Search International and National Patent Collections

1. (WO2018107631) AUTOMATIC ESTABLISHING METHOD AND APPARATUS FOR INTRUSION DETECTION MODEL BASED ON INDUSTRIAL CONTROL NETWORK

Pub. No.:    WO/2018/107631    International Application No.:    PCT/CN2017/080716
Publication Date: Fri Jun 22 01:59:59 CEST 2018 International Filing Date: Tue Apr 18 01:59:59 CEST 2017
IPC: H04W 12/12
H04L 29/06
Applicants: SHENYANG INSTITUTE OF AUTOMATION,THE CHINESE ACADEMY OF SCIENCES
中国科学院沈阳自动化研究所
Inventors: SHANG, Wenli
尚文利
ZHAO, Jianming
赵剑明
WAN, Ming
万明
LIU, Xianda
刘贤达
YIN, Long
尹隆
ZENG, Peng
曾鹏
YU, Haibin
于海斌
Title: AUTOMATIC ESTABLISHING METHOD AND APPARATUS FOR INTRUSION DETECTION MODEL BASED ON INDUSTRIAL CONTROL NETWORK
Abstract:
Disclosed is an automatic establishing method of an intrusion detection model based on an industrial control network, comprising: determining whether a first intrusion detection model meets a preset detection requirement, and if not, extracting communication behavior flow data in real time; setting a training data set and a test data set according to the communication behavior flow data; creating an initial intrusion detection model according to the training data set; and testing the initial intrusion detection model using the test data set, and creating a second intrusion detection model meeting a preset detection requirement according to the test result. The detection precision of the second intrusion detection model is high so that an intrusion detection rate of abnormal behaviors is increased, and a false alarm rate and a missing report rate are reduced.