MODBUS TCP COMMUNICATION BEHAVIOUR ANOMALY DETECTION METHOD BASED ON OCSVM DUAL-OUTLINE MODEL

摘要

Proposed is an anomaly detection method for communication behaviours in an industrial control system based on an OCSVM algorithm. According to the present invention, a normal behaviour profile model and an abnormal behaviour profile model, i.e. a dual-outline model, of communication behaviours in an industrial control system are established, parameter optimization is performed by means of a particle swarm optimization (PSO) algorithm, an optimal intrusion detection model is obtained, and abnormal Modbus TCP communication traffic is identified. According to the present invention, the false alarm rate is reduced by means of cooperative discrimination of the dual-outline detection model, the efficiency and reliability of anomaly detection are improved, and the method is more applicable to practical applications.