公开(公告)号：US20210099470A1

公开(公告)日：2021-04-01

申请号：US16790699

申请日：2020-02-13

Applicant: INSTITUTE FOR INFORMATION INDUSTRY

Inventor： Chih-Ta LIN ,  Ding-Jie HUANG ,  Mei-Ling LEE ,  Yu-Ting TSOU

IPC: H04L29/06

Abstract: An intrusion detection device includes a connection interface and a processor. The processor is configured to obtain a network protocol data and an industrial operation data of each of the plurality of first packets; tag a first internet protocol (IP) address of the network protocol data with a first action role and tag a second internet protocol (IP) address of the network protocol data with a second action role respectively; obtain a related group of the first IP address, wherein the related group comprises a first industrial device information and a second industrial device information; and generate a rule list, wherein the rule list comprises the first action role, the first IP address, the second IP address, and contents of the related group, which the first action role on the rule list corresponds to the first industrial device information and the second industrial device information.

公开(公告)号：US20190166138A1

公开(公告)日：2019-05-30

申请号：US15835377

申请日：2017-12-07

Applicant: Institute For Information Industry

Inventor： Chih-Ta LIN ,  Sung-Lin WU ,  Mei-Ling LEE

IPC: H04L29/06

Abstract: A system and method for identifying application layer behavior are disclosed. In order to detect intrusion into an industrial control system, the system and method determine a current status of application layer behavior of the industrial control system by analyzing a current packet which is propagated between a master device and a slave device in the industrial control system, and identify whether the current status of the application layer behavior is normal according to a normal behavior status list.