Automatic Control Network Anomaly Detection Based on Behavior Understanding

Abstract

In automatic control networks, for man-in-the-middle attacks, they tamper with the control instructions and the underlying feedback data, but the protocol and format of the data packet, making the attack difficult to detect. In this paper, we introduce a network intrusion detection model based on the automatic control network behavior understanding and machine learning. The model can understand the operating status of the control network from the correlation of parameter status, find abnormal behavior status that does not conform to the normal operating status, and locate and trace the source of the tampered instruction or parameter to understand the attacker's intention. We verified the feasibility and practicability of the model in simulating real automatic control network scenarios.