| At present,China's industrial industrial development is in the"fast lane"ranks,especially when the emerging Internet new technology is applied to the traditional industrial control system,a variety of comprehensive new industrial control system to accelerate the pace of China's industrial development.Among them,the industrial Ethernet technology based on traditional Ethernet improves the industrial control system qualitatively in terms of both real-time communication and stability.However,the gradual opening of industrial control system raises its own risks.In view of this situation,the traditional IT defense technology and industrial firewall technology can not meet the current open industrial control system security requirements.Therefore,the application of intrusion detection technology in the field of industrial control system information security has become a research hotspot.The main application is to select appropriate intrusion detection system according to the system mechanism or communication characteristics of different industrial control systems,and to complete the task of industrial control system security protection by designing and improving it and applying it to the designated industrial control system.This paper aims at the deficiency of Snort intrusion detection framework in the application of industrial control system,expands the function of Snort,and realizes Snort's analysis and recognition of PROFINET protocol.In addition,a simulated attack experiment was designed to verify the performance of the improved Snort system.Experiments show that Snort can detect and alarm abnormal PROFINET protocol in real time.First,on the basis of Snort intrusion detection framework,the system architecture and data processing process were studied in depth.Combined with the characteristics of PROFINET protocol frame structure,a preprocessor plug-in was designed and extended to the original system.Secondly,the PROFINET 10 real-time communication system is built by simulating the field situation of factory automation,and the industrial Ethernet switch is used as the bridge to enable the Snort intrusion detection system to capture the PROFINET protocol packets in the communication system in real time.At the same time,the implementation of the visual interface proves that the improved Snort can analyze and recognize the PROFINET protocol in real time.Finally,the simulation attack experiment of PROFINET IO communication system is designed.The experiment results prove that the improved Snort system can detect and alarm the attack behavior in real time and achieve the purpose of protecting PROFINET IO communication system. |
PDF Full Text Request