工程科学学报,第41卷,第8期:1074-1084,2019年8月 Chinese Journal of Engineering,Vol.41,No.8:1074-1084,August 2019 DOI:10.13374/j.issn2095-9389.2019.08.013;http://journals.ustb.edu.cn 变频矢量控制系统入侵检测技术 曹策,解仑四,李连鹏,王志良 北京科技大学计算机与通信工程学院,北京100083 区通信作者,E-mail:xielune@usth.edu.cn 摘要针对采用以太网控制自动化技术(EtherCAT)工业总线的感应电机交-直-交变频矢量控制系统的入侵检测技术进行 了研究.首先通过对EtherCAT总线协议进行深度解析,结合目前为止已经发现的EtherCAT工业总线常见协议漏洞,提取协 议数据包的关键特征并构建EtherCAT总线协议入侵检测规则库,采用三维指针链表树作为针对EtherCAT总线协议规则库的 检索数据结构:其次,根据感应电机交-直-交变频矢量控制系统的物理模型,进行模型参数仿真计算,并根据仿真计算值,构 建矢量控制模型入侵特征的最小二乘支持向量机(least square support vector machine,LSSVM)分类器,使用混沌粒子群优化 (choatics particle swarm optimization,CPSO)算法对分类器的参数进行优化,二者共同构成了CPSO-LSSVM入侵检测分类算 法.异常数据包在被分类后,会被传递给Suricata入侵检测引擎进行精确规则匹配:最后为该入侵检测系统搭建物理实验环 境,经过测试,本文中的交-直-交变频矢量控制模型仿真结果动态性能良好,与实际矢量控制系统参数的波形变化趋势相近. 通过抽取KDD Cu99测试数据集中的一部分对该入侵检测系统实施DOS攻击、R2L、U2R以及PROBING攻击行为,验证该入 侵检测系统的有效性 关键词变频调速系统:人侵检测技术:EtherCAT总线:最小二乘支持向量机:规则匹配 分类号TP309.2 Intrusion detection techniques of variable-frequency vector control system CAO Ce,XIE Lun,LI Lian-peng,WANG Zhi-liang School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China XCorresponding author,E-mail:xielun@ustb.edu.en ABSTRACT As induction motors are the control core in variable-frequency speed-regulating systems,their efficient operation in in- dustrial production processes needs to be ensured.To realize this,the accuracy and security of control commands and equipment pa- rameters have been the priorities for industrial security protection research.This study aims to investigate the intrusion detection tech- niques of the AC-DC-AC variable-frequency vector control system for induction motors under EtherCAT industrial bus.First,the Eth- erCAT bus protocol is deeply analyzed,and combined with the EtherCAT industrial bus common protocol vulnerabilities that have been discovered so far,the key characteristics of the protocol data packets are extracted,and the EtherCAT bus protocol intrusion detection rule base is constructed.A three-dimensional pointer linked list tree is used as the retrieval data structure for the EtherCAT bus proto- col rule base.Second,model parameters are simulated and calculated based on the physical model of the AC-DC-AC inverter vector control system of the induction motor.Then a least-squares support vector machine (LSSVM)with the characteristics of vector control model intrusion is constructed on the basis of the simulation results,and the parameters of LSSVM classifier are optimized using the chaotic particle swarm optimization (CPSO)algorithm,both of which constitute the CPSO-LSSVM intrusion detection classification al- gorithm.After the anomaly data packets are classified,they will be transferred to the Suricata intrusion detection engine for precise rule 收稿日期:2018-11-21 基金项目:国家重点研发计划课题资助项目(2017YFB1302104):智能机器人与系统高精尖创新中心开放课题资助项目(2018RS01):国家自 然科学基金资助项目(61672093,61432004)工程科学学报,第 41 卷,第 8 期:1074鄄鄄1084,2019 年 8 月 Chinese Journal of Engineering, Vol. 41, No. 8: 1074鄄鄄1084, August 2019 DOI: 10. 13374 / j. issn2095鄄鄄9389. 2019. 08. 013; http: / / journals. ustb. edu. cn 变频矢量控制系统入侵检测技术 曹 策, 解 仑苣 , 李连鹏, 王志良 北京科技大学计算机与通信工程学院, 北京 100083 苣通信作者, E鄄mail: xielun@ ustb. edu. cn 摘 要 针对采用以太网控制自动化技术(EtherCAT)工业总线的感应电机交鄄鄄直鄄鄄交变频矢量控制系统的入侵检测技术进行 了研究. 首先通过对 EtherCAT 总线协议进行深度解析,结合目前为止已经发现的 EtherCAT 工业总线常见协议漏洞,提取协 议数据包的关键特征并构建 EtherCAT 总线协议入侵检测规则库,采用三维指针链表树作为针对 EtherCAT 总线协议规则库的 检索数据结构;其次,根据感应电机交鄄鄄直鄄鄄交变频矢量控制系统的物理模型,进行模型参数仿真计算,并根据仿真计算值,构 建矢量控制模型入侵特征的最小二乘支持向量机( least square support vector machine, LSSVM)分类器,使用混沌粒子群优化 (choatics particle swarm optimization, CPSO)算法对分类器的参数进行优化,二者共同构成了 CPSO鄄鄄 LSSVM 入侵检测分类算 法. 异常数据包在被分类后,会被传递给 Suricata 入侵检测引擎进行精确规则匹配;最后为该入侵检测系统搭建物理实验环 境,经过测试,本文中的交鄄鄄直鄄鄄交变频矢量控制模型仿真结果动态性能良好,与实际矢量控制系统参数的波形变化趋势相近. 通过抽取 KDD Cup99 测试数据集中的一部分对该入侵检测系统实施 DOS 攻击、R2L、U2R 以及 PROBING 攻击行为,验证该入 侵检测系统的有效性. 关键词 变频调速系统; 入侵检测技术; EtherCAT 总线; 最小二乘支持向量机; 规则匹配 分类号 TP309郾 2 收稿日期: 2018鄄鄄11鄄鄄21 基金项目: 国家重点研发计划课题资助项目(2017YFB1302104);智能机器人与系统高精尖创新中心开放课题资助项目(2018IRS01);国家自 然科学基金资助项目(61672093,61432004) Intrusion detection techniques of variable鄄frequency vector control system CAO Ce, XIE Lun 苣 , LI Lian鄄peng, WANG Zhi鄄liang School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing 100083, China 苣Corresponding author, E鄄mail: xielun@ ustb. edu. cn ABSTRACT As induction motors are the control core in variable鄄frequency speed鄄regulating systems, their efficient operation in in鄄 dustrial production processes needs to be ensured. To realize this, the accuracy and security of control commands and equipment pa鄄 rameters have been the priorities for industrial security protection research. This study aims to investigate the intrusion detection tech鄄 niques of the AC鄄鄄DC鄄鄄AC variable鄄frequency vector control system for induction motors under EtherCAT industrial bus. First, the Eth鄄 erCAT bus protocol is deeply analyzed, and combined with the EtherCAT industrial bus common protocol vulnerabilities that have been discovered so far, the key characteristics of the protocol data packets are extracted, and the EtherCAT bus protocol intrusion detection rule base is constructed. A three鄄dimensional pointer linked list tree is used as the retrieval data structure for the EtherCAT bus proto鄄 col rule base. Second, model parameters are simulated and calculated based on the physical model of the AC鄄鄄DC鄄鄄AC inverter vector control system of the induction motor. Then a least鄄squares support vector machine (LSSVM) with the characteristics of vector control model intrusion is constructed on the basis of the simulation results, and the parameters of LSSVM classifier are optimized using the chaotic particle swarm optimization (CPSO) algorithm, both of which constitute the CPSO鄄鄄LSSVM intrusion detection classification al鄄 gorithm. After the anomaly data packets are classified, they will be transferred to the Suricata intrusion detection engine for precise rule