Anomaly Detection Method of Unknown Protocol in Power Industrial Control System Based on RNN

Abstract

The power industrial control system contains a large number of communication protocols. These protocols lack security consideration at the beginning of the design, which makes them face the risk of cyber attacks. Therefore, the anomaly detection of protocols plays an important role in improving the active defense capability of the power industrial control system. With the increasing number of private protocols, traditional methods based on protocol depth parsing cannot perform anomaly detection for unknown protocols. In this paper, we propose an anomaly detection method for unknown protocol in power industrial control system based on Recurrent Neural Network (RNN). Firstly, extract the payload of power industrial control traffic in application layer, and preprocess each field of the payload; Secondly, input the preprocessed field values as the feature quality to the built RNN model for training; Lastly, use the trained model for unknown protocol anomaly detection. The traffic data collected by the real substation is used for simulation. The experimental results show that the method in this paper can effectively detect the abnormality of unknown protocols, and has high accuracy and low false alarm rate. At the same time, it has significant advantages when compared with traditional machine algorithms.