-
摘要: 針對采用以太網控制自動化技術(EtherCAT)工業總線的感應電機交-直-交變頻矢量控制系統的入侵檢測技術進行了研究. 首先通過對EtherCAT總線協議進行深度解析, 結合目前為止已經發現的EtherCAT工業總線常見協議漏洞, 提取協議數據包的關鍵特征并構建EtherCAT總線協議入侵檢測規則庫, 采用三維指針鏈表樹作為針對EtherCAT總線協議規則庫的檢索數據結構; 其次, 根據感應電機交-直-交變頻矢量控制系統的物理模型, 進行模型參數仿真計算, 并根據仿真計算值, 構建矢量控制模型入侵特征的最小二乘支持向量機(least square support vector machine, LSSVM)分類器, 使用混沌粒子群優化(choatics particle swarm optimization, CPSO)算法對分類器的參數進行優化, 二者共同構成了CPSO-LSSVM入侵檢測分類算法. 異常數據包在被分類后, 會被傳遞給Suricata入侵檢測引擎進行精確規則匹配; 最后為該入侵檢測系統搭建物理實驗環境, 經過測試, 本文中的交-直-交變頻矢量控制模型仿真結果動態性能良好, 與實際矢量控制系統參數的波形變化趨勢相近. 通過抽取KDD Cup99測試數據集中的一部分對該入侵檢測系統實施DOS攻擊、R2L、U2R以及PROBING攻擊行為, 驗證該入侵檢測系統的有效性.
-
關鍵詞:
- 變頻調速系統 /
- 入侵檢測技術 /
- EtherCAT總線 /
- 最小二乘支持向量機 /
- 規則匹配
Abstract: As induction motors are the control core in variable-frequency speed-regulating systems, their efficient operation in industrial production processes needs to be ensured. To realize this, the accuracy and security of control commands and equipment parameters have been the priorities for industrial security protection research. This study aims to investigate the intrusion detection techniques of the AC-DC-AC variable-frequency vector control system for induction motors under EtherCAT industrial bus. First, the EtherCAT bus protocol is deeply analyzed, and combined with the EtherCAT industrial bus common protocol vulnerabilities that have been discovered so far, the key characteristics of the protocol data packets are extracted, and the EtherCAT bus protocol intrusion detection rule base is constructed. A three-dimensional pointer linked list tree is used as the retrieval data structure for the EtherCAT bus protocol rule base. Second, model parameters are simulated and calculated based on the physical model of the AC-DC-AC inverter vector control system of the induction motor. Then a least-squares support vector machine (LSSVM) with the characteristics of vector control model intrusion is constructed on the basis of the simulation results, and the parameters of LSSVM classifier are optimized using the chaotic particle swarm optimization (CPSO) algorithm, both of which constitute the CPSO-LSSVM intrusion detection classification algorithm. After the anomaly data packets are classified, they will be transferred to the Suricata intrusion detection engine for precise rule matching. Finally, a physical experiment environment is built for the intrusion detection system. The simulation results of the AC-DC-AC variable-frequency vector control model in this paper show good dynamic performance, which is similar to the trend of waveform change on actual vector control system parameters. The effectiveness of the intrusion detection system is verified by extracting part of the KDD Cup99 test dataset to implement the behaviors of attacks, such as the denial of service (DOS), remote-to-local (R2L), user-to-root (U2R), and Probing attacks on the intrusion detection system. -
圖 5 基于CPSO-LSSVM入侵檢測分類器檢測流程
Figure 5. Intrusion detection classifier detection process based on CPSO-LSSVM
圖 6 變頻矢量控制裝置各功能模塊的關系結構圖
Figure 6. Relationship structure diagram of each functional module of variable-frequency vector control device
圖 12 不同LSSVM參數值下入侵檢測準確性與實時性比較
Figure 12. Comparison of the intrusion detection accuracy and real-time performance under different LSSVM parameter values
表 1 常見EtherCAT通信協議異常行為
Table 1. Common EtherCAT communication protocol abnormal behavior
編號 協議異常行為 1 不合法異常數據地址、端口 2 數據包長度異常,可能存在潛在拒接服務攻擊 3 主/從站通信設備一直繁忙,可能存在潛在拒絕服務攻擊 4 通信相關計數器數值被全部清零,需重啟通信會話 5 未經授權的EtherCAT主站讀寫操作 6 掃描EtherCAT從站ID,造成信息泄露 7 更改收發信息方式,主、從站設備被同時隔離 8 不合法功能代碼帶來的異常數據操作 
下載: 導出CSV
表 2 EtherCAT五元組及參數信息對應數據位
Table 2. EtherCAT quintuple and parameter information corresponding data bits
編號 數據位 規則位置 關鍵字 數據解釋 1 00~03 五元組 dstIP 數據目的主機地址MAC 2 04~05 dstPort 數據目的主機地址端口 3 06~09 srcIP 數據源主機地址MAC 4 10~11 srcPort 數據源主機地址端口 5 12~13 Protl 通信協議類型 6 57~58 參數信息 Id 解耦所得d軸電流實際值 7 59~60 Iq 解耦所得q軸電流實際值 8 61~62 I_out 電機輸出電流 9 63~64 Te 電機輸出轉矩 10 65~66 n 電機實際轉速 11 67~68 Freq_out 電機輸出頻率 12 79~80 U 電機母線電壓檢測值 13 45~46 Rec_set 電機整流側啟停命令(控制指令) 14 47~48 Inv_set 電機逆變側啟停命令(控制指令) 15 49~50 Freq_set 電機頻率給定(控制指令)
下載: 導出CSV
表 3 仿真環境下感應電機參數
Table 3. Induction motor parameters under simulation environment
參數 額定值 參數 額定值 額定功率,P/W 5000 額定電壓,VN/V 380 極對數,nopp 4 額定頻率,fN/Hz 50 定子電阻,Rs/Ω 2.92 定子電感,Ls/H 0.013 轉子電阻,Rr/Ω 1.92 轉子電感,Lr/H 0.013 定、轉子互感,Lm/H 0.358 轉動慣量,J/(kg·m2) 0.1
下載: 導出CSV
表 4 不同攻擊模式下入侵檢測系統的檢測率及檢測準確率統計
Table 4. Detection rate and detection accuracy of intrusion detection systems under different attack modes
攻擊類型 檢測到的攻擊包數量 檢測到的正常包數量 誤檢數 檢測率
/%漏檢數 檢測準確率/% DOS 969 31 20 98.0 11 96.9 R2L 966 34 15 98.5 19 96.6 U2R 917 83 44 95.6 39 91.7 PROBING 986 14 0 100 14 98.6
下載: 導出CSV
表 5 不同攻擊模式下入侵檢測系統的檢測率及檢測準確率統計
Table 5. Detection rate and detection accuracy of intrusion detection systems under different attack modes
應用場景 協議類型 檢測時間/ms 檢測準確率/% 發電廠 Modbus/TCP < 1 99 數字變電站 DNP3/IEC 60870-5 < 254 100 水箱控制系統 Modbus/DNP3 — 93 供水系統 Modbus/TCP < 0.6 98 變頻矢量控制系統 EtherCAT/TCP < 1 >97
下載: 導出CSV
表 6 混沌粒子群優化后的LSSVM參數與常規LSSVM參數下入侵檢測實時性與準確性比較
Table 6. Comparison of the real-time performance and accuracy of intrusion detection between chaotic particle swarm optimization LSSVM parameters and conventional LSSVM parameters
LSSVM參數 檢測時間/ms 檢測準確率/% C=10, σ=0.125 20 96.28 C=50, σ=0.625 27 91.12 C=100, σ=1.250 23 90.45 C=500, σ=1.955 17 89.98 C=1000, σ=10.000 25 95.10 優化后的參數 21 98.96
下載: 導出CSV
259luxu-164<th id="5nh9l"></th> <strike id="5nh9l"></strike> <th id="5nh9l"><noframes id="5nh9l"><th id="5nh9l"></th> <strike id="5nh9l"></strike> <th id="5nh9l"><noframes id="5nh9l"> <th id="5nh9l"></th> <strike id="5nh9l"><noframes id="5nh9l"><span id="5nh9l"></span> <span id="5nh9l"><noframes id="5nh9l"><span id="5nh9l"></span> <strike id="5nh9l"><noframes id="5nh9l"><strike id="5nh9l"></strike> <span id="5nh9l"><noframes id="5nh9l"> <span id="5nh9l"><noframes id="5nh9l"> <span id="5nh9l"></span> <span id="5nh9l"><video id="5nh9l"></video></span> <th id="5nh9l"><noframes id="5nh9l"><th id="5nh9l"></th> -
參考文獻
[1] Haller P, Genge B. Using sensitivity analysis and cross-association for the design of intrusion detection systems in industrial cyber-physical systems. IEEE Access, 2017, 5: 9336 doi: 10.1109/ACCESS.2017.2703906 [2] Gao Y W, Zhou R K, Lai Y X, et al. Research on industrial control system intrusion detection method based on simulation modelling. J Commun, 2017, 38(7): 186 https://www.cnki.com.cn/Article/CJFDTOTAL-TXXB201707020.htm高一為, 周睿康, 賴英旭, 等. 基于仿真建模的工業控制網絡入侵檢測方法研究. 通信學報, 2017, 38(7): 186 https://www.cnki.com.cn/Article/CJFDTOTAL-TXXB201707020.htm [3] Colbert E, Sullivan D, Hutchinson A, et al. A process-oriented intrusion detection method for industrial control systems//11th International Conference on Cyber Warfare and Security. Boston, 2016: 497 http://ieeexplore.ieee.org/document/7479259/ [4] Shao C, Zhong L G. An information security solution scheme of industrial control system based on trusted computing. Inf Control, 2015, 44(5): 628 https://www.cnki.com.cn/Article/CJFDTOTAL-XXYK201505019.htm邵誠, 鐘梁高. 一種基于可信計算的工業控制系統信息安全解決方案. 信息與控制, 2015, 44(5): 628 https://www.cnki.com.cn/Article/CJFDTOTAL-XXYK201505019.htm [5] Sun Y A, Jing K, Wang Y Z. A network security protection research for industrial control system. J Inf Securyity Res, 2017, 3(2): 171 https://www.cnki.com.cn/Article/CJFDTOTAL-XAQY201702011.htm孫易安, 井柯, 汪義舟. 工業控制系統安全網絡防護研究. 信息安全研究, 2017, 3(2): 171 https://www.cnki.com.cn/Article/CJFDTOTAL-XAQY201702011.htm [6] Genge B, Haller P, Kiss I. Cyber-security-aware network design of industrial control systems. IEEE Syst J, 2017, 11(3): 1373 doi: 10.1109/JSYST.2015.2462715 [7] Knowles W, Prince D, Hutchison D, et al. A survey of cyber security management in industrial control systems. Int J Crit Infrastruct Prot, 2015, 9: 52 doi: 10.1016/j.ijcip.2015.02.002 [8] Chen X, Li D, Wan J F, et al. A clock synchronization method for EtherCAT master. Microprocessors Microsyst, 2016, 46: 211 doi: 10.1016/j.micpro.2016.03.002 [9] Al-khatib A A, Hassan R. Impact of IPSec protocol on the performance of network real-time applications: a review. Int J Network Security, 2017, 19(11): 800 http://www.researchgate.net/publication/318419235_Impact_of_IPSec_protocol_on_the_performance_of_network_Real-Time_Applications_A_Review [10] Panten N, Hoffmann N, Fuchs F W. Finite control set model predictive current control for grid-connected voltage-source converters with LCL filters: A study based on different state feedbacks. IEEE Trans Power Electron, 2016, 31(7): 5189 doi: 10.1109/TPEL.2015.2478862 [11] Villarroel F, Espinoza J R, Rojas C A, et al. Multiobjective switching state selector for finite-states model predictive control based on fuzzy decision making in a matrix converter. IEEE Trans Ind Electron, 2013, 60(2): 589 doi: 10.1109/TIE.2012.2206343 [12] Song Z W, Zhou R K, Lai Y X, et al. Anomaly detection method of ICS based on behavior model. Comput Sci, 2018, 45(1): 233 https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA201801044.htm宋站威, 周睿康, 賴英旭, 等. 基于行為模型的工控異常檢測方法研究. 計算機科學, 2018, 45(1): 233 https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA201801044.htm [13] Ambusaidi M A, He X J, Nanda P, et al. Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput, 2016, 65(10): 2986 doi: 10.1109/TC.2016.2519914 [14] Duan Q C, Zhou H X, Zeng Y, et al. Application of PSOEM-LSSVM in medium and long term power load forecasting. Comput Sci, 2013, 40(6A): 41 https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2013S1008.htm段其昌, 周華鑫, 曾勇, 等. 帶擴展記憶的粒子群優化最小二乘支持向量機在中長期電力負荷預測中的應用. 計算機科學, 2013, 40(6A): 41 https://www.cnki.com.cn/Article/CJFDTOTAL-JSJA2013S1008.htm [15] Qiao Z L, Zhang L, Zhou J X, et al. Soft sensor modeling method based on improved CPSO-LSSVM and its applications. Chin J Sci Instrum, 2014, 35(1): 234 https://www.cnki.com.cn/Article/CJFDTOTAL-YQXB201401032.htm喬宗良, 張蕾, 周建新, 等. 一種改進的CPSO-LSSVM軟測量模型及其應用. 儀器儀表學報, 2014, 35(1): 234 https://www.cnki.com.cn/Article/CJFDTOTAL-YQXB201401032.htm [16] Huang W Y, Gao Y Q, Zhang Y H. Tuning PID parameters using modified CPSO algorithm. Comput Sci, 2014, 41(11): 278 doi: 10.11896/j.issn.1002-137X.2014.11.054黃為勇, 高玉芹, 張艷華. 一種采用改進CPSO算法的PID參數整定方法. 計算機科學, 2014, 41(11): 278 doi: 10.11896/j.issn.1002-137X.2014.11.054 [17] Liu M Z. Network intrusion detection based on CPSO-LSSVM. Comput Eng, 2013, 39(11): 131 doi: 10.3969/j.issn.1000-3428.2013.11.029劉明珍. 基于CPSO-LSSVM的網絡入侵檢測. 計算機工程, 2013, 39(11): 131 doi: 10.3969/j.issn.1000-3428.2013.11.029 [18] Zhou C J, Huang S, Xiong N X, et al. Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation. IEEE Trans Syst Man Cybernetics Syst, 2015, 45(10): 1345 doi: 10.1109/TSMC.2015.2415763 [19] Lu Y, Yu X Z. Intrusion detection technology of many-core platform based on parallel queue. Intell Comput Appl, 2017, 7(5): 82 doi: 10.3969/j.issn.2095-2163.2017.05.022陸遙, 余翔湛. 基于并行隊列的眾核平臺入侵檢測系統. 智能計算機與應用, 2017, 7(5): 82 doi: 10.3969/j.issn.2095-2163.2017.05.022 [20] Wu Z J, Zhang L Y, Yue M. Low-rate DoS attacks detection based on network multifractal. IEEE Trans Dependable Secure Comput, 2016, 13(5): 559 doi: 10.1109/TDSC.2015.2443807 [21] Ntalampiras S. Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans Ind Informatics, 2015, 11(1): 104 doi: 10.1109/TII.2014.2367322 [22] Sun L L, Song W F. Network intrusion detection by combination of CPSO and LSSVM. Comput Eng Appl, 2013, 49(9): 90 doi: 10.3778/j.issn.1002-8331.1111-0585孫蘭蘭, 宋雯斐. CPSO和LSSVM融合的網絡入侵檢測. 計算機工程與應用, 2013, 49(9): 90 doi: 10.3778/j.issn.1002-8331.1111-0585 -
點擊查看大圖
圖(12) / 表(6)
計量
- 文章訪問數: 928
- HTML全文瀏覽量: 376
- PDF下載量: 16
- 被引次數: 0
