Research On Industrial Firewall Software Design And Self-learning Method Of Rules

Industrial control system is entering the stage of information and intelligence.More industrial control systems and devices have been connected to the Internet,and network security issues have been extended to industrial control systems.The number of attacks on industrial control systems has continued to increase,and the means of attacks have emerged one after another.Research on protection techniques for industrial control networks has become a hot topic.This paper first introduces the hierarchical structure of the industrial control system and its functions,and compares it with the IT system information security,which shows the particularity of the information security of the industrial control system.Then the paper analyzes the vulnerability of industrial control systems and analyzes the general Modbus TCP protocol and the vulnerability of the communications in detail.The security protection measures of existing industrial control systems were introduced from the aspects of security management and technology.Industrial firewall plays a good role in protecting industrial control system.Second,the system structure of the PLC industrial firewall and the overall design idea of the software framework are introduced.It focuses on the self-learning method of industrial firewall rules based on support vector machine(SVM).The SVM algorithm is used to learn the behavior characteristics of industrial control data,generate a recognition model,and identify the right industrial data.The unbalanced characteristics of industrial control data are presented.By analyzing the solution of SVM algorithm under unbalanced data sets,a method to optimize the generation of recognition models is proposed.One is to optimize at the sample level.Specifically,an abnormal data generation method for industrial control networks is proposed to improve the balance of the training samples.On the other hand,the optimized grid search method is used to optimize the model parameters.Using the generated recognition model,the data predicted to be legal is added to the rule table according to a certain pattern,thereby completing the purpose of automatically generating filter rules by self-learning the industrial control data.Finally,a simple industrial control system simulation experiment was built to simulate the real industrial production process for collecting and processing industrial control data.The different recognition models were generated using the LIBSVM algorithm before and after optimization.The experimental results are used to analyze the classification results of the identified model before and after optimization.It is shown that the identification model generated by this method has higher prediction accuracy for normal data and abnormal data.This can generate highly accurate filtering rules and improve the performance of industrial firewalls.