Design And Implementation Of Industrial Control Network Intrusion Detection System

With the development of Internet of Things technology and the deep integration of industrialization and information technology,more and more Internet technologies are applied to industrial control networks.In particular,the proposal of "Industry 4.0" in Germany is to speed up the process of opening up industrial control networks.The traditional independent closed industrial control system can no longer meet the needs of industrial production.However,with the acceleration of the opening up process,industrial control networks have exposed more and more potential safety problems.In recent years,industrial control safety incidents have been frequent and have a great impact on society.Industrial control safety has become an important issue to be solved urgently.In the background of industrial control safety,this paper first analyzes and summarizes the characteristics of industrial control system and its existing safety issues,and compares the advantages and disadvantages of commonly used safety protection techniques in industrial control.It proves that intrusion detection technology in industrial safety the importance of protection.Then based on the intrusion detection principle,combined with the communication characteristics of the industrial control network,the functional requirements of the intrusion detection system of the industrial control network are analyzed in depth,and an intrusion detection system is designed and implemented.The industrial control network intrusion detection system designed and implemented in this paper mainly includes some parts such as traffic capture,datagram analysis,communication feature detection,database design and system management interface.On the basis of the analysis of the traditional TCP message,the parse part of the data message is added to the parse of a part of the industrial control communication protocol packet.The detection of the communication message mainly establishes a legitimate set of communication behaviors through normal actions of the industrial control network,and then performs real-time detection on the communication messages in the protected network.Database design includes the system log table,detection rules and self-learning rules storage table design.Thesystem management interface uses Web technology based on B/S architecture to provide an interface for the management of the entire intrusion detection system,including the management and authorization of system users,the management and updating of detection rules,the search audit of system storage logs,Logs and network devices are associated and multi-dimensional statistical analysis of the formation of visual chart data,visual statistics generated by the statistical charts,the user can clearly understand the status of the network security is protected.Finally,the intrusion detection methods and system function points designed and implemented are tested and verified in a typical city gas control system model.