부산대학교 도서관

With the integration of industrial control systems and the Internet, industrial control systems are facing more and more threats on the network, which can easily cause devastating consequences. Therefore, the research on anomaly detection of industrial control systems is of great significance. Unlike the Internet, the protocols adopted by most industrial control system command transmissions cannot be interpreted by machines. This makes it difficult for anomaly detection systems in industrial control systems. This paper proposes a pre-classification step and method for the construction of the state machine of the industrial control system command protocol. Because the shape of the command data of the industrial control system is unknown due to the lack of prior knowledge, we choose the DBSCAN cluster that can find any data shape. Aiming at the problem that the DBSCAN clustering algorithm has a large amount of calculation in the face of a large number of high-latitude data, the BLOCK-DBSCAN clustering algorithm is introduced to reduce the time complexity; for the data classification problem lacking prior knowledge, an adaptive BLOCK-DBSCAN algorithm is proposed. DBSCAN clustering algorithm. Finally, the superiority of our proposed algorithm is verified by comparing it with other clustering algorithms on three public datasets.