变频矢量控制系统入侵检测技术

Intrusion detection techniques of variable-frequency vector control system

  • 摘要: 针对采用以太网控制自动化技术(EtherCAT)工业总线的感应电机交-直-交变频矢量控制系统的入侵检测技术进行了研究. 首先通过对EtherCAT总线协议进行深度解析, 结合目前为止已经发现的EtherCAT工业总线常见协议漏洞, 提取协议数据包的关键特征并构建EtherCAT总线协议入侵检测规则库, 采用三维指针链表树作为针对EtherCAT总线协议规则库的检索数据结构; 其次, 根据感应电机交-直-交变频矢量控制系统的物理模型, 进行模型参数仿真计算, 并根据仿真计算值, 构建矢量控制模型入侵特征的最小二乘支持向量机(least square support vector machine, LSSVM)分类器, 使用混沌粒子群优化(choatics particle swarm optimization, CPSO)算法对分类器的参数进行优化, 二者共同构成了CPSO-LSSVM入侵检测分类算法. 异常数据包在被分类后, 会被传递给Suricata入侵检测引擎进行精确规则匹配; 最后为该入侵检测系统搭建物理实验环境, 经过测试, 本文中的交-直-交变频矢量控制模型仿真结果动态性能良好, 与实际矢量控制系统参数的波形变化趋势相近. 通过抽取KDD Cup99测试数据集中的一部分对该入侵检测系统实施DOS攻击、R2L、U2R以及PROBING攻击行为, 验证该入侵检测系统的有效性.

     

    Abstract: As induction motors are the control core in variable-frequency speed-regulating systems, their efficient operation in industrial production processes needs to be ensured. To realize this, the accuracy and security of control commands and equipment parameters have been the priorities for industrial security protection research. This study aims to investigate the intrusion detection techniques of the AC-DC-AC variable-frequency vector control system for induction motors under EtherCAT industrial bus. First, the EtherCAT bus protocol is deeply analyzed, and combined with the EtherCAT industrial bus common protocol vulnerabilities that have been discovered so far, the key characteristics of the protocol data packets are extracted, and the EtherCAT bus protocol intrusion detection rule base is constructed. A three-dimensional pointer linked list tree is used as the retrieval data structure for the EtherCAT bus protocol rule base. Second, model parameters are simulated and calculated based on the physical model of the AC-DC-AC inverter vector control system of the induction motor. Then a least-squares support vector machine (LSSVM) with the characteristics of vector control model intrusion is constructed on the basis of the simulation results, and the parameters of LSSVM classifier are optimized using the chaotic particle swarm optimization (CPSO) algorithm, both of which constitute the CPSO-LSSVM intrusion detection classification algorithm. After the anomaly data packets are classified, they will be transferred to the Suricata intrusion detection engine for precise rule matching. Finally, a physical experiment environment is built for the intrusion detection system. The simulation results of the AC-DC-AC variable-frequency vector control model in this paper show good dynamic performance, which is similar to the trend of waveform change on actual vector control system parameters. The effectiveness of the intrusion detection system is verified by extracting part of the KDD Cup99 test dataset to implement the behaviors of attacks, such as the denial of service (DOS), remote-to-local (R2L), user-to-root (U2R), and Probing attacks on the intrusion detection system.

     

/

返回文章
返回