Method for detecting anomaly of Modbus TCP (transmission control protocol) communication on basis of SVM (support vector machine)

The invention provides a method for detecting anomaly of Modbus TCP (transmission control protocol) communication of industrial control systems on the basis of a SVM (support vector machine). The method has the advantages that processes for selecting and processing features of Modbus TCP communication sequences, preprocessing processes for obtaining data formats required by an SVM anomaly detection model by means of conversion and PSO (particle swarm optimization)-SVM anomaly detection processes for optimizing parameters by the aid of particle swarm optimization (PSO) are designed, so that the classification and identification precision of the method can be improved; abnormal Modbus TCP communication flow in the industrial control systems can be identified by the aid of the method on the basis of frequencies of occurrence of mode short sequences in Modbus function code sequences, and accordingly unknown attack behavior can be identified.