摘要
工控系统的物理基础设施、数据管理层和通信层易受网络攻击,而由于现代工业网络的特性,典型的信息安全方法无法满足其安全要求。为此,研究现代工控系统协议以及常见安全威胁,建立一个针对受攻击系统的统一建模框架,并设计集中式和分布式的过滤器。通过分析应用环境和筛选特征识别结果,识别欺骗、拒绝服务、隐秘、重放和隐蔽等典型的攻击和异常。实验结果表明,该模型能够增强工控系统的抗噪性和鲁棒性。
The physical infrastructure, the data management lay and the communication layer of Industrial Control System (ICS) are vulnerable to the network attacks,but due to the characteristics of modern industrial network, the typical information security methods cannot meet its security requirements. Through the research of modern ICS protocols and common security threats,this paper establishes a common modeling framework for ICS under attacks and designs centralized and distributed filters. By analyzing the application environment and filtering the feature recognition results, the identifications of typical attacks and anomalies are implemented, such as spoofing, denial of service, secret, covert playback and so on. Simulation results show that the proposed model can enhance the noise immunity and robstness of ICS.
出处
《计算机工程》
CAS
CSCD
北大核心
2017年第10期98-103,共6页
Computer Engineering
基金
工业和信息化部电子信息产业发展基金(财建[2013]757号)
关键词
工控系统
安全模型
攻击检测
攻击识别
零动态
Industrial Control System (ICS)
security model
attack detection
attack identification
zero dynamics