公开(公告)号：US20150381642A1

公开(公告)日：2015-12-31

申请号：US14699449

申请日：2015-04-29

Applicant: Electronics and Telecommunications Research Institute

Inventor： Byoung Koo KIM ,  Dong Ho KANG ,  Jung Chan NA ,  Seon Gyoung SOHN ,  Young Jun HEO

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L12/40 ,  H04L41/142 ,  H04L43/026 ,  H04L67/12 ,  H04L69/16 ,  H04L69/329 ,  H04L2012/40228

Abstract: An abnormal traffic detection apparatus and method based on Modbus communication pattern learning is provided. The abnormal traffic detection apparatus based on the Modbus communication pattern learning previously detects and responds to abnormal traffic on a Modbus/TCP protocol. According to the present invention, a communication service between control systems can be stably provided by previously detecting the abnormal traffic capable of interfering with a stable operation of the control system. Particularly, since the effective abnormal traffic on the Modbus/TCP protocol can be previously detected, security of the control system can be increased by rapid detection and response with respect to security threats on the Intranet of the control system, and availability can be secured.

Abstract translation: 提供了基于Modbus通信模式学习的异常流量检测装置和方法。 基于Modbus通信模式学习的异常流量检测装置可以检测并响应Modbus / TCP协议上的异常流量。 根据本发明，通过预先检测能够干扰控制系统的稳定运行的异常通信，可以稳定地提供控制系统之间的通信服务。 特别是，由于可以先检测到Modbus / TCP协议上的有效异常流量，因此可以通过对控制系统的内联网上的安全威胁的快速检测和响应来提高控制系统的安全性，并且可以确保可用性。

公开(公告)号：US20150341380A1

公开(公告)日：2015-11-26

申请号：US14667137

申请日：2015-03-24

Applicant: Electronics and Telecommunications Research Institute

Inventor： Young Jun HEO ,  Seon Gyoung SOHN ,  Byoung Koo KIM ,  Dong Ho KANG ,  Jung Chan NA

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1425 ,  H04L63/1458 ,  H04L69/22

Abstract: Provided are a system and method for detecting an abnormal behavior of a control system by analyzing flows of the control system. Flow information of the control network is collected, and flows are classified according to the collected flow information and a flow group is generated. An abnormal behavior of the control system is detected by analyzing flows of the generate flow group. That is, internal systems of the control network are grouped according to functions, and a situation of a system of a group performing the same function is managed to thus quickly detect an abnormal behavior of the control system.

Abstract translation: 提供了一种通过分析控制系统的流程来检测控制系统的异常行为的系统和方法。 收集控制网络的流量信息，根据收集的流量信息对流量进行分类，生成流量组。 通过分析生成流组的流量来检测控制系统的异常行为。 也就是说，控制网络的内部系统根据功能进行分组，并且管理执行相同功能的组的系统的情况，从而快速检测控制系统的异常行为。