基于仿真建模的工业控制网络入侵检测方法研究

高一为; 周睿康; 赖英旭; 范科峰; 姚相振; 李琳

doi:10.11959/j.issn.1000-436x.2017133

您当前的位置：

首页 >

文章列表页 >

基于仿真建模的工业控制网络入侵检测方法研究

学术通信 | 更新时间：2024-06-05

- 基于仿真建模的工业控制网络入侵检测方法研究
- Research on industrial control system intrusion detection method based on simulation modelling
- 通信学报 2017年38卷第7期页码：186-198
- 作者机构：
  
  1. 北京工业大学信息学部计算机学院，北京 100124
  2. 中国电子技术标准化研究院，北京 100007
- 作者简介：
  
  [ "高一为（1990-），男，北京人，北京工业大学硕士生，主要研究方向为工业控制系统异常检测。" ]
  [ "周睿康（1990-），男，浙江东阳人，中国电子技术标准化研究院助理工程师，主要研究方向为工业控制系统信息安全标准、检测、评估等。" ]
  [ "赖英旭（1973-），女，辽宁抚顺人，北京工业大学教授，主要研究方向为工业控制网络安全和软件定义网络安全。" ]
  [ "范科峰（1978-），男，陕西礼泉人，博士后，中国电子技术标准化研究院高级工程师，主要研究方向为信息安全技术标准与测评方法等。" ]
  [ "姚相振（1984-），男，山东济南人，博士，中国电子技术标准化研究院高级工程师，主要研究方向为信息安全技术标准与测评方法等。" ]
  [ "李琳（1983-），男，山东济南人，博士，中国电子技术标准化研究院工程师，主要研究方向为信息安全、数据挖掘。" ]
- 基金信息：
  
  国家智能制造专项基金资助项目([2015]1170);青海省自然科学基金资助项目(2017-ZJ-912)
- DOI：10.11959/j.issn.1000-436x.2017133
  中图分类号： TP309
- 网络出版日期：2017-07，
  
  纸质出版日期：2017-07-25
- 稿件说明：
移动端阅览
高一为, 周睿康, 赖英旭, 等. 基于仿真建模的工业控制网络入侵检测方法研究[J]. 通信学报, 2017,38(7):186-198.

Yi-wei GAO, Rui-kang ZHOU, Ying-xu LAI, et al. Research on industrial control system intrusion detection method based on simulation modelling[J]. Journal on communications, 2017, 38(7): 186-198.
高一为, 周睿康, 赖英旭, 等. 基于仿真建模的工业控制网络入侵检测方法研究[J]. 通信学报, 2017,38(7):186-198. DOI： 10.11959/j.issn.1000-436x.2017133.

Yi-wei GAO, Rui-kang ZHOU, Ying-xu LAI, et al. Research on industrial control system intrusion detection method based on simulation modelling[J]. Journal on communications, 2017, 38(7): 186-198. DOI： 10.11959/j.issn.1000-436x.2017133.

摘要

目前工业控制网络的入侵检测方法存在协议通用性差、误报率高和无法对未知入侵进行检测等问题。提出一种基于现场总线设备建模的入侵检测方法，利用仿真建模模拟控制器的真实功能，对控制器进行保护；并通过系统辨识建模的方法建立被控对象模型，保证控制器获得的被控对象数据真实准确，从而实现对工业控制网络的入侵检测。经实验验证，所提入侵检测方法检测效果较好。

Abstract

At present

intrusion detection system over fieldbus network layer was a basic protection method in industrial control system.However

it has some weakness

such as poor generality

high false-positive rate

and unable to detect unknown anomaly.An industrial control system intrusion detection method based on fieldbus network equipment simulation was proposed.The method prevented control program from being tampered or destroyed based on controller simulation modelling.Controlled object simulation modelling was designed for ensuring that the system input was credible.Thus the intrusion detection of industrial control network was realized.At last

the results indicate that the proposed intrusion detecting method is available.

关键词

Keywords

references

FALLIERE N , MURCHU L O , CHIEN E . W32 stuxnet dossier [R ] . White Paper,Symantec Corp,Security Response , 2011 .

DONALD P C . The application of autonomic computing for the protection of industrial control systems [M ] . Tucson : The University of Arizona , 2011 .

BENCSATH B , PEK G , BUTTYAN L , et al . Duqu:analysis,detection,and lessons learned [C ] // ACM European Workshop on System Security (EuroSec) . Bern,Switzerland,ACM , 2012 : 1 - 6 .

STOUFFER K , FALCO J , SCARFONE K . SP 800-82,guide to industrial control systems (ICS) security [P ] . National Institute of Standards＆ Technology , 2011 .

李琳 , 尚文利 , 姚俊 , 等 . 单类支持向量机在工业控制系统入侵检测中的应用研究综述 [J ] . 计算机应用研究 , 2016 , 33 ( 1 ): 7 - 11 .

LI L , SHANG W L , YAO J , et al . Overview of one-class support vector machine in intrusion detection of industrial control system [J ] . Application Research of Computers , 2016 , 33 ( 1 ): 7 - 11 .

CARDENAS A A , AMIN S , LIN Z S , et al . Attacks against process control systems:risk assessment,detection,and response [C ] // The 6th ACM Symposium on Information,Computer and Communications Security . ACM , 2011 : 355 - 366 .

WEI M , KIM K . Intrusion detection scheme using traffic prediction for wireless industrial networks [J ] . Journal of Communications and Networks , 2012 , 14 ( 3 ): 310 - 318 .

BARBOSA R R R , SADRE R , PRAS A . Towards periodicity based anomaly detection in SCADA networks [C ] // 2012 IEEE 17th International Conference on Emerging Technologies ＆ Factory Automation (ETFA 2012) . 2012 : 1 - 4 .

RRUSHI J , KANG K D . Detecting anomalies in process control networks [M ] . Critical Infrastructure Protection III . Springer Berlin Heidelberg , 2009 : 151 - 165 .

MORRIS T H , JONES B A , VAUGHN R B , et al . Deterministic intrusion detection rules for Modbus protocols [C ] // The 46th Hawaii International Conference on System Sciences (HICSS) . 2013 : 1773 - 1781 .

MORRIST , VAUGHN R , DANDASS Y . A retrofit network intrusion detection system for modbus RTU and ASCII industrial control systems [C ] // The 45th Hawaii International Conference on System Science . 2012 : 2338 - 2345 .

CARCANO A , COLETTA A , GUGLIELMI M , et al . A multidimensional critical state analysis for detecting intrusions in SCADA systems [J ] . IEEE Transactions on Industrial Informatics , 2011 , 7 ( 2 ): 179 - 186 .

FOVINO I N , CARCANO A , MUREL T D L , et al . Modbus/DNP3 state-based intrusion detection system [C ] // 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA) . 2010 : 729 - 736 .

GOLDENBERG N , WOOL A . Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems [J ] . International Journal of Critical Infrastructure Protection , 2013 , 6 ( 2 ): 63 - 75 .

DAMIANI E . Composite intrusion detection in process control networks [D ] . Uniersity Degli Studi Di Milano , 2009 .

LINDA O , MANIC M , VOLLMER T , et al . Fuzzy logic based anomaly detection for embedded network security cyber sensor [C ] // IEEE Symposium on Computational Intelligence in Cyber Security . 2011 : 202 - 209 .

LINDA O , VOLLMER T , MANIC M . Neural network based intrusion detection system for critical infrastructures [C ] // International Joint Conference on Neural Networks . 2009 : 1827 - 1834 .

ANOOP A , SREEIA M S . New genetic algorithm based intrusion detection system for SCADA [J ] . International Journal of Engineering Innovations and Research , 2013 , 2 ( 2 ): 171 - 175 .

济晓 . MATLAB 在振动信号处理中的应用 [M ] . 北京 : 中国水利水电出版社 , 2006 .

JI X . The application of MATLAB in vibration signal processing [M ] . Beijing : China Water Conservancy and Hydropower Press , 2006 .

言俊科 . 系统辨识理论及应用 [M ] . 北京 : 国防工业出版社 , 2003 .

YAN J K . System identification theory and application [M ] . Beijing : National Defence Industry Press , 2003 .

浏览量

800

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于不变矩的微动目标二维平流层ISAR成像算法

针对基于忙音的广播方法的仿真研究

一个基于AODV的渐进式分簇路由策略

基于概率干扰的概率隐蔽通道仿真研究