Research On Security Technology Protection Of Modbus＿TCP Protocol In IPv6 Of Industrial Control System

The Internet of Things has accelerated the arrival of "the Era of Internet of Everything".The combination of traditional industrial control system and information network system has improved factory production efficiency and industrial control system management mechanisms,but at the same time it has also brought safety hazards,that industrial intranets exposed in the Internet are vulnerable to "various" hacker attacks.In addition,with the continuous development of the IPv6 protocol,it will be widely used in the field of industrial control systems in the future,and the integration of new technologies may bring about many new security issues.However,in traditional intrusion detection systems,abnormal detection has a high false alarm rate,and misuse detection has a high false negative rate.It is impossible to detect sudden security problems in time.Therefore,this article proposes research on security technology protection of Modbus＿TCP protocol in IPv6 of industrial control system,using machine learning intrusion detection methods,which can effectively identify abnormal traffic in Modbus＿TCP communication.This article mainly focuses on the various fragility issues of the Modbus＿TCP protocol in industrial control system and the availability of industrial control systems caused by DDo S attacks.The decision tree algorithm of machine learning and the BP neural network algorithm of deep learning are selected for intrusion detection,and the following researches are done respectively:(1)First,it analyzes the background of the birth of the Industrial Internet,and the network protocol vulnerability of the industrial control system and the traditional information network in combination with the security status of the industrial control system.The Modbus＿TCP protocol has many shortcomings,such as lack of authentication mechanism,authorization mechanism,encryption mechanism and function code abuse.The lack of the first three mechanisms makes the system vulnerable to hacker eavesdropping attacks and packet sending attacks,and the function code abuse will bring more serious security risks.In addition to special attacks from industrial networks,systems connected to the Internet are also vulnerable to traditional network attacks,among which DDo S attacks that destroy the availability of industrial control systems are the most prominent.In this paper,a series of attacks that may be suffered by industrial control systems are reproduced.Through software tools,a simulation environment of normal industrial control system network communication,an industrial control system network attack environment and DDo S attack environment are created to carry out an experimental simulation of intrusion detection.(2)In the IPv4 network environment,network transmission generally does not provide an encryption mechanism.Based on the TCP/IP protocol framework,the Modbus protocol is an application layer protocol with inherent defects.The use of traditional intrusion detection mechanisms is prone to high false alarm rate and high false negative rate.Therefore,it is urgent to take necessary measures to solve this problem.Decision tree algorithm is a classic algorithm in machine learning,which can support the use of small samples for model training.Extracting the function code field and register address field in the Modbus protocol as the input features of the model can get better training results,and the training time of the model is relatively short,which is more in line with the real-time requirements of industrial control system.(3)IPv6 network is a new trend of future development.Although it can solve many security problems in the IPv4 protocol,it can’t prevent all attacks,such as DDo S attacks.Compared with the CIA security principles of traditional information networks,the industrial control system follows AIC,because it is connected to the physical space and has extremely high requirements for availability,controllability and real-time ability.However,DDo S attacks destroy the availability of industrial control systems with the characteristics of largescale packet out attacks.In industrial control networks,it is difficult to distinguish whether it is a burst of large-scale normal traffic or DDo S attack traffic.Deep learning belongs to the category of machine learning,but it has more advantage in processing a large number of sample data sets.Therefore,this paper adopts the BP neural network model in deep learning to learn and classify to achieve intrusion detection.The intrusion detection experiment in the IPv6 network of industrial control system is upgraded on the basis of the IPv4 network intrusion detection experiment,combining the message characteristics of the IPv6 protocol and the Modbus＿TCP protocol and the message characteristics of the DDo S attack data packet,and extracting important fields as input features of BP neural network.The BP neural network has strong capabilities in self-learning,self-adaptation and non-linear mapping capabilities,and has certain effects on protocol analysis.