Jisuanji kexue (Mar 2022)
Industrial Serial Protocol State Detection Algorithm Based on DTMC
Abstract
Aiming at the problem that the existing research on industrial security mainly focuses on industrial ethernet and lacks the research on serial link protocol protection,an industrial serial protocol state detection algorithm based on discrete time Mar-kov chain (DTMC) is proposed.This method utilizes the characteristics of limited behavior and state of the industrial control system (ICS),and automatically constructs the normal behavior model of ICS──DTMC,based on the historical traffic data of the serial link protocol.The model contains behavior information such as state event,state transition,state transition probability and state transition time interval.Then the behavior information contained in the model is used as the state detection rule set.When the state information generated in the detection phase is different from the state detection rule set information or the deviation exceeds the threshold,actions such as alarm or rejection are generated.At the same time,combined with the comprehensive packet inspection (CPI) technology,the detectable range of protocol payload data is increased.Finally,the experimental results show that the proposed algorithm can effectively detect semantic attacks and protect the security of serial links,the false positive rate is 5.3% and false negative rate is 0.6%.
Keywords
