Research On Generation Method Of Intrusion Detection Rules Based On Variant Attack In Industrial Control Network

With the development of industrial control systems,ICS began to adopt TCP/IP technology,open industrial communication protocols,general operating systems,etc.,and the loopholes in industrial control systems have not received enough attention,making the current industrial control system faced with increasingly serious security threats.In recent years,a series of attacks against industrial control networks have emerged,which further explains the importance and urgency of industrial cyber security in the nation's information security protection.By analyzing the current situation of the research,the current industrial intrusion detection methods mainly include abnormal intrusion detection and misuse intrusion detection.However,in order to avoid detection,the attacker constantly modifies or derives new features from some original attack features to make more variant attacks,which results in the failure of detection methods.Therefore,based on Modbus TCP protocol,the paper proposes an intrusion detection rule generation method for industrial control network variant attacks.Firstly,analyze the security risks of the current industrial control system and possible variants that they encounter,to illustrate the importance of ICS security.The vulnerability of the Modbus protocol and the existing problems of the current detection technology are analyzed,which lays a theoretical foundation for the study of this method.Secondly,in order to make up for the deficiency of current detection technology,a rule generation method based on genetic algorithm is proposed.Through deep parsing of the protocol,it parses from the three layers of the network layer,transport layer,and application layer of the data packet,and obtains key field information of protocol messages at each layer,which lays the foundation for defining the rule form of this paper.Afterwards,four indicators are defined in the algorithm to calculate the individual's fitness value.They are the exact match of the rules,the rules are not exactly matched,the grammar check and attack variants,and are used to optimize the generated rule set.Finally,according to the proposed rule generation method,an industrial control intrusion detection model is constructed,and an industrial control intrusion detection system is designed and implemented.By comparison experiments,it is demonstrated that this method can effectively detect variant attacks based on the characteristics of attack variants,and the false alarm rate is low.