Network Security Situation Analysis And Research Based On Industrial Control Network Data

With the rapid development of industrial informatization,the integration of new generation information technology and industrial control systems has gradually deepened.The traditional protection mode of industrial control systems has been difficult to adapt to the complex industrial control network environment.In recent years,security incidents such as internal information leakage and external network attacks have occurred frequently in industrial control systems.In such a security situation,it is particularly important to analyze and research the security situation of industrial control networks.Firstly,the paper conducts in-depth research on data acquisition technology,anomaly detection technology,and security situation analysis technology,analyzes the architecture of industrial control systems and their network communication environment in detail,and summarizes the potential security risks and attack threats of existing industrial control network systems.Based on this,a security situation analysis system architecture for industrial control networks is designed from the perspective of users and traffic.Then,the core modules of the system are designed in detail.In terms of user behavior detection,this paper obtains user access behavior logs from the industrial control system security gateway and business systems,uses attribute graphs to perform correlation analysis on user access behavior,and designs a user access behavior anomaly detection model based on UEBA.In terms of traffic detection,network probes are implemented and deployed to obtain network traffic data.A dynamic prediction model for industrial control network traffic is designed using the idea of sliding windows,and the model is improved.A traffic anomaly detection model based on SARIMA-LSTM is proposed.In order to verify the model detection effect,this paper obtained user log data and traffic data from industrial control systems as a dataset,designed experiments and analyzed the detection effects of each model.The results show that the anomaly detection model designed in this paper has good accuracy.Finally,implement and test the system modules according to the design scheme.The paper implements six functional modules of the system,and introduces the implementation scheme and system interface of each module in detail.Subsequently,the system operating environment is designed and built.System testing is conducted in the industrial control laboratory.The test results show that the system exhibits a high accuracy rate of anomaly detection,which can greatly improve the accuracy of industrial control network security situation analysis.