ABNORMAL TRAFFIC DETECTION APPARATUS AND METHOD BASED ON MODBUS COMMUNICATION PATTERN LEARNING
First Claim
1. An abnormal traffic detection apparatus, comprising:
- a communication pattern classifier configured to monitor traffic generated in Modbus/TCP communication of a control system monitoring a remote resource during a predetermined period, and generate a Modbus communication pattern based on the monitored traffic; and
an abnormal behavior detector configured to detect abnormal traffic of the control system based on the generated Modbus communication pattern.
1 Assignment
0 Petitions
Accused Products
Abstract
An abnormal traffic detection apparatus and method based on Modbus communication pattern learning is provided. The abnormal traffic detection apparatus based on the Modbus communication pattern learning previously detects and responds to abnormal traffic on a Modbus/TCP protocol. According to the present invention, a communication service between control systems can be stably provided by previously detecting the abnormal traffic capable of interfering with a stable operation of the control system. Particularly, since the effective abnormal traffic on the Modbus/TCP protocol can be previously detected, security of the control system can be increased by rapid detection and response with respect to security threats on the Intranet of the control system, and availability can be secured.
-
Citations
20 Claims
-
1. An abnormal traffic detection apparatus, comprising:
-
a communication pattern classifier configured to monitor traffic generated in Modbus/TCP communication of a control system monitoring a remote resource during a predetermined period, and generate a Modbus communication pattern based on the monitored traffic; and an abnormal behavior detector configured to detect abnormal traffic of the control system based on the generated Modbus communication pattern. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An abnormal traffic detection method, comprising:
-
monitoring traffic generated in Modbus/TCP communication of a control system monitoring a remote resource during a predetermined period, and generating a Modbus communication pattern based on the monitored traffic; and detecting abnormal traffic of the control system based on the generated Modbus communication pattern. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification