Modbus Communication Behavior Modeling and SVM Intrusion Detection Method
| Title | Modbus Communication Behavior Modeling and SVM Intrusion Detection Method |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Shang, Wenli, Cui, Junrong, Wan, Ming, An, Panfeng, Zeng, Peng |
| Conference Name | Proceedings of the 6th International Conference on Communication and Network Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4783-9 |
| Keywords | composability, feature extraction, Industrial control network, Intrusion detection, Metrics, Modbus/TCP, network intrusion detection, pubcrawl, Resiliency, SVM |
| Abstract | The security and typical attack behavior of Modbus/TCP industrial network communication protocol are analyzed. The data feature of traffic flow is extracted through the operation mode of the depth analysis abnormal behavior, and the intrusion detection method based on the support vector machine (SVM) is designed. The method analyzes the data characteristics of abnormal communication behavior, and constructs the feature input structure and detection system based on SVM algorithm by using the direct behavior feature selection and abnormal behavior pattern feature construction. The experimental results show that the method can effectively improve the detection rate of abnormal behavior, and enhance the safety protection function of industrial network. |
| URL | http://doi.acm.org/10.1145/3017971.3017978 |
| DOI | 10.1145/3017971.3017978 |
| Citation Key | shang_modbus_2016 |