Research on industrial control system intrusion detection method based on simulation modelling

Yi-wei GAO; Rui-kang ZHOU; Ying-xu LAI; Ke-feng FAN; Xiang-zhen YAO; Lin LI

doi:10.11959/j.issn.1000-436x.2017133

您当前的位置：

首页 >

文章列表页 >

Research on industrial control system intrusion detection method based on simulation modelling

Correspondences | 更新时间：2024-06-05

- Research on industrial control system intrusion detection method based on simulation modelling
- Journal on Communications Vol. 38, Issue 7, Pages: 186-198(2017)
- 作者机构：
  
  1. 北京工业大学信息学部计算机学院，北京 100124
  2. 中国电子技术标准化研究院，北京 100007
- 作者简介：
- 基金信息：
  
  The National Manufacturing Special Program([2015]1170);The Natural Science Foundation of Qinghai Province(2017-ZJ-912)
- DOI：10.11959/j.issn.1000-436x.2017133
  CLC： TP309
- Online First：2017-07，
  
  Published：25 July 2017
- 稿件说明：
移动端阅览
Yi-wei GAO, Rui-kang ZHOU, Ying-xu LAI, et al. Research on industrial control system intrusion detection method based on simulation modelling[J]. Journal on Communications, 2017, 38(7): 186-198.
DOI：

Yi-wei GAO, Rui-kang ZHOU, Ying-xu LAI, et al. Research on industrial control system intrusion detection method based on simulation modelling[J]. Journal on Communications, 2017, 38(7): 186-198. DOI： 10.11959/j.issn.1000-436x.2017133.

摘要

目前工业控制网络的入侵检测方法存在协议通用性差、误报率高和无法对未知入侵进行检测等问题。提出一种基于现场总线设备建模的入侵检测方法，利用仿真建模模拟控制器的真实功能，对控制器进行保护；并通过系统辨识建模的方法建立被控对象模型，保证控制器获得的被控对象数据真实准确，从而实现对工业控制网络的入侵检测。经实验验证，所提入侵检测方法检测效果较好。

Abstract

At present

intrusion detection system over fieldbus network layer was a basic protection method in industrial control system.However

it has some weakness

such as poor generality

high false-positive rate

and unable to detect unknown anomaly.An industrial control system intrusion detection method based on fieldbus network equipment simulation was proposed.The method prevented control program from being tampered or destroyed based on controller simulation modelling.Controlled object simulation modelling was designed for ensuring that the system input was credible.Thus the intrusion detection of industrial control network was realized.At last

the results indicate that the proposed intrusion detecting method is available.

关键词

Keywords

references

FALLIERE N , MURCHU L O , CHIEN E . W32 stuxnet dossier [R ] . White Paper,Symantec Corp,Security Response , 2011 .

DONALD P C . The application of autonomic computing for the protection of industrial control systems [M ] . Tucson : The University of Arizona , 2011 .

BENCSATH B , PEK G , BUTTYAN L , et al . Duqu:analysis,detection,and lessons learned [C ] // ACM European Workshop on System Security (EuroSec) . Bern,Switzerland,ACM , 2012 : 1 - 6 .

STOUFFER K , FALCO J , SCARFONE K . SP 800-82,guide to industrial control systems (ICS) security [P ] . National Institute of Standards＆ Technology , 2011 .

李琳 , 尚文利 , 姚俊 , 等 . 单类支持向量机在工业控制系统入侵检测中的应用研究综述 [J ] . 计算机应用研究 , 2016 , 33 ( 1 ): 7 - 11 .

LI L , SHANG W L , YAO J , et al . Overview of one-class support vector machine in intrusion detection of industrial control system [J ] . Application Research of Computers , 2016 , 33 ( 1 ): 7 - 11 .

CARDENAS A A , AMIN S , LIN Z S , et al . Attacks against process control systems:risk assessment,detection,and response [C ] // The 6th ACM Symposium on Information,Computer and Communications Security . ACM , 2011 : 355 - 366 .

WEI M , KIM K . Intrusion detection scheme using traffic prediction for wireless industrial networks [J ] . Journal of Communications and Networks , 2012 , 14 ( 3 ): 310 - 318 .

BARBOSA R R R , SADRE R , PRAS A . Towards periodicity based anomaly detection in SCADA networks [C ] // 2012 IEEE 17th International Conference on Emerging Technologies ＆ Factory Automation (ETFA 2012) . 2012 : 1 - 4 .

RRUSHI J , KANG K D . Detecting anomalies in process control networks [M ] . Critical Infrastructure Protection III . Springer Berlin Heidelberg , 2009 : 151 - 165 .

MORRIS T H , JONES B A , VAUGHN R B , et al . Deterministic intrusion detection rules for Modbus protocols [C ] // The 46th Hawaii International Conference on System Sciences (HICSS) . 2013 : 1773 - 1781 .

MORRIST , VAUGHN R , DANDASS Y . A retrofit network intrusion detection system for modbus RTU and ASCII industrial control systems [C ] // The 45th Hawaii International Conference on System Science . 2012 : 2338 - 2345 .

CARCANO A , COLETTA A , GUGLIELMI M , et al . A multidimensional critical state analysis for detecting intrusions in SCADA systems [J ] . IEEE Transactions on Industrial Informatics , 2011 , 7 ( 2 ): 179 - 186 .

FOVINO I N , CARCANO A , MUREL T D L , et al . Modbus/DNP3 state-based intrusion detection system [C ] // 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA) . 2010 : 729 - 736 .

GOLDENBERG N , WOOL A . Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems [J ] . International Journal of Critical Infrastructure Protection , 2013 , 6 ( 2 ): 63 - 75 .

DAMIANI E . Composite intrusion detection in process control networks [D ] . Uniersity Degli Studi Di Milano , 2009 .

LINDA O , MANIC M , VOLLMER T , et al . Fuzzy logic based anomaly detection for embedded network security cyber sensor [C ] // IEEE Symposium on Computational Intelligence in Cyber Security . 2011 : 202 - 209 .

LINDA O , VOLLMER T , MANIC M . Neural network based intrusion detection system for critical infrastructures [C ] // International Joint Conference on Neural Networks . 2009 : 1827 - 1834 .

ANOOP A , SREEIA M S . New genetic algorithm based intrusion detection system for SCADA [J ] . International Journal of Engineering Innovations and Research , 2013 , 2 ( 2 ): 171 - 175 .

济晓 . MATLAB 在振动信号处理中的应用 [M ] . 北京 : 中国水利水电出版社 , 2006 .

JI X . The application of MATLAB in vibration signal processing [M ] . Beijing : China Water Conservancy and Hydropower Press , 2006 .

言俊科 . 系统辨识理论及应用 [M ] . 北京 : 国防工业出版社 , 2003 .

YAN J K . System identification theory and application [M ] . Beijing : National Defence Industry Press , 2003 .

Views

1565

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Application of invariant moment method for HAPS ISAR imaging with micro parts

Simulation of broadcasting method based on busy tone

New AODV based clustering routing strategy

Simulation analysis of probabilistic covert channels based on probabilistic interference

Related Author

Zhao-qun QI

Xiao-jun JING

Si-qing YOU

Hai-bin SUN

Sheng-hong XU

Qing-tian HAN

Wen-jing CAO

ZHENG Kai1

Related Institution

Key Laboratory of Trustworthy Distributed Computing and Service,Ministry of Education,Beijing University of Posts and Telecommunications

Department of Control Engineering,Naval Aeronautical and Astronautical University

HP,Shanghai

Dept.of Computer Science,East China Normal University

Institute of Computing Technology, Chinese Academy of Sciences

AI问答

⁰