面向工业控制网络的安全监管方案

doi:10.3969/j.issn.1671-1122.2016.07.010

信息网络安全 ›› 2016, Vol. 16 ›› Issue (7): 61-70.doi: 10.3969/j.issn.1671-1122.2016.07.010

面向工业控制网络的安全监管方案

陈晓兵^1,², 陈凯¹, 徐震¹, 王利明¹

1.中国科学院信息工程研究所信息安全国家重点实验室,北京100093
2.中国科学院大学,北京100049

收稿日期:2016-01-15 出版日期:2016-07-20 发布日期:2020-05-13
作者简介:
作者简介：陈晓兵（1989—）,男,湖北,硕士研究生,主要研究方向为工业控制系统安全;陈凯（1985—）,男,天津,博士,主要研究方向为网络与系统安全、工业控制系统安全、身份认证;徐震（1976—）,男,山西,研究员,博士,主要研究方向为网络与系统安全、可信计算、云计算安全;王利明（1978—）,男,内蒙古,副研究员,博士,主要研究方向为网络安全、软件定义网络、云计算和数据安全。
基金资助:
中国科学院先导专项[Y5Z0151104];信息安全国家重点实验室科研仪器设备专项[Y4D0031302]

Security Supervisory Scheme for Industrial Control Networks

Xiaobing CHEN^1,², Kai CHEN¹, Zhen XU¹, Liming WANG¹

1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences,Beijing 100093, China
2. University of Chinese Academy of Sciences, Beijing 100049, China

Received:2016-01-15 Online:2016-07-20 Published:2020-05-13

摘要/Abstract

摘要：

以伊朗核电站受到Stuxnet病毒攻击为代表的安全事件敲响了工业控制系统安全态势防御的警钟,对工业控制系统的监管势在必行。但现有方案的数据采集范围受限,并且其对工业控制系统的特点考虑不充分,对Stuxnet、Havex等APT攻击还缺乏有效的检测手段。文章提出了一种面向工业控制网络的安全监管框架,该框架利用弹性采集策略从工业控制网络的不同层面采集数据,并且在不同层面的数据之间进行关联,分析异常操作行为。弹性采集策略优先保证了工业控制系统的可用性,多层面数据的关联与分析提升了系统对APT攻击的检测能力。

关键词: 安全监管, 弹性数据采集, 安全数据关联

Abstract:

Security events, represented by one nuclear power station of Iran attacked by the “Stuxnet” virus, ring the alarm bell of the industrial control system security situation. The supervision of industrial control system is imperative. Considering the state-of-the-art research, there exists the problems of restraint of the range of data acquisition, the inadequate consideration of the features of industrial control systems and lack of effective detection measures to identify APT attacks, such as “Stuxnet” and “Havex”. Thus, the article propose a supervisory frame for industrial control networks. The frame acquire data from different layers of industrial control networks, utilizing flexible data acquisition strategies, and correlate data acquired from different layers of industrial control networks and analyze abnormal operation behavior. The flexible data acquisition strategies perform preference to the availability of industrial control system, while the correlation and analysis of data acquired from different layers improved the ability of the system to detect some APT attacks.

Key words: security supervision, flexible data acquisition, correlation of security data

中图分类号:

TP309

陈晓兵, 陈凯, 徐震, 王利明. 面向工业控制网络的安全监管方案[J]. 信息网络安全, 2016, 16(7): 61-70.

Xiaobing CHEN, Kai CHEN, Zhen XU, Liming WANG. Security Supervisory Scheme for Industrial Control Networks[J]. Netinfo Security, 2016, 16(7): 61-70.

图/表 11

图1

图2

图3

图4

表1

图5

图6

图7

图8

图9

图10

参考文献 16

[1]	KARNOUSKOS S.Stuxnet Worm Impact on Industrial Cyber-Physical System Security[C]//IEEE.IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society,November 7-10,2011.Melbourne, Victoria, Australia.New Jersey:IEEE,2011:4490-4494.
[2]	自动化控制系统市场在2021年将达到810亿美元[EB/OL]..
[3]	ICS-CERT.ICS-CERTYear-in-Review-2012[EB/OL].,2015-7-10.
[4]	CS-CERT.ICS-CERT Year-in-Review-2013[EB/OL].,2015-7-10.
[5]	CS-CERT.ICS-CERTYear-in-Review-2014[EB/OL].,2015-7-10.
[6]	今日头条,美国工业控制系统网络应急响应小组2015年关键基础设施报告[EB/OL]..
[7]	SCHUSTER F,PAUL A.A Distributed Intrusion Detection System for Industrial Automation Networks[C]// IEEE.Emerging Technologies & Factory Automation (ETFA),2012 IEEE 17th Conference,September 17-21,2012.Krakow. New Jersey:IEEE,2012:1-4.
[8]	KISS I,GENGE B,HALLER P,et al.Data Clustering-Based Anomaly Detection in Industrial Control Systems[C]//IEEE.Intelligent Computer Communication and Processing (ICCP),2014 IEEE International Conference,September 4-6 ,2014 .Cluj Napoca.New Jersey:IEEE,2014:275-281.
[9]	STONE S,TEMPLE M.Radio-Frequency-Based Anomaly Detection for Programmable Logic Controllers in the Critical Infrastructure[J]. International Journal of Critical Infrastructure Protection, 2012, 5(2):66-73.
[10]	ANDREW GINTER.Experience with Network Anomaly Detection on Industrial Networks[EB/OL]..
[11]	KNOWLES W,PRINCE D,HUTCHISON D,et al.A Survey of Cyber Security Management in Industrial Control Systems[J]. International Journal of Critical Infrastructure Protection, 2015, 9(C):52-80.
[12]	PENG J,LIU L.Industrial Control System[C]//IEEE.SecurityIntelligent Human-Machine Systems and Cybernetics (IHMSC) 2011 International Conference,August 26-27 ,2011. Hangzhou Zhejiang.New Jersey:IEEE,2011:156-158.
[13]	绿盟科技.2013工业控制系统及其安全性研究报告[EB/OL]..
[14]	CHEN P Y,YANG S,MCCANN J.Distributed Real-Time Anomaly Detection in Networked Industrial Sensing Systems[J]. Industrial Electronics IEEE Transactions on, 2015, 62(6):3832-3842.
[15]	王小山,杨安,石志强,等. 工业控制系统信息安全新趋势[J]. 信息网络安全,2015(1):6-11.
[16]	陈庄,黄勇,邹航. 工业控制系统信息安全审计系统分析与设计[J]. 计算机科学,2013,40(06A): 340-343.

面向工业控制网络的安全监管方案

Security Supervisory Scheme for Industrial Control Networks

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 16

相关文章 5

编辑推荐

Metrics

本文评价

[1]	田延伟, 杨松儒, 李杰. 无线WiFi密钥APP风险隐患及对策研究[J]. 信息网络安全, 2017, 17(7): 80-84.
[2]	张磊, 于东升, 杨军, 胡继明. 基于私有云模式的信息安全监管策略研究[J]. 信息网络安全, 2017, 17(10): 86-89.
[3]	刘为军;侯宇宸. 中国移动互联网安全监管立法初探[J]. , 2013, 13(10): 0-0.
[4]	霍宏涛. 三网融合对网络安全监管工作的影响研究[J]. , 2011, 11(9): 0-0.
[5]	丁烈云;赵刚. 网络文化安全及其监管关键技术研究[J]. , 2007, 7(10): 0-0.