ABNORMALITY DETECTION DEVICE AND COMPUTER PROGRAM

To detect the generation of an aggression or an abnormality by a control system 1 of an open network.SOLUTION: An abnormality detection device comprises: a message acquisition part that acquires header information and a content of a pay load; a definition storage part that records a progress of a tr...

Full description

Saved in:
Bibliographic Details
Main Authors TAKUMI SHINYA, NAKATANI HIROSHI, MASAKI KATSUMI
Format Patent
LanguageEnglish
Japanese
Published 25.01.2024
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:To detect the generation of an aggression or an abnormality by a control system 1 of an open network.SOLUTION: An abnormality detection device comprises: a message acquisition part that acquires header information and a content of a pay load; a definition storage part that records a progress of a transition of a signature definition in which sequence information containing a condition corresponded to a transition of a state of a sequence and the transition, a condition determination order containing a processing order for determining an establishment or non-establishment of the condition corresponded to the transition on the basis of the content of the header information and the pay load, and a determination condition for determining the presence/absence of an abnormality in the transition of the state of the sequence information and the message are written, and passage information recording a passage of the transition of the state of the sequency; and an abnormality determination part that, in the case where a result condition obtained by adapting the content of the header information and the pay load to the condition determination order is established, determines the presence/absence of the abnormality of the message on the basis of the determination condition and the passage information by reading the transition of the state of the sequence corresponded to the condition from the sequence information, and reading the determination condition corresponded to the transition of the state from the signature definition.SELECTED DRAWING: Figure 1 【課題】オープンネットワーク化した制御システム1で攻撃や異常の発生を検出する。【解決手段】異常検知装置は、ヘッダ情報及びペイロードの内容を取得するメッセージ取得部と、シーケンスの状態の遷移及び該遷移に対応する条件を記述したシーケンス情報、ヘッダ情報及びペイロードの内容に基いて遷移に対応する条件の成立や不成立を判定する処理手順を記述した条件判定手順、シーケンス情報の状態の遷移とメッセージの異常の有無を判定する判定条件を記述したシグネチャ定義及びシーケンスの状態の遷移の経過を記録した経過情報を記憶する定義記憶部と、ヘッダ情報及びペイロードの内容を条件判定手順に適用した結果条件が成立する場合に、条件に対応するシーケンスの状態の遷移をシーケンス情報から読出し、状態の遷移に対応する判定条件をシグネチャ定義から読出し、判定条件と経過情報に基づいてメッセージの異常の有無を判定する異常判定部と、を備える。【選択図】図1
Bibliography:Application Number: JP20220113895