| Summary: | 碩士 === 國立中興大學 === 資訊科學與工程學系所 === 107 === Industrial Control system (ICS) and Supervisory Control and Data Acquisition (SCADA) system usually do not include security design in their design phase. With the growing demands of automation and remote monitoring, ICSs become more complex and have greater internet connectivity. As a result, the risk of hacking on industrial control networks also increases. Therefore, designing an effective intrusion detection system (IDS) for ICS has become an important issue.
In this thesis, we design a honeypot to capture malicious packets of IEC 60870-5-104 protocol and then use deep packet analysis and machine learning algorithm to analyze the honeypot log. In the honeypot design, we add new codes to the open-source honeypot Conpot for supporting IEC 60870-5-104 protocol. The X-means clustering algorithm and Smith-Waterman Algorithm are used for generating and comparing attack gene sequences, respectively. If an attack sequence is unseen, then it is added to the attack signature database with appropriate class label. If an attack sequence is known in the attack signature database, then the proposed system will provide the characteristics of the attack, which in turn can be used as rules in intrusion detection system.
The experimental results show that the performance of the proposed method has about 90.9% for accuracy, 96% for precision, 91% for recall, and 92% for F1-score.
|
|---|
