A SECS2 TRAFFIC IDENTIFICATION METHOD COMBINING PACKET INSPECTION AND FLOW INSPECTION
In order to identify the application layer protocol used in the network packet,to ensure the security of the semiconductor production environment,the traditional recognition methods based on server port and feature words have certain limitations and cannot achieve the required accuracy.In view of this situation,a recognition model based on HSMS header information and the fixed pattern of SECS2 data is proposed,which combined deep packet inspection,deep flow inspection,and machine learning to identify the SECS2 traffic.Experimental results show that this model can effectively identify SECS2 packets,and the misjudgment rate is only 0.598 8%,which is 29.469 6%lower than the traditional identification method.
万方数据
维普
