基于Snort的工业控制网络靶场入侵检测方法研究  被引量：1

作　　者：田野[1] 刘畅[2] Tian Ye;Liu Chang(Xidian University Hangzhou Institute of Technology,Hangzhou Zhejiang,311200;Harbin Engineering University,Harbin Heilongjiang,150001)

机构地区：[1]西安电子科技大学杭州研究院,浙江杭州311200 [2]哈尔滨工程大学,黑龙江哈尔滨150001

出　　处：《工业信息安全》2023年第6期6-16,共11页Industry Information Security

基　　金：工业互联网数据安全检测响应与溯源系统项目(TC220H055)。

摘　　要：随着工业信息化的不断发展与转型,人工智能、云计算等前沿技术正在不断地整合到不同的工业流程中,为整个工业体系带来了巨大发展驱动力,但也使得工控网络面临外界入侵的风险。本文针对现如今工业控制网络架构面临的潜在安全威胁进行了研究分析,通过对常见的网络入侵行为进行模拟,以及对Snort入侵检测机制的研究,设计了一种基于Snort的入侵检测系统的靶场感知模块。该模块将Snort开源入侵检测系统作为本靶场网络攻防的设计核心,并通过分析工业控制网络协议的数据包,进行数据包检测模块的拓展。引入机器学习的相关知识,对CNN-BiLSTM神经网络模型的学习率与网络维度进行优化。实验结果表明,在网络流量数据集上,该模型取得了比CNN、LSTM等神经网络模型更好的检测准确率,对于新型网络攻击,该模型的检测性能较传统方法更好,能够更好地保护工业控制系统安全。With the advancement of science and technology and the continuous development and transformation of industrial informatization,cutting-edge technologies such as artificial intelligence and cloud computing are constantly being integrated into different industrial processes,which brings a huge driving force for the development of the entire industrial system and also makes industrial control The network is at risk of external intrusion.This paper researches and analyzes the security threats that the industrial control network architecture may face today.Through the simulation of common network intrusion behaviors and the research on the Snort intrusion detection mechanism,a shooting range awareness module of the Snort-based intrusion detection system is designed.This module uses the Snort open source intrusion detection system as the core of the network attack and defense design of the shooting range,and expands the data packet detection module by analyzing the data packets of the industrial control network protocol.Introduce the relevant knowledge of machine learning to optimize the learning rate and network dimension of the CNN-BiLSTM neural network model.On the network traffic data set,the model has achieved better detection accuracy than neural network models such as CNN and LSTM,and the detection success rate for new network attacks is nearly 63%.Experimental results show that the detection performance of the model is better than traditional methods,and it can better protect the security of industrial control systems.

关 键 词：工控网络靶场 SNORT 入侵检测 CNN-BiLSTM 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]