Visible to the public Industrial Control Intrusion Detection Model Based on S7 Protocol

TitleIndustrial Control Intrusion Detection Model Based on S7 Protocol
Publication TypeConference Paper
Year of Publication2019
AuthorsTian, Zheng, Wu, Weidong, Li, Shu, Li, Xi, Sun, Yizhen, Chen, Zhongwei
Conference Name2019 IEEE 3rd Conference on Energy Internet and Energy System Integration (EI2)
Date PublishedNov. 2019
PublisherIEEE
ISBN Number978-1-7281-3137-5
Keywordsabnormal behavior detection, abnormal S7 protocol packet detection, anomaly detection, communication process, Companies, composite intrusion detection method, computer network security, deep analysis algorithm, Heuristic algorithms, ICs, industrial control, industrial control intrusion detection model, industrial control network security, industrial control system, industrial control systems, Internet, internet technology, Intrusion detection, national Industrial 4.0 strategy, networked control systems, Power systems, private industrial control protocols, production engineering computing, protocol analysis, protocol parsing technology, Protocols, pubcrawl, resilience, Resiliency, S7 data packet analysis, S7 protocol, Scalability, Siemens Company, static white list configuration complexity, static white list configuration portability, tradtonal protocol parsing technology, unsupervised learning, white list detection, white list self-learning, white list self-learning algorithm
Abstract

With the proposal of the national industrial 4.0 strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control networks has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens Company in Germany, which is widely used in the communication process of industrial control network. In this paper, an industrial control intrusion detection model based on S7 protocol is proposed. Traditional protocol parsing technology cannot resolve private industrial control protocols, so, this model uses deep analysis algorithm to realize the analysis of S7 data packets. At the same time, in order to overcome the complexity and portability of static white list configuration, this model dynamically builds a white list through white list self-learning algorithm. Finally, a composite intrusion detection method combining white list detection and abnormal behavior detection is used to detect anomalies. The experiment proves that the method can effectively detect the abnormal S7 protocol packet in the industrial control network.

URLhttps://ieeexplore.ieee.org/document/9062159/
DOI10.1109/EI247390.2019.9062159
Citation Keytian_industrial_2019