Abstract
AbstractDue to the complexity of industrial control systems and the diversity of protocols in networks, it is difficult to build intrusion detection models based on network characteristics and physical modeling. In order to build a better flow model without additional knowledge, we propose an intrusion detection method based on the content of network packets. The construction of the model is based on the idea of ZOE method. The similarity between flows is calculated through the sequential coverage algorithm, the normal flow model is established by multi-layered clustering algorithm, and the Count-Mean-Min Sketch is used to store and count the flow model. By comparing the unknown flow with the constructed normal flow model, we achieve the intrusion detection of industrial control system (ICS). The overall experimental results on 4 ICS datasets show that the improved method can effectively improve the detection rate and reduce the false-positive rate. The detection rate reached 96.7% on average, and the false-positive rate reached 0.7% on average.
Publisher
Springer Science and Business Media LLC
Subject
Computer Networks and Communications,Computer Science Applications,Signal Processing
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献