Design And Implementation Of Anomalous Behavior Analysis System For SCADA System Based On Hadoop

With the deep integration of industrialization and information technology,enterprises have gradually planned to open up the barriers between the industrial control system and the information system,and comprehensively promote the industrial upgrading.However,after the industrial control system is connected to the network,due to its own business specificity,the network invasion,the malicious ability of the defense is weak,the system loopholes are not upgraded and so on.A serious threat to normal production,and even lead to major security incidents.In this paper,through the field research and participation in the installation and deployment of the active defense system in the Southwest Oil and Gas Field Company Northeast Sichuan Gas Mine,and the engineering and technical personnel and information security researchers,combined with Hadoop large data platform technology,proposed Hadoop SC AD A system abnormal behavior analysis system,For the information security researchers to provide a data source with a variety of fast,large storage capacity,easy to develop algorithm and interactive interface-friendly abnormal behavior data analysis platform.First of all,Hadoop is a distributed system infrastructure that allows users to develop distributed programs without knowing the underlying details of the distribution,and fully utilize cluster performance for high-speed computing and storage.For the SCADA system of particularity,large amount of log data,diverse structure and so on.With the open source components Flume and Kafka can effectively and steadily collect,transmit and store log data from each SCADA server,and the system is designed as a high availability(HA)model due to the stability requirements of the SCADA system.To achieve the seamless operation of the fault machine to solve the security algorithm researchers on the data needs of the problem.Secondly,through the research,it is found that the algorithm of security defense for industrial control system is still in the exploratory stage.In order to solve the problem that the algorithm research period is long,the programming language does not agree with the diversity problem of the test algorithm,which is designed and introduced by Apache Software Foundation(ASF)development of the open source project Mahout machine learning library,the machine learning library integration of a variety of commonly used algorithms,security algorithms researchers according to their own needs,by modifying or rewriting their corresponding objects and methods,you can quickly achieve the user Custom algorithm.This allows the algorithm researchers to have more energy on the optimization of the algorithm,rather than the complexity of the code to achieve,can greatly reduce the algorithm research cycle.Finally,through the system performance test and the actual anomaly intrusion test and result analysis experiment,it shows that the Hadoop-based SCADA system anomaly behavior analysis system can effectively provide a good and fast algorithm development and testing environment for algorithm researchers.