Industrial Control Intrusion Detection Model Based on S7 Protocol
Title | Industrial Control Intrusion Detection Model Based on S7 Protocol |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Tian, Zheng, Wu, Weidong, Li, Shu, Li, Xi, Sun, Yizhen, Chen, Zhongwei |
Conference Name | 2019 IEEE 3rd Conference on Energy Internet and Energy System Integration (EI2) |
Date Published | Nov. 2019 |
Publisher | IEEE |
ISBN Number | 978-1-7281-3137-5 |
Keywords | abnormal behavior detection, abnormal S7 protocol packet detection, anomaly detection, communication process, Companies, composite intrusion detection method, computer network security, deep analysis algorithm, Heuristic algorithms, ICs, industrial control, industrial control intrusion detection model, industrial control network security, industrial control system, industrial control systems, Internet, internet technology, Intrusion detection, national Industrial 4.0 strategy, networked control systems, Power systems, private industrial control protocols, production engineering computing, protocol analysis, protocol parsing technology, Protocols, pubcrawl, resilience, Resiliency, S7 data packet analysis, S7 protocol, Scalability, Siemens Company, static white list configuration complexity, static white list configuration portability, tradtonal protocol parsing technology, unsupervised learning, white list detection, white list self-learning, white list self-learning algorithm |
Abstract | With the proposal of the national industrial 4.0 strategy, the integration of industrial control network and Internet technology is getting higher and higher. At the same time, the closeness of industrial control networks has been broken to a certain extent, making the problem of industrial control network security increasingly serious. S7 protocol is a private protocol of Siemens Company in Germany, which is widely used in the communication process of industrial control network. In this paper, an industrial control intrusion detection model based on S7 protocol is proposed. Traditional protocol parsing technology cannot resolve private industrial control protocols, so, this model uses deep analysis algorithm to realize the analysis of S7 data packets. At the same time, in order to overcome the complexity and portability of static white list configuration, this model dynamically builds a white list through white list self-learning algorithm. Finally, a composite intrusion detection method combining white list detection and abnormal behavior detection is used to detect anomalies. The experiment proves that the method can effectively detect the abnormal S7 protocol packet in the industrial control network. |
URL | https://ieeexplore.ieee.org/document/9062159/ |
DOI | 10.1109/EI247390.2019.9062159 |
Citation Key | tian_industrial_2019 |
- S7 protocol
- private industrial control protocols
- production engineering computing
- protocol analysis
- protocol parsing technology
- Protocols
- pubcrawl
- resilience
- Resiliency
- S7 data packet analysis
- power systems
- Scalability
- Siemens Company
- static white list configuration complexity
- static white list configuration portability
- tradtonal protocol parsing technology
- Unsupervised Learning
- white list detection
- white list self-learning
- white list self-learning algorithm
- industrial control
- abnormal S7 protocol packet detection
- Anomaly Detection
- communication process
- Companies
- composite intrusion detection method
- computer network security
- deep analysis algorithm
- Heuristic algorithms
- ICs
- abnormal behavior detection
- industrial control intrusion detection model
- industrial control network security
- industrial control system
- Industrial Control Systems
- internet
- internet technology
- Intrusion Detection
- national Industrial 4.0 strategy
- networked control systems