信息网络安全 ›› 2016, Vol. 16 ›› Issue (7): 61-70.doi: 10.3969/j.issn.1671-1122.2016.07.010

• • 上一篇    下一篇

面向工业控制网络的安全监管方案

陈晓兵1,2, 陈凯1, 徐震1, 王利明1   

  1. 1.中国科学院信息工程研究所信息安全国家重点实验室,北京100093
    2.中国科学院大学,北京100049
  • 收稿日期:2016-01-15 出版日期:2016-07-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 陈晓兵(1989—),男,湖北,硕士研究生,主要研究方向为工业控制系统安全;陈凯(1985—),男,天津,博士,主要研究方向为网络与系统安全、工业控制系统安全、身份认证;徐震(1976—),男,山西,研究员,博士,主要研究方向为网络与系统安全、可信计算、云计算安全;王利明(1978—),男,内蒙古,副研究员,博士,主要研究方向为网络安全、软件定义网络、云计算和数据安全。

  • 基金资助:
    中国科学院先导专项[Y5Z0151104];信息安全国家重点实验室科研仪器设备专项[Y4D0031302]

Security Supervisory Scheme for Industrial Control Networks

Xiaobing CHEN1,2, Kai CHEN1, Zhen XU1, Liming WANG1   

  1. 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences,Beijing 100093, China
    2. University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2016-01-15 Online:2016-07-20 Published:2020-05-13

摘要:

以伊朗核电站受到Stuxnet病毒攻击为代表的安全事件敲响了工业控制系统安全态势防御的警钟,对工业控制系统的监管势在必行。但现有方案的数据采集范围受限,并且其对工业控制系统的特点考虑不充分,对Stuxnet、Havex等APT攻击还缺乏有效的检测手段。文章提出了一种面向工业控制网络的安全监管框架,该框架利用弹性采集策略从工业控制网络的不同层面采集数据,并且在不同层面的数据之间进行关联,分析异常操作行为。弹性采集策略优先保证了工业控制系统的可用性,多层面数据的关联与分析提升了系统对APT攻击的检测能力。

关键词: 安全监管, 弹性数据采集, 安全数据关联

Abstract:

Security events, represented by one nuclear power station of Iran attacked by the “Stuxnet” virus, ring the alarm bell of the industrial control system security situation. The supervision of industrial control system is imperative. Considering the state-of-the-art research, there exists the problems of restraint of the range of data acquisition, the inadequate consideration of the features of industrial control systems and lack of effective detection measures to identify APT attacks, such as “Stuxnet” and “Havex”. Thus, the article propose a supervisory frame for industrial control networks. The frame acquire data from different layers of industrial control networks, utilizing flexible data acquisition strategies, and correlate data acquired from different layers of industrial control networks and analyze abnormal operation behavior. The flexible data acquisition strategies perform preference to the availability of industrial control system, while the correlation and analysis of data acquired from different layers improved the ability of the system to detect some APT attacks.

Key words: security supervision, flexible data acquisition, correlation of security data

中图分类号: