作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于零动态的工控系统攻击检测识别安全模型

张环宇 1,陈凯 2   

  1. (1.中兴软创科技股份有限公司,南京 211100; 2.中国科学院信息工程研究所,北京100195)
  • 收稿日期:2016-09-14 出版日期:2017-10-15 发布日期:2017-10-15
  • 作者简介:张环宇(1984—),男,学士,主研方向为通信协议、通信软件;陈凯,助理研究员、博士。
  • 基金资助:
    工业和信息化部电子信息产业发展基金(财建[2013]757号)。

Industrial Control System Security Model of Attack Detection and Identification Based on Zero Dynamics

ZHANG Huanyu 1,CHEN Kai 2   

  1. (1.ZTEsoft Technology Co.,Ltd.,Nanjing 211100,China;2.Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100195,China)
  • Received:2016-09-14 Online:2017-10-15 Published:2017-10-15

摘要: 工控系统的物理基础设施、数据管理层和通信层易受网络攻击,而由于现代工业网络的特性,典型的信息安全方法无法满足其安全要求。为此,研究现代工控系统协议以及常见安全威胁,建立一个针对受攻击系统的统一建模框架,并设计集中式和分布式的过滤器。通过分析应用环境和筛选特征识别结果,识别欺骗、拒绝服务、隐秘、重放和隐蔽等典型的攻击和异常。实验结果表明,该模型能够增强工控系统的抗噪性和鲁棒性。

关键词: 工控系统, 安全模型, 攻击检测, 攻击识别, 零动态

Abstract: The physical infrastructure,the data management lay and the communication layer of Industrial Control System(ICS) are vulnerable to the network attacks,but due to the characteristics of modern industrial network,the typical information security methods cannot meet its security requirements.Through the research of modern ICS protocols and common security threats,this paper establishes a common modeling framework for ICS under attacks and designs centralized and distributed filters.By analyzing the application environment and filtering the feature recognition results,the identifications of typical attacks and anomalies are implemented,such as spoofing,denial of service,secret,covert playback and so on.Simulation results show that the proposed model can enhance the noise immunity and robstness of ICS.

Key words: Industrial Control System(ICS), security model, attack detection, attack identification, zero dynamics

中图分类号: