工业控制系统入侵检测研究综述

赖英旭; 刘增辉; 蔡晓田; 杨凯翔

doi:10.11959/j.issn.1000-436x.2017036

您当前的位置：

首页 >

文章列表页 >

工业控制系统入侵检测研究综述

综述 | 更新时间：2024-06-05

- 工业控制系统入侵检测研究综述
- Research on intrusion detection of industrial control system
- 通信学报 2017年38卷第2期页码：143-156
- 作者机构：
  
  1. 北京工业大学信息学部计算机学院，北京 100124
  2. 北京电子科技职业学院自动化工程学院，北京 100176
- 作者简介：
  
  [ "赖英旭（1973-），女，辽宁抚顺人，北京工业大学教授，主要研究方向为工业控制网络安全和软件定义网络安全。" ]
  [ "刘增辉（1963-），男，北京人，北京电子科技职业学院教授，主要研究方向为机电一体化技术和工业控制网络安全。" ]
  [ "蔡晓田（1994-），女，山西运城人，北京工业大学硕士生，主要研究方向为工控网络安全和入侵检测。" ]
  [ "杨凯翔（1992-），男，甘肃兰州人，北京工业大学硕士生，主要研究方向为工控网络安全、入侵检测和漏洞挖掘。" ]
- 基金信息：
  
  国家智能制造专项基金资助项目([2015]1170)
- DOI：10.11959/j.issn.1000-436x.2017036
  中图分类号： TP309
- 网络出版日期：2017-02，
  
  纸质出版日期：2017-02-25
- 稿件说明：
移动端阅览
赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017,38(2):143-156.

Ying-xu LAI, Zeng-hui LIU, Xiao-tian CAI, et al. Research on intrusion detection of industrial control system[J]. Journal on communications, 2017, 38(2): 143-156.
赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017,38(2):143-156. DOI： 10.11959/j.issn.1000-436x.2017036.

Ying-xu LAI, Zeng-hui LIU, Xiao-tian CAI, et al. Research on intrusion detection of industrial control system[J]. Journal on communications, 2017, 38(2): 143-156. DOI： 10.11959/j.issn.1000-436x.2017036.

摘要

工业控制系统是国家关键基础设施的重要组成部分，一旦遭受网络攻击，会造成财产损失、人员伤亡等严重后果。为向工控安全领域的研究人员提供理论支持，对工控系统攻击的特点和检测难点进行了分析，报告了工业系统中入侵检测技术的研究现状，并对不同检测技术的性能和特点进行了比较，最后生成了一份工业入侵检测研究综述。

Abstract

Industrial control system was an important part of national critical infrastructure

once it was suffered from the cyber attack

it would cause property damage

casualties and other serious disasters.For providing theoretical supports to industrial security researchers

the features of attacks in an industrial control system and the difficulties of detection to these attacks were introduced.Then

a survey of intrusion detection technologies used by the industrial control systems was given.Also

the performance and characteristic were compared for the different types of detection technologies.Fi-nally

an industrial intrusion detection research was generated.

关键词

Keywords

references

DONALD P C . The application of autonomic computing for the protection of industrial control systems [M ] . Tucson : The University of ArizonaPress , 2011 .

《国家信息安全标准化"十一五"规划》(摘登) [EB/OL ] . http://wenku.baidu.com/view/71b8206eb84ae45c3b358cb4.html http://wenku.baidu.com/view/71b8206eb84ae45c3b358cb4.html , 2007 .

National information security standardization of 11th five-year planning (act) [EB/OL ] . http://wenku.baidu.com/view/71b8206eb84ae 45c3b358cb4.html http://wenku.baidu.com/view/71b8206eb84ae 45c3b358cb4.html , 2007 .

《关于加强工业控制系统信息安全管理的通知》工信部协[2011]451号 [EB/OL ] . http://wenku.baidu.com/view/53681f4fe45c3b3567ec8b08. html http://wenku.baidu.com/view/53681f4fe45c3b3567ec8b08. html , 2011 .

The notice to strengthen information security management of industrial control system [EB/OL ] . http://wenku.baidu.com/view/53681f4fe45 c3b3567ec8b08.html http://wenku.baidu.com/view/53681f4fe45 c3b3567ec8b08.html , 2011 .

中华人民共和国国务院 . 国务院关于大力推进信息化发展和切实保障信息安全的若干意见 [EB/OL ] . http://www.gov.cn/ zwgk/2012-07/17/content_2184979.htm http://www.gov.cn/ zwgk/2012-07/17/content_2184979.htm , 2012 .

The State Council of the People's Republic of China . The State Council on vigorously promote the development of information technology and ensure the several opinions of the information security [EB/OL ] . http://www.gov.cn/zwgk/2012-07/17/content_2184979.htm http://www.gov.cn/zwgk/2012-07/17/content_2184979.htm , 2012 .

国家发展和改革委员会高技术产业司 . 国家发展改革委办公厅关于组织实施2012年国家信息安全专项有关事项的通知(发改办高技[2012]2019号) [EB/OL ] . http://www.bjpc.gov.cn/tztg/201208/P020120828415567913703.pdf http://www.bjpc.gov.cn/tztg/201208/P020120828415567913703.pdf , 2012 .

The National Development and Reform Commission,the High Technology Industry Company.General Office of the National Development and Reform . Commission about the notice to organizing the implementation of the national information security 2012 special matters (The National Development and Reform Commission and The High Technology Industry Company[2012]No.2019) [EB/OL ] . http://www.bjpc.gov.cn/tztg/201208/P020120828415567913703.pdf http://www.bjpc.gov.cn/tztg/201208/P020120828415567913703.pdf , 2012 .

国家发展和改革委员会高技术产业司 . 国家发展改革委办公厅关于组织实施2013年国家信息安全专项有关事项的通知(发改办高技[2013]1965号) [EB/OL ] . http://www.ndrc.gov.cn/zcfb/zcfbtz/ 2013tz/t20130822_554528.htm http://www.ndrc.gov.cn/zcfb/zcfbtz/ 2013tz/t20130822_554528.htm , 2013 .

The National Development and Reform Commission,the High Technology Industry Company . General Office of the National Development and Reform.Commission about the notice to organizing the implementation of the national information security 2013 special matters (The National Development and Reform Commission and the High Technology Industry Company[2013]No.1965) [EB/OL ] . http://www.ndrc.gov.cn/zcfb/zcfbtz/2013tz/t20130822_554528.htm http://www.ndrc.gov.cn/zcfb/zcfbtz/2013tz/t20130822_554528.htm , 2013 .

“工业控制系统深度安全技术”列入科技部发布的“网络空间安全”重点专项2016年度项目申报指南 [EB/OL ] . http://www.kongzhi.net/news/detail_156575.html http://www.kongzhi.net/news/detail_156575.html , 2016 .

Industrial control system profound security technology" included in "cyberspace security" 2016 special project application guide the sci-ence and technology ministry published [EB/OL ] . http://www.kong-zhi.net/news/detail_156575.html http://www.kong-zhi.net/news/detail_156575.html , 2016 .

SHIN S , KWON T , JO G Y , et al . An experimental study of hierarchical intrusion detection for wireless industrial sensor networks [J ] . IEEE Transactions on Industrial Informatics , 2010 , 6 ( 4 ): 744 - 757 .

JONES R A , HOROWITZ B . A system-aware cyber security architecture [J ] . Systems Engineering , 2012 , 15 ( 2 ): 225 - 240 .

胡毅 , 于东 , 刘明烈 . 工业控制网络的研究现状及发展趋势 [J ] . 计算机科学 , 2010 , 37 ( 1 ): 23 - 28 .

HU Y , YU D , LIU M L . Present research and developing trends on industrial control network [J ] . Computer Science , 2010 , 37 ( 1 ): 23 - 28 .

王玉敏 , 丁露 . 工业控制系统(ICS)概述和与IT系统的比较 [J ] . 中国仪器仪表 , 2012 ,( 2 ): 37 - 43 .

WANG Y M , DING L . Industry control system (ICS) overview and comparison with the IT system [J ] . China Instrumentation , 2012 ,( 2 ): 37 - 43 .

张帅 . 工业控制系统安全风险分析 [J ] . 信息安全与通信保密 , 2012 ( 3 ): 15 - 19 .

ZHANG S . The security risk analysis of the industrial control system [J ] . Information Security and Communications Privacy , 2012 ( 3 ): 15 - 19 .

王玉敏 . 工业控制系统的常见攻击 [J ] . 中国仪器仪表 , 2012 ( 3 ): 60 - 65 .

WANG Y M . The general attacks and how to protect the ICS [J ] . China Instrumentation , 2012 ( 3 ): 60 - 65 .

张凤登 , 谢力 , 应启戛 . 噪声环境中采用探询机制的局域网性能分析 [J ] . 通信学报 , 2002 , 23 ( 6 ): 7 - 13 .

ZHANG F D , XIE L , YING Q J . Performance analysis of LAN using polling mechanism in a noisy environment [J ] . Journal of China Institute of Communications , 2002 , 23 ( 6 ): 7 - 13 .

LIU C C , STEFANOW A . Cyber–power system security in a smart grid environment [C ] // IEEE PES Innovative Smart Grid Technologies . 2012 : 1 - 3 .

BARBOSA R , SADRE R , PRAS A . Towards periodicity based anom-aly detection in SCADA networks [C ] // The 17th International Conference on Emerging Technologies ＆ Factory Automation . 2012 : 1 - 4 .

侯重远 , 江汉红 , 芮万智 , 等 . 工业网络流量异常检测的概率主成分分析法 [J ] . 西安交通大学学报 , 2012 , 46 ( 2 ): 70 - 75 .

HOU C Y , JIANG H H , RUI W Z , et al . A probabilistic principal component analysis approach for detecting traffic anomaly in industrial networks [J ] . Academic Journal of Xi'an Jiaotong University , 2012 , 46 ( 2 ): 70 - 75 .

VOLLMER T,ALVES-FOSS J , MANIC M . Autonomous rule creation for intrusion detection [C ] // IEEE Symposium on Computational Intelligence in Cyber Security . 2011 : 1 - 8 .

MORRIS T , VAUGHN R , DANDASS Y . A retrofit network intrusion detection system for modbus RTU and ASCII industrial control systems [C ] // The 45th Hawaii International Conference on System Science . 2012 : 2338 - 2345 .

HONG J , LIU C C , GOVINDARASU M . Integrated anomaly detection for cyber security of the substations [J ] . IEEE Transactions on Smart Grid , 2014 , 5 ( 4 ): 1643 - 1653 .

VOLLMER T , MANIC M . Computationally efficient neural network intrusion security awareness [C ] // The 2nd International Symposium on Resilient Control Systems . 2009 : 25 - 30 .

LINDA O , VOLLMER T , MANIC M . Neural network based intrusion detection system for critical infrastructures [C ] // International Joint Conference on Neural Networks . 2009 : 1827 - 1834 .

VOLLMER T , MANIC M . Cyber-physical system security with deceptive virtual hosts for industrial control networks [J ] . IEEE Transactions on Industrial Informatics , 2014 , 10 ( 2 ): 1337 - 1347 .

TSANG C H , KWONG S . Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction [C ] // International Conference on Industrial Technology . 2005 : 115 - 120 .

GAO W , MORRIS T , REAVES B , et al . On SCADA control system command and response injection and intrusion detection [C ] // The 5th Annual Anti-Phishing Working Group eCrime Researchers Summit . 2010 : 1 - 9 .

KWON Y J , KIM H K , LIM Y H , et al . A behavior-based intrusion detection technique for smart grid infrastructure [C ] // PowerTech Conference . 2015 : 1 - 6 .

HADZIOSMANOVIC D , SIMIONATO L , BOLZONI D , et al . N-gram against the machine:on the feasibility of the n-gram network analysis for binary protocols [C ] // The 15th International Symposium on Research in Attacks,Intrusions,and Defenses . 2012 : 354 - 373 .

BARBOSA R , PRAS A . Intrusion detection in SCADA networks [C ] // The 4th International Conference on Autonomous Infrastructure,Management and Security , 2010 : 163 - 166 .

CARCANO A , FOVINO I N , MASERA M , et al . State-based network intrusion detection systems for SCADA protocols:a proof of concept [C ] // The 4th International Workshop on Critical Information Infrastructures Security . 2010 : 138 - 150 .

PARVANIA M , KOUTSANDRIA G , MUTHUKUMARY V , et al . Hybrid control network intrusion detection systems for automated power distribution systems [C ] // The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks . 2014 : 774 - 779 .

HONG J H , WU S S , STEFANOV A . An intrusion and defense testbed in a cyber-power system environment [C ] // IEEE Power and Energy Society General Meeting . 2011 : 1 - 5 .

ZHOU C , HUANG S , XIONG N , et al . Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation [J ] . IEEE Transactions on System,Man and Cybernetics-Systems , 2015 , 45 ( 10 ): 1345 - 1360 .

SHANG W L , LI L , WAN M , et al . Industrial communication intrusion detection algorithm based on improved one-class SVM [C ] // 2015 World Congress on Industrial Control System Security . 2015 : 21 - 25 .

LIN H , SLAGELL A , KALLBARCZYK Z , et al . Semantic security analysis of SCADA networks to detect malicious control commands in power grids [C ] // The First ACM Workshop on Smart Energy Grid Security . 2013 : 29 - 34 .

HADZIOSMANOVIC D , SOMMER R , ZAMBON E , et al . Through the eye of the PLC:semantic security monitoring for industrial processes [C ] // The 30th Annual Computer Security Applications Conference . 2014 : 126 - 135 .

MITCHELL R , CHEN I R . Behavior rule based intrusion detection for supporting secure medical cyber physical systems [C ] // The 21st International Conference on Computer Communication and Networks . 2012 : 1 - 7 .

MITCHELL R , CHEN I R . Specification based intrusion detection for unmanned aircraft systems [C ] // The first ACM MobiHoc Workshop on Airborne Networks and Communications . 2012 : 31 - 36 .

MITCHELL R , CHEN I R . Behavior rule based intrusion detection systems for safety critical smart grid applications [J ] . IEEE Transactions on Smart Grid , 2013 , 4 ( 3 ): 1254 - 1263 .

MITCHELL R , CHEN I R . A survey of intrusion detection techniques for cyber physical systems [J ] . ACM Computing Surveys , 2014 , 46 ( 4 ): 1 - 27 .

MITCHELL R , CHEN I R . Behavior rule specification-based intrusion detection for safety critical medical cyber physical system [J ] . IEEE Transactions on Dependable and Secure Computing , 2015 , 12 ( 1 ): 16 - 30 .

OMAN P , PHILIPS M . Intrusion detection and event monitoring in SCADA networks [C ] // The 1st Annual IFIP International Conference on Critical Infrastructure Protection . 2008 : 161 - 173 .

LINDA O , MANIC M , VOLLMER T , et al . Fuzzy logic based anomaly detection for embedded network security cyber sensor [C ] // IEEE Symposium on Computational Intelligence in Cyber Security . 2011 : 202 - 209 .

PONOMAREV S , ATKISON T . Industrial control system network intrusion detection by telemetry analysis [J ] . IEEE Transactions on Dependable and Secure Computing , 2016 , 13 ( 2 ): 252 - 260 .

NARSINGYANI D , KALE O . Optimizing false positive in anomaly based intrusion detection using genetic algorithm [C ] // The 3rd International Conference on MOOCs,Innovation and Technology in Education . 2015 : 72 - 77 .

DUSSEL P , GEHL C , LASKOV P . Cyber-critical infrastructure protection using real-time payload-based anomaly detection [C ] // The 4th International Workshop on Critical Information Infrastructure Security . 2010 : 85 - 97 .

王海凤 . 工业控制网络的异常检测与防御资源分配研究 [D ] . 浙江大学 , 2014 .

WANG H F . On anomaly detection and defense resource allocation of industrial control networks [D ] . Zhejiang University , 2014 .

AMBUSAIDI M , HE X J , NANDA P . Building an intrusion detection system using a filter-based feature selection algorithm [J ] . IEEE Transactions on Computers , 2016 ( 99 ):1.

PREARATNEU K , SAMARABANDU J , SIDHU T S . An intrusion detection system for IEC61850 automated substations [J ] . IEEE Transactions on Power Delivery , 2010 , 25 ( 4 ): 2376 - 2383 .

SAMDARSHI R , SINHA N , TRIPATHI P . A triple layer intrusion detection system for SCADA security of electric utility [C ] // India Conference . 2015 : 1 - 5 .

SINGH P , GARG S , KUMAR V . A testbed for SCADA cyber security and intrusion detection [C ] // International Conference on Cyber Security of Smart Cities,Industrial Control System and Communications . 2015 : 1 - 6 .

SRIDHAR S , GOVINDARASU M . Model-based attack detection and mitigation for automatic generation control [J ] . IEEE Transactions on Smart Grid , 2014 , 5 ( 2 ): 580 - 591 .

浏览量

3045

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于粗糙集和人工免疫的集成入侵检测模型

动态自学习的高效入侵检测模型研究

网络异常检测中的流量表示研究

工业互联网流量分析技术综述

基于SDN的物联网边缘节点间数据流零信任管理