The Design And Implementation Of Intrusion Detection Model For SCADA System

Supervisory Control And Data Acquisition(SCADA)is an important system in the production control system of water conservancy,electricity,gas,transportation,petrochemical etc..Its safe,stable and efficient operation is the basic guarantee for the growth of national economy and national security.However,the traditional SCADA system has always been considered as a closed system of physical isolation.People have not paid enough attention to the issue of information security.But with the development of information technology,especially the Internet of things,cloud computing,and a series of advanced technology,the extensive application of SCADA system is becoming more and more open.The deployment of intrusion detection system in SCADA is to meet the needs of the development of the times.Traditional intrusion detection systems are not able to resist attacks against SCADA systems.Because the traditional intrusion detection system is more suitable for the IT information system,its intrusion detection rules are designed for the IT information system,and can not use the SCADA system specific protocols for effective security network security.Therefore,in the new situation,the traditional intrusion detection system should be improved and applied in the SCADA system.This paper has participated in the implementation of the relevant SCADA system project,on the basis of a more in-depth understanding of the SCADA system,combined with some of the existing technology,and according to "the existing SCADA system intrusion detection of defects analysis ? to improve the traditional intrusion detection model?the design of SCADA system intrusion detection rules? the application of a new intrusion detection model ? experimental analysis" of logic main line to carry out the writing.The main research contents are as follows:The overall architecture of SCADA system and the current situation of information security research of SCADA system at home and abroad are analyzed.Introduce the concept of intrusion detection system,discuss the technical principle of the lightweight intrusion detection system Snort,and introduces the important function module of Snort.A scheme of improving SCADA intrusion detection model is proposed.By in Snort rule base added to the SCADA system special communication protocol messages to make rules to detect malicious attack traffic,detection engine work more efficiently,enhance to attack the data packet detection rate.The intrusion detection rules for TCP Modbus protocol data packets are designed,and the experimental results show that the intrusion detection rules can deal with the maliciousattacks in SCADA system.SysLog log management system was developed.This system can make the received attack event log in the form of a graphical interface display.It is more convenient for network security personnel to understand the status of the current network security as well.Intrusion detection model test platform was built,and the performance of the improved intrusion detection model and its influence on the performance of SCADA system in the process of operation were tested.The experimental results show that the improved intrusion detection model of this design is 2.26% higher than that of the traditional intrusion detection model.And the normal network transmission of the SCADA system will not be affected,and in compliance with the requirements of the SCADA system.This proves its validity and effectiveness.