DETECTING DEVICE FOR INDUSTRIAL CONTROL NETWORK INTRUSION AND DETECTING METHOD OF THE SAME

摘要

According to an embodiment of the present invention, a device for detecting intrusion into a control network connected to control facilities via the control network, comprises: a flow information extraction unit parsing packets collected via the control network to extract flow information; a flow information management unit generating a flow table by using the flow information; a flow pattern information generation unit analyzing the flow information stored in the flow table to generate flow pattern information; a setup information collection unit collecting setup information from the control facilities via the network; and a determination unit determining whether a flow corresponding to the flow information is normal by using the flow information transmitted from the flow information management unit, the flow pattern information transmitted from the flow pattern information generation unit and the setup information transmitted from the setup information collection unit.