Research On Trojan Detection Algorithm Based On Behavior Analysis In ICS

Industrial Control Systems(ICS)are the core system of power,involved in a vital energy,electric power,chemical,municipal,transportation and other key manufacturing,its security is directly related to production safety,life safety and environmental safety and national security.Once the information security of Industrial Control System occurred problems,which caused significant security risk for the operation the country’s critical infrastructure.With the depth fusion of the Informatization and Industrialization and rapid development of Internet of Things,the Industrial Control System breach its own imprisonment,gradually adopt the communication protocols of the Internet and use a more general software and hardware,which causing it in increasingly serious security issues.The security problem of Industrial control system has been paid attention to by all countries in the world,which has become a research focus in the field of information security.This paper study from two aspects,such as host behavior and network behavior,for Trojan Detection Algorithm.Firstly,Analyze the basic component of the ICS and current situation of information security,point out the shortages of the current Industrial Control System in security protection and study the mainstream of the Trojan detection technology;Secondly,Introduce the importance of Behavior analysis technology in Trojan detection,elaborate the common behavior analysis algorithm and its advantages and disadvantages in detail and summarize the key technology of feature extraction in the behavior analysis;Aiming at the shortcomings of the fuzzy pattern recognition algorithm,introduced the concept of information entropy,by calculating the value of each behavior to optimize pattern recognition algorithms;For the problem of Low detection and high rate of misjudgment in single detecting technology,The paper focuses on the network behavior recognition algorithm,summarize and design secondary Trojan detection model based on host behavior and network behavior,which make the first testing results detect again,in order to improve the Trojan detection effect.Based on these studies,Design the two sets of experimental environment,respectively cloud platform based on the OpenStack and small Industrial Control System.In the cloud environment,using the design of the secondary detection model for the universal Trojan experiment,compared with a single detection technology,detection rate is improved by about 2%;In a small industrial control system,for a particular Trojan of industrial control system to experiment,improve detection rate of 1%.The experimental results verify the effectiveness of the proposed detection model.