Method for Detecting Abnormal Message of Modbus TCP Protocol in Industrial Control Network
The industrial control network system contains a large amount of complex data such as Modbus message transmission data,TCP/IP host communication behavior data,and industrial control protocol data,which is easy to cause data redundancy,reduce the detection accuracy of abnormal messages,increase detection time,thus,the probability of industrial control network attacks increases.To this end,this paper proposes an SVM-based method for detecting abnormal packets of industrial control network Modbus TCP protocol.SVM is used to establish a hierarchical data model of industrial control network,Modbus pro-tocol messages are defined in the application layer,and kernel functions are used to discretely process non-stationary random Modbus protocol messages to reduce data redundancy in industrial control networks.Combined with the m-order Markov se-quence,the abnormal feature extraction of discrete Modbus protocol messages is carried out in the TCP/IP data link layer,and the abnormal detection of Modbus messages is completed.The simulation test results show that the proposed method can effec-tively reduce the data redundancy,the repeated data storage rate of the industrial control network is 0.39%;the detection ac-curacy of the Modbus TCP protocol abnormal message is 95.73%;the Modbus TCP protocol abnormal message detection time is 0.5 ms.It provides technical support for industrial control network security.
industrial control networkModbus messageTCP/IPSVMm-order Markov sequence