CAJ | 학술논문

如何有效检测和防御工业病毒对应用层协议数据的攻击是目前工业安全网关研究的难点问题。本文提出了将Modbus TCP通讯流量转换为异常检测模型所需数据形式的预处理方法，设计了一种利用粒子群PSO算法进行参数寻优的PSO-SVM算法。该方法根据Modbus功能码序列中的模式短序列出现的频率，识别出异常的Modbus TCP通讯流量。最后，通过实验数据分析，说明了提出方法可以有效实现对Modbus功能码序列的异常检测。
여하유효검측화방어공업병독대응용층협의수거적공격시목전공업안전망관연구적난점문제。본문제출료장Modbus TCP통신류량전환위이상검측모형소수수거형식적예처리방법，설계료일충이용입자군PSO산법진행삼수심우적PSO-SVM산법。해방법근거Modbus공능마서렬중적모식단서렬출현적빈솔，식별출이상적Modbus TCP통신류량。최후，통과실험수거분석，설명료제출방법가이유효실현대Modbus공능마서렬적이상검측。
To detect and defend industry virus attacks to application layer protocol data is difficult issues in study of industrial security gateway .In this paper ,a data pre-processing method is presented ,which can convert Modbus TCP traffic into anomaly de-tection model ,and a PSO-SVM algorithm is designed ,which optimizes parameters by advanced Particle Swarm Optimization (PSO) algorithm .The method identifies anomalies of Modbus TCP traffic according to appear frequencies of the mode short sequence of Modbus function code sequence .Finally ,experimental data analysis shows that the proposed method can effectively detect abnormal of Modbus function code sequence .