| Today, SCADA(Supervisory Control and Data Acquisition) system have increasingly connected with external networks and adopt open protocols and platforms. While this trend can help to improve the interconnectivity among control systems and make the allocation of resources more rational, the industrial control system security problem with it also can't be ignored.The innovation of this paper is that the SVM(Support vector machine) theory, which used to be a method for text or image progress, is applied to intrusion detection for SCADA network communication. This approach is based on the key observation that SCADA traffic is highly periodic and stable. This approach can precisely detect intrusion aim at SCADA network and raise the alarm timely. It can guarantee the availability and integrity of SCADA and not affect the system's real-time capability. The main work is as follows:(1) Background and traditional solutions: Firstly, the background is introduced and current security status of SCADA is analyzed in detail. Besides, the typical invasion means and forms, as well as the security defense measures commonly adopted are systematically analyzed.(2) A new solution is presented: By comparing respective character of SCADA network and commercial networks, analyzing the advantage of SVM algorithm in applying to SCADA compared to other algorithms, a SVM-based intrusion detection system(SVM-IDS) is established.(3) Application and Simulation: The widely used Modbus TCP protocol and S7 protocol(Siemens Ethernet Protocol) from SCADA systems has been chosen to be studied and its normal and abnormal traffic are simulated by software tools. Then, SVM-IDS is applied to classify and detect the traffic.The results of our study prove that SVM-IDS can effectively detect the abnormal traffic. SVM-IDS would not only improve the security of SCADA but also can satisfy SCADA's real-time requirement. |
PDF Full Text Request