13] Jeffrey ZHENG. Meta Knowledge Intelligent Systems on Resolving Logic Paradoxes [J]. Computer Science, 2022, 49(1): 9-16.
[14] XIE Liang-xu, LI Feng, XIE Jian-ping, XU Xiao-jun. Predicting Drug Molecular Properties Based on Ensembling Neural Networks Models [J]. Computer Science, 2021, 48(9): 251-256.
[15] YIN Yun-fei, LIN Yue-jiang, HUANG Fa-liang, BAI Xiang-yu. Prediction of Fire Smoke Flow and Temperature Distribution Based on Trend Feature Vector [J]. Computer Science, 2021, 48(7): 299-307.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.