APPARATUS TO DETECT ABNORMAL BEHAVIOR OF NONSTANDARD PROTOCOL PAYLOAD BY USING DNN ALGORITHM AND METHOD THEREOF

摘要

Disclosed is an apparatus to detect the abnormal behavior of nonstandard protocol payload by using a DNN algorithm. The abnormal behavior detecting apparatus includes: a data packet collecting module collecting a data packet in real time in accordance with a nonstandard protocol under an industrial control system environment; a data packet classification module outputting payload by parsing the data packet collected in real time by the data packet collecting module; a payload mask pattern generating module generating a payload mask pattern in relation to the payload outputted from the data packet classification module; a payload mask pattern application module applying the payload mask pattern generated by the payload mask pattern generating module to the payload of the data packet collected in real time by the data packet collecting module; a payload normalizing module normalizing the payload to which the payload mask pattern has been applied by the payload mask pattern application module; a learning data set generating module generating a learning data set for deep learning through a DNN algorithm by using the payload normalized by the payload normalizing module; and an abnormal behavior detecting module detecting the abnormal behavior of the nonstandard protocol data packet collected by the data packet collecting module by conducting deep learning based on the DNN algorithm by using the learning data set generated by the learning data set generating module.;COPYRIGHT KIPO 2019