工控网络安全态势感知算法实现

陆耿虹; 冯冬芹

引用本文:	陆耿虹,冯冬芹.工控网络安全态势感知算法实现[J].控制理论与应用,2016,33(8):1054~1060.[点击复制]
	LU Geng-hong,FENG Dong-qin.Industrial control system network security situation awareness modeling and algorithm implementation[J].Control Theory and Technology,2016,33(8):1054~1060.[点击复制]

工控网络安全态势感知算法实现

Industrial control system network security situation awareness modeling and algorithm implementation

摘要点击 5326 全文点击 1474 投稿时间：2015-09-19 修订日期：2016-08-22

查看全文查看/发表评论下载PDF阅读器

DOI编号 10.7641/CTA.2016.50767

2016,33(8):1054-1060

中文关键词工业控制系统拜占庭将军问题完整性攻击网络安全态势感知

英文关键词 industrial control system Byzantine generals problem integrity attacks network security situation awareness (NSSA)

基金项目国家自然科学基金项目(61223004)资助.

作者	单位	E-mail
陆耿虹	浙江大学	olivialu@zju.edu.cn
冯冬芹^*	浙江大学	dqfeng@iipc.zju.edu.cn

中文摘要

为了探知工控系统的网络安全态势, 准确判断系统运行状况, 提出了安全态势感知方法. 针对已有的完整性攻击研究, 建立基于拜占庭将军问题的工控网络安全态势感知模型以及相应的安全态势感知算法. 本文提出的算法主要通过三个部分实现: 首先对控制回路内的各节点信息进行采集与处理, 得到系统中各节点状态; 然后, 利用所得节点状态, 执行算法流程, 确定系统内存在的恶意节点; 最终获取准确的工控网络安全态势. 实验结果表明: 该态势感知模型与算法能准确提炼系统中的恶意节点并判断当前系统安全态势.

英文摘要

In order to explore network security situation of industrial control system, and find out how exactly the industrial control system performs, a method based on security situation awareness is proposed. According to the current studies of integrity attacks, this paper presents an industrial control network security situation awareness model with Byzantine generals problem being taken into accounts and also security situation awareness algorithm. The algorithm proposed in this paper can be implemented by three major steps: firstly, acquiring the current nodes’ states by the data which is collected from every nodes in the control loop of the industrial control system, and the data is preprocessed as well; Secondly, implementing the algorithm with the data obtained, the malicious node in the control industrial system can then be identified; At last, the accurate industrial control network security situation awareness is procured. The result of simulation indicates the validity of the proposed model and corresponding algorithm, which can be used for identifying the malicious node and then estimating the current industrial control network security situation.