工业控制系统关键组件安全风险综述

doi:10.11959/j.issn.2096-109x.2022030

网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (3): 1-17.doi: 10.11959/j.issn.2096-109x.2022030

• 综述 • 下一篇

工业控制系统关键组件安全风险综述

唐士杰¹^,², 袁方³, 李俊⁴, 丁勇⁵^,⁶, 王会勇⁷

¹ 桂林电子科技大学计算机与信息安全学院，广西桂林 541004
² 桂林电子科技大学电子工程与自动化学院，广西桂林 541004
³ 外交部通信总台，北京 100016
⁴ 国家工业信息安全发展研究中心，北京 100040
⁵ 桂林电子科技大学广西密码学与信息安全重点实验室，广西桂林 541004
⁶ 鹏城实验室新型网络研究部，广东深圳 518055
⁷ 桂林电子科技大学数学与计算科学学院，广西桂林 541004

修回日期:2022-03-16 出版日期:2022-06-15 发布日期:2022-06-01
作者简介:唐士杰（1980− ），女，广西灌阳人，桂林电子科技大学讲师，主要研究方向为工控安全
袁方（1980− ），男，江苏沛县人，外交部通信总台高级工程师，主要研究方向为专用通信建设、信息化应用、信息安全、密码应用、网络安全
李俊（1986− ），男，江西吉安人，国家工业信息安全发展研究中心高级工程师，主要研究方向为工控安全、工业互联网安全、新一代信息技术安全
丁勇（1975− ），男，四川潼南人，桂林电子科技教授、博士生导师，主要研究方向为网络信息安全、工控安全、密码学
王会勇（1977− ），男，山东诸城人，桂林电子科技副教授，主要研究方向为网络信息安全与隐私保护
基金资助:
国家自然科学基金(61772150);国家自然科学基金(61862012);国家自然科学基金(61962012);鹏城实验室重大任务项目(PCL2021A09)

Review on security risks of key components in industrial control system

Shijie TANG¹^,², Fang YUAN³, Jun LI⁴, Yong DING⁵^,⁶, Huiyong WANG⁷

¹ School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin 541004, China
² School of Electronic Engineering and Automation, Guilin University of Electronic Technology, Guilin 541004, China
³ Communications Office of the Ministry of Foreign Affairs, Beijing 100016, China
⁴ National Industrial Information Security Development Research Center, Beijing 100040, China
⁵ Guangxi Key Laboratory of Cryptography and Information Security, Guilin University of Electronic Technology, Guilin 541004, China
⁶ New Network Research Department of Pengcheng Laboratory, Shenzhen 518055, China
⁷ School of Mathematics ＆Computing Science, Guilin University of Electronic Technology, Guilin 541004, China

Revised:2022-03-16 Online:2022-06-15 Published:2022-06-01
Supported by:
The National Natural Science Foundation of China(61772150);The National Natural Science Foundation of China(61862012);The National Natural Science Foundation of China(61962012);Pengcheng Laboratory’s Major Task Project(PCL2021A09)

摘要/Abstract

摘要：

随着现代信息技术与通信技术的快速发展，工业控制（简称“工控”）系统已经成为国家关键基础设施的重要组成部分，其安全性关系到国家的战略安全和社会稳定。现代工控系统与互联网越来越紧密的联系，一方面促进了工控技术的快速进步，另一方面为其带来了巨大安全问题。自“震网”病毒事件之后，针对工控系统的攻击事件频发，给全球生产企业造成了巨大经济损失，甚至对很多国家和地区的社会稳定与安全造成重大影响，引起人们对工控系统安全的极大关注。现代工控系统中自动化设备品类和专有协议种类繁多、数据流复杂且发展迅速等，导致对工控关键组件安全的综述难度很大，现有与此相关的综述性文献较少，且大多较为陈旧、论述不全面。针对上述问题，介绍了当前工控系统的主流体系结构和相关组件。阐述并分析了关键工控组件中存在的安全漏洞及潜在的威胁，并重点针对数据采集与监视控制（SCADA）中的控制中心、可编程逻辑控制器、现场设备的攻击方法进行归纳、总结，对近几年文献中实施攻击的前提条件、攻击的对象、攻击的实施步骤及其危害性进行了归纳与分析，并从可用性、完整性和机密性的角度对针对工控网络的攻击进行了分类。给出了针对工控系统攻击的可能发展趋势。

关键词: 工控系统, 数据采集与监视控制, 可编程逻辑控制器, 攻击趋势

Abstract:

With the rapid development of modern information technology and communication technology, industrial control system has become an important part of national key infrastructure, whose security is related to national strategic security and social stability.The close connection between modern industrial control system and Internet promotes the rapid progress of industrial control technology, meanwhile it brings serious security risks.Since the“Stuxnet” virus incident, attacks on industrial control systems have occurred frequently, which causes huge economic losses to global production enterprises.Besides, it also poses significant impact on the social stability and security to many countries and regions, which has aroused people’s great concern about the security of industrial control systems.Due to the wide variety of automation equipment and proprietary protocols, complex data flow and rapid development in modern industrial control system, it is very difficult to summarize the safety of key components of industrial control.There are few literatures related to this area, and most of them are old and incomplete.To solve the above problems, the mainstream architecture and related components of the current industrial control system were introduced.Then the security vulnerabilities and potential threats in the key industrial control components were analyzed.The attack methods of SCADA control center, programmable logic controller and field equipment were summarized.Furthermore, the preconditions, objects, steps and hazards of the attack in the literature in recent years were also analyzed.The attacks against industrial control network were classified from the perspective of integrity and confidentiality.Finally, the possible development trend of industrial control system attack was given.

Key words: industrial control system, supervisory control and data acquisition, programmable logic controller, attack trend

中图分类号:

TP309

唐士杰, 袁方, 李俊, 丁勇, 王会勇. 工业控制系统关键组件安全风险综述[J]. 网络与信息安全学报, 2022, 8(3): 1-17.

Shijie TANG, Fang YUAN, Jun LI, Yong DING, Huiyong WANG. Review on security risks of key components in industrial control system[J]. Chinese Journal of Network and Information Security, 2022, 8(3): 1-17.

图/表 13

图1

表1

图2

表2

图3

图4

图5

图6

图7

图8

图9

表3

表4

参考文献 83

[1]	工业和信息化部. 关于印发信息化和工业化融合发展规划(2016—2020年)的通知[EB].
	Ministry of industry and information technology. Notice on printing and distributing the integrated development plan of informatization and industrialization (2016—2020)[EB].
[2]	赛迪顾问. 2019—2021年中国工业控制市场预测与展望数据[EB].
	CCID Consultant. 2019—2021 Forecast and prospect data of China’s industrial control market[EB].
[3]	BABU B , IJYAS T , MUNEER P ,et al. Security issues in SCADA based industrial control systems[C]// 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). 2017: 47-51.
[4]	AYODEJI A , LIU Y , CHAO N ,et al. A new perspective towards the development of robust data-driven intrusion detection for industrial control systems[J]. Nuclear Engineering and Technology, 2020,52(12): 2687-2982.
[5]	HUANG D , SHI X , ZHANG W A . False data injection attack detection for industrial control systems based on both time-and frequency-domain analysis of sensor data[J]. IEEE Internet of Things Journal, 2020,8(1): 585-595.
[6]	MA R , CHENG P , ZHANG Z ,et al. Stealthy attack against redundant controller architecture of industrial cyber-physical system[J]. IEEE Internet of Things Journal, 2019,6(6): 9783-9793.
[7]	XU L D , XU E L , LI L.Industry 4 . 0:state of the art and future trends[J]. International Journal of Production Research, 2018,56(8): 2941-2962.
[8]	SAJID A , ABBAS H , SALEEM K . Cloud-assisted IoT-based SCADA systems security:a review of the state of the art and future challenges[J]. IEEE Access, 2016,(4): 1375-1384.
[9]	ASGHAR M R , HU Q , ZEADALLY S . Cybersecurity in industrial control systems:issues,technologies,and challenges[J]. Computer Networks, 2019,(165).
[10]	UPADHYAY D , SAMPALLI S . SCADA (supervisory control and data acquisition) systems:vulnerability assessment and security recommendations[J]. Computers ＆ Security, 2020,(89).
[11]	NAZIR S , PATEL S , PATEL D . Assessing and augmenting SCADA cyber security:a survey of techniques[J]. Computers ＆ Security, 2017,(70): 436-454.
[12]	YADAV G , PAUL K . Architecture and security of SCADA systems:A review[J]. International Journal of Critical Infrastructure Protection, 2021.
[13]	ALLADI T , CHAMOLA V , ZEADALLY S . Industrial control systems:cyberattack trends and countermeasures[J]. Computer Communications, 2020,155: 1-8.
[14]	冯涛, 鲁晔, 方君丽 . 工业以太网协议脆弱性与安全防护技术综述[J]. 通信学报, 2017,38(Z2): 185-196.
	FENG T , LU Y , FANG J L . Overview of vulnerability and security protection technology of industrial Ethernet protocol[J]. Journal of communications, 2017,38(Z2): 185-196.
[15]	ZIMBA A , WANG Z , CHEN H . Multi-stage crypto ransomware attacks:A new emerging cyber threat to critical infrastructure and industrial control systems[J]. Ict Express, 2018,4(1): 14-18.
[16]	XU Y , YANG Y , LI T ,et al. Review on cyber vulnerabilities of communication protocols in industrial control systems[C]// 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2). 2017: 1-6.
[17]	WAN M , LI J , LIU Y ,et al. Characteristic insights on industrial cyber security and popular defense mechanisms[J]. China Communications, 2021,18(1): 130-150.
[18]	GONZALEZ D , ALHENAKI F , MIRAKHORLI M . Architectural security weaknesses in industrial control systems (ICS) an empirical study based on disclosed software vulnerabilities[C]// 2019 IEEE International Conference on Software Architecture (ICSA). 2019: 31-40.
[19]	黄家辉, 冯冬芹, 王虹鉴 . 基于攻击图的工控系统脆弱性量化方法[J]. 自动化学报, 2016,42(5): 792-798.
	HUANG J H , FENG D Q , WANG H J . Vulnerability quantification method of industrial control system based on attack graph[J]. Journal of Automation, 2016,42(5): 792-798.
[20]	工业互联网产业联盟. 工业互联网安全风险态势报告2019[R].
	Industrial Internet industry alliance. Industrial Internet security risk situation report 2019[R].
[21]	ANI U P D , HE H , TIWARI A . Review of cybersecurity issues in industrial critical infrastructure:manufacturing in perspective[J]. Journal of Cyber Security Technology, 2017,1(1): 32-74.
[22]	KALAM A A E . Securing SCADA and critical industrial systems:From needs to security mechanisms[J]. International Journal of Critical Infrastructure Protection, 2021,(32).
[23]	SERHANE A , RAAD M , RAAD R ,et al. Programmable logic controllers based systems (PLC-BS):vulnerabilities and threats[J]. SN Applied Sciences, 2019,1(8): 1-12.
[24]	WEERATHUNGA P E , CIORACA A . The importance of testing Smart Grid IEDs against security vulnerabilities[C]// 2016 69th Annual Conference for Protective Relay Engineers (CPRE). 2016: 1-21.
[25]	WANG J , SHI D . Cyber-attacks related to intelligent electronic devices and their countermeasures:a review[C]// 2018 53rd International Universities Power Engineering Conference (UPEC). Glasgow,Scotland:IEEE, 2018: 1-6.
[26]	FILLATRE L , NIKIFOROV I , WILLETT P . Security of SCADA systems against cyber–physical attacks[J]. IEEE Aerospace and Electronic Systems Magazine, 2017,32(5): 28-45.
[27]	AHMED I , OBERMEIER S , SUDHAKARAN S ,et al. Programmable logic controller forensics[J]. IEEE Security ＆ Privacy, 2017,15(6): 18-24.
[28]	KLICK J , LAU S , MARZIN D ,et al. Internet-facing PLCs-a new back orifice[J]. Blackhat USA, 2015: 22-26.
[29]	FORMBY D , BEYAH R . Temporal execution behavior for host anomaly detection in programmable logic controllers[J]. IEEE Transactions on Information Forensics and Security, 2019,15: 1455-1469.
[30]	MANSOR H , MARKANTONAKIS K , AKRAM R N ,et al. Don't brick your car:firmware confidentiality and rollback for vehicles[C]// 2015 10th International Conference on Availability,Reliability and Security. 2015: 139-148.
[31]	BETTAYEB M , NASIR Q , TALIB M A . Firmware update attacks and security for IoT devices:Survey[C]// Proceedings of the ArabWIC 6th Annual International Conference Research Track. 2019: 1-6.
[32]	YOO H , AHMED I . Control logic injection attacks on industrial control systems[C]// IFIP International Conference on ICT Systems Security and Privacy Protection. 2019: 33-48.
[33]	GOVIL N , AGRAWAL A , TIPPENHAUER N O . On ladder logic bombs in industrial control systems[M]. Computer Security. Berlin,Heidelberg: Springer, 2017.
[34]	SERHANE A , RAAD M , RAAD R ,et al. PLC code-level vulnerabilities[C]// 2018 International Conference on Computer and Applications (ICCA). 2018: 348-352.
[35]	CERON J M , CHROMIK J J , SANTANNA J ,et al. Online discoverability and vulnerabilities of ICS/SCADA devices in the Netherlands[J]. arXiv preprint arXiv:2011.02019, 2020.
[36]	ROSA L , CRUZ T , SIM?ES P ,et al. Attacking SCADA systems:A practical perspective[C]// 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). 2017: 741-746.
[37]	BIHAM E , BITAN S , CARMEL A ,et al. Rogue7:Rogue engineering-station attacks on S7 Simatic PLCs[J]. Black Hat USA, 2019， 1-21.
[38]	DODSON M , BERESFORD A R , THOMAS D R . When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices[C]// 2020 APWG Symposium on Electronic Crime Research (eCrime). IEEE, 2020: 1-14.
[39]	DRIAS Z , SERHROUCHNI A , VOGEL O . Taxonomy of attacks on industrial control protocols[C]// 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS). 2015: 1-6.
[40]	DRIAS Z , SERHROUCHNI A , VOGEL O . Identity-based cryptography (IBC) based key management system (KMS) for industrial control systems (ICS)[C]// 2017 1st Cyber Security in Networking Conference (CSNet). 2017: 1-10.
[41]	YANG L , SHANG W , CHEN C ,et al. Authentication technology in industrial control system based on identity password[C]// 2020 39th Chinese Control Conference (CCC). 2020: 7677-7684.
[42]	梁耀, 冯冬芹, 徐珊珊 ,等. 加密传输在工控系统安全中的可行性研究[J]. 自动化学报, 2018,44(03): 434-442.
	LIANG Y , FENG D Q , XU S S ,et al. Feasibility study of encrypted transmission in industrial control system security[J]. Journal of automation, 2018,44(03): 434-442.
[43]	ELMRABET Z , ELGHAZI H , KAABOUCH N ,et al. Cyber-security in smart grid:Survey and challenges[J]. Computers ＆Electrical Engineering, 2018,67: 469-482.
[44]	GUNDUZ M Z , DAS R . Cyber-security on smart grid:threats and potential solutions[J]. Computer Networks,2020(169):Article No.107094.
[45]	SILBERSCHATZ A , GALVIN P B , GAGNE G . Operating system concepts[M]. New Jersey: John Wiley ＆ Sons, 2006.
[46]	WEI M , WANG W . Safety can be dangerous:secure communications impair smart grid stability under emergencies[C]// 2015 IEEE Global Communications Conference (GLOBECOM). 2015: 1-6.
[47]	FAURI D , WIJS B D , HARTOG J D ,et al. Encryption in ICS networks:a blessing or a curse?[C]// 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm). 2017: 289-294.
[48]	GREEN B , KNOWLES W , KROTOFIL M ,et al. PCaaD:towards automated determination and exploitation of industrial processes[J]. arXiv preprint arXiv:2102.10049, 2021.
[49]	ADEYANJU I A , EMAKE E D , OLANIYAN O M ,et al. Digital industrial control systems:vulnerabilities and security technologies[J]. Current Applied Science and Technology, 2021: 188-207.
[50]	国家互联网应急中心. 2020年我国互联网网络安全态势综述[R].
	National Internet Emergency Center. Overview on China's Internet network security situation in 2020[R].
[51]	BHAMARE D , ZOLANVARI M , ERBAD A ,et al. Cybersecurity for industrial control systems:a survey[J]. Computers ＆ Security, 2020,89: 101677.
[52]	ZHANG F . Cybersecurity solutions for industrial control systems and key equipment[D]. Knoxiville:University of Tennessee, 2019.
[53]	KLEINMANN A , AMICHAY O , WOOL A ,et al. Stealthy deception attacks against SCADA systems[M]// Computer Security. Berlin Heidelberg: Springer, 2017.
[54]	HU Y , SUN Y , WANG Y ,et al. An enhanced multi-stage semantic attack against industrial control systems[J]. IEEE Access, 2019,7: 156871-156882.
[55]	BASNIGHT Z , BUTTS J , JR J L ,et al. Firmware modification attacks on programmable logic controllers[J]. International Journal of Critical Infrastructure Protection, 2013,6(2): 76-84.
[56]	GARCIA L , BRASSER F , CINTUGLU M H ,et al. Hey,my malware knows physics! attacking plcs with physical model aware rootkit[C]// NDSS. 2017: 1-15.
[57]	LI W , XIE L , DENG Z ,et al. False sequential logic attack on SCADA system and its physical impact analysis[J]. Computers ＆Security, 2016,58: 149-159.
[58]	KALLE S , AMEEN N , YOO H ,et al. Clik on plcs! Attacking control logic with decompilation and virtual plc[C]// Binary Analysis Research (BAR) Workshop,Network and Distributed System Security Symposium (NDSS). 2019: 1-12.
[59]	SENTHIVEL S , DHUNGANA S , YOO H ,et al. Denial of engineering operations attacks in industrial control systems[C]// Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. 2018: 319-329.
[60]	ABBASI A , HASHEMI M . Ghost in the plc designing an undetectable programmable logic controller RootKit via pin control attack[J]. Black Hat Europe, 2016,2016: 1-35.
[61]	G?NEN S , SAYAN H H , YILMAZ E N ,et al. False data injection attacks and the insider threat in smart systems[J]. Computers ＆Security, 2020,97: 101955.
[62]	ROOMI M M , BISWAS P P , MASHIMA D ,et al. False data injection cyber range of modernized substation system[C]// 2020 IEEE International Conference on Communications,Control,and Computing Technologies for Smart Grids (SmartGridComm). 2020: 1-7.
[63]	SPENNEBERG R , BRüGGEMANN M , SCHWARTKE H . Plc-blaster:A worm living solely in the PLC[J]. Black Hat Asia, 2016,16: 1-16.
[64]	SELVARAJ J , DAYANIKLI G Y , GAUNKAR N P ,et al. Electromagnetic induction attacks against embedded systems[C]// Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 2018: 499-510.
[65]	YLMAZ E N , CIYLAN B , G?NEN S ,et al. Cyber security in industrial control systems:analysis of DoS attacks against PLCs and the insider effect[C]// 2018 6th International Istanbul Smart Grids and Cities Congress and Fair (ICSG). 2018: 81-85.
[66]	HUMAYUN M , JHANJHI N Z , ALSAYAT A ,et al. Internet of things and ransomware:evolution,mitigation and prevention[J]. Egyptian Informatics Journal, 2021,22(1): 105-117.
[67]	ADEPU S , PRAKASH J , MATHUR A . Waterjam:An experimental case study of jamming attacks on a water treatment system[C]// 2017 IEEE International Conference on Software Quality,Reliability and Security Companion (QRS-C). 2017: 341-347.
[68]	ZHANG F , KODITUWAKKU H A D E , HINES J W ,et al. Multilayer data-driven cyber-attack detection system for industrial control systems based on network,system,and process data[J]. IEEE Transactions on Industrial Informatics, 2019,15(7): 4362-4369.
[69]	SAJJAN R S , GHORPADE V R . Ransomware attacks:Radical menace for cloud computing[C]// 2017 International Conference on Wireless Communications,Signal Processing and Networking (WiSPNET). 2017: 1640-1646.
[70]	ZHANG Y , SUN Z , YANG L ,et al. A11 Your PLCs Belong to me:ICS ransomware is realistic[C]// 2020 IEEE 19th International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom). 2020: 502-509.
[71]	PIRAYESH H , SANGDEH P K , ZENG H . Securing ZigBee communications against constant jamming attack using neural network[J]. IEEE Internet of Things Journal, 2020,8(6): 4957-4968.
[72]	PALLETI V R , MISHRA V K , AHMED C M ,et al. Can replay attacks designed to steal water from water distribution systems remain undetected?[J]. ACM Transactions on Cyber-Physical Systems, 2020,5(1): 1-19.
[73]	CHEN S , PANG Z , WEN H ,et al. Automated labeling and learning for physical layer authentication against clone node and sybil attacks in industrial wireless edge networks[J]. IEEE Transactions on Industrial Informatics, 2020,17(3): 2041-2051.
[74]	QIAN J , DU X , CHEN B ,et al. Cyber-physical integrated intrusion detection scheme in SCADA system of process manufacturing industry[J]. IEEE Access, 2020,8: 147471-147481.
[75]	陆冠竹, 刘奕贤, 刘宗晁 ,等. 工业控制系统安全之探讨—— 以西门子 S7 系列为例[J].[C]// TANET 2019. 2019: 715-719.
	LU G Z , LIU Y X , LIU Z C ,et al. Discussion on the safety of industrial control system —— Taking Siemens S7 Series as an example[C]// TANet 2019. 2019: 715-719.
[76]	LI X , XU J , DAI H N ,et al. On modeling eavesdropping attacks in wireless networks[J]. Journal of Computational Science, 2015,11: 196-204.
[77]	URBINA D I , GIRALDO J A , TIPPENHAUER N O ,et al. attacking fieldbus communications in ICS:applications to the SWaT testbed[C]// Proceedings of the Singapore Cyber-Security Conference (SG-CRC). 2016: 75-89.
[78]	DEB D , CHAKRABORTY S R , LAGINENI M ,et al. Security analysis of MITM attack on SCADA network[C]// International Conference on Machine Learning,Image Processing,Network Security and Data Sciences.Abu Dhabi,The United Arab Emirates:Springer. 2020: 501-512.
[79]	LIU D , XU Y HUANG X . Identification of location spoofing in wireless sensor networks in non-line-of-sight conditions[J]. IEEE Transactions on Industrial Informatics, 2017,14(6): 2375-2384.
[80]	PAN X , WANG Z , SUN Y . Review of PLC security issues in industrial control system[J]. Journal of Cybersecurity, 2020,2(2): 69-83.
[81]	DI PINTO A , DRAGONI Y , CARCANO A . TRITON:The first ICS cyber attack on safety instrument systems[C]// Proc.Black Hat. 2018: 1-26.
[82]	AHMED Y A , KOCER B , HUDA S ,et al. A system call refinement-based enhanced minimum redundancy maximum relevance method for ransom ware early detection[J]. Journal of Network and Computer Applications, 2020,167: 102753.
[83]	GAZZAN M , ALQAHTANI A , SHELDON F T . Key factors influencing the rise of current ransom ware attacks on industrial control systems[C]// 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). 2021: 1417-1422.

影响因素	等级细分	说明
SCADA服务器	大	使整个控制系统和管理者的计算机能随时使用来自SCADA远程终端的重要信息
工程师站	中	既安装STEP 7编程组态软件，又安装WinCC监控操作组态软件
操作员站	小	仅需安装WinCC监控操作组态软件
用户机	小	存放传输给管理层的数据
Web服务器	小	提供Web服务的功能，在某些工控系统中不是必需的
MES服务器/数据库	大	存放制造执行层的重要数据
OPC服务器/数据库	大	存放下位机采集的原始现场数据和上位机传来的指令
RTU	大	主要进行数据采集和本地控制，与传输可靠性、主机负担等相关
PLC	大	主要进行过程控制、信息控制和远程控制，是重要的下位机
PAC	小	作为开放型的自动化控制设备，其应用在工控系统中并不常见

开始时间(观察序号)	结束时间(观察序号)	攻击描述
600 s(150)	630 s(158)	网络发现
840 s(210)	1 020 s(255)	利用Ettercap实施中间人攻击
1 020 s(255)	1 020 s(255)	恶意代码注入
1 200 s(300)	2 400 (600)	恶意代码运行LabVIEW模型

攻击类型	参考文献	控制器	攻击的实验
固件修改攻击	文献[55]	ControlLogix L61	伪造了固件的版本号
	文献[6]	NA400-0501 UWNTEK UW5101 FM802 CPU	对3种控制器进行逆向工程并找到所需的漏洞，来攻击冗余控制器
	文献[56]	Allen Bradley PLC	通过修改PLC的固件，在不改变PLC控制逻辑的情况下操作PLC的输入和输出值
有效负载攻击	文献[58]	Schneider Electric Modicon M221 PLC	设计了一个完整的控制逻辑感染攻击链，包括漏洞攻击、反编译、恶意逻辑生成和隐藏感染
	文献[59]	Allen-Bradley Micrologix 1400-B PLC	设计了3种控制逻辑攻击场景，称为DEO（denial of engineering operations）攻击，可能严重影响控制中心操作员的态势感知，以产生安全隐患
	文献[33]	工控系统测试平台	进行了4种LLB的实验及评估
	文献[32]	Modicon M221 MicroLogix 1400	提出了两种新的控制逻辑注入攻击：数据执行攻击；碎片和噪声填充攻击
引脚控制攻击	文献[60]	Wago 750-8202 PLC	通过更改引脚相关寄存器修改引脚的功能和配置，实施引脚控制攻击
虚假数据注入攻击	文献[61]	Schneider M241 PLC	使用错误数据注入进行寄存器操纵
蠕虫病毒攻击	文献[63]	SIMATIC S7-1200	演示了PLC蠕虫的可行性

基本属性	攻击类型	文献	简要描述
可用性	DoS攻击	文献[65]	通过使用Hping、SmootSec IDS和Wireshark等工具对PLC和TIA Portal应用程序进行DoS攻击。作者侧重于检测PLC设备和TIA Portal应用程序的漏洞，并进行安全分析来确定解决方案
	勒索软件攻击	文献[15]	模拟来自CI（critical infrastructure）中3种渗透源的不同加密勒索软件多级攻击。通过静态恶意软件分析说明，勒索软件采用不同的技术，在不同的网络分区传播和攻击CI组件
		文献[66]	对物联网环境中勒索软件的演变、预防和缓解进行了全面调查
	干扰攻击	文献[67]	在安全水处理（SWAT）实验台上实现了对工控系统的网络干扰攻击
完整性	重放攻击	文献[53]	在劫持HMI和PLC之间的通信通道后，在HMI中重放先前获得的消息
		文献[72]	在配水（WADI）工厂试验台发起重放攻击，研究在什么情况下，攻击者/攻击可以在盗窃水时不被发现
	节点复制攻击	文献[73]	利用NIST开放数据集进行汽车装配环境下复制攻击的仿真实验
机密性	窃听攻击	文献[76]	模拟无线网络中的窃听攻击，同时考虑了信道条件和天线模型。分析了路径损失效应、阴影衰落效应与窃听攻击的概率
	中间人攻击	文献[77]	讨论了对ICS现场总线通信的中间人攻击，给出了有关典型拓扑和此类设置中使用协议的详细信息
	位置欺骗攻击	文献[78]	利用COPS SCADA Lab kit、Ettercap、Wireshark等工具对SCADA网络实施中间人攻击
		文献[79]	采用Matlab仿真位置欺骗攻击

工业控制系统关键组件安全风险综述

Review on security risks of key components in industrial control system

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 83

相关文章 15

Metrics

推荐阅读 0

[1]	王艺龙, 李震宇, 巩道福, 刘粉林. 基于块邻域的图像双脆弱水印算法[J]. 网络与信息安全学报, 2023, 9(3): 38-48.
[2]	陈任峰, 朱鸿斌. 基于PU learning的信用卡交易安全监管研究[J]. 网络与信息安全学报, 2023, 9(3): 73-78.
[3]	冯冠云, 付才, 吕建强, 韩兰胜. 基于操作注意力和数据增强的内部威胁检测[J]. 网络与信息安全学报, 2023, 9(3): 102-112.
[4]	谢根琳, 程国振, 王亚文, 王庆丰. 基于gadget特征分析的软件多样性评估方法[J]. 网络与信息安全学报, 2023, 9(3): 161-173.
[5]	侯鹏, 李智鑫, 张飞, 孙旭, 陈丹, 崔毅浩, 张寒冰, 荆一楠, 柴洪峰. 金融数据安全治理智能化技术与实践[J]. 网络与信息安全学报, 2023, 9(3): 174-187.
[6]	肖敏, 毛发英, 黄永洪, 曹云飞. 基于属性签名的车载网匿名信任管理方案[J]. 网络与信息安全学报, 2023, 9(2): 33-45.
[7]	许建龙, 林健, 黎宇森, 熊智. 分布式用户隐私保护可调节的云服务个性化QoS预测模型[J]. 网络与信息安全学报, 2023, 9(2): 70-80.
[8]	陈训逊, 李明哲, 吕宁, 黄亮. 内禀安全：网络安全能力体系化构建方法[J]. 网络与信息安全学报, 2023, 9(1): 92-102.
[9]	宋佳烁, 李祯祯, 丁海洋, 李子臣. 椭圆曲线上高效可完全模拟的不经意传输协议[J]. 网络与信息安全学报, 2023, 9(1): 158-166.
[10]	李凤华, 李晖, 牛犇, 邱卫东. 隐私计算的学术内涵与研究趋势[J]. 网络与信息安全学报, 2022, 8(6): 1-8.
[11]	唐飞, 甘宁, 阳祥贵, 王金洋. 基于区块链与国密SM9的抗恶意KGC无证书签名方案[J]. 网络与信息安全学报, 2022, 8(6): 9-19.
[12]	白雪, 秦宝东, 郭瑞, 郑东. 基于SM2的两方协作盲签名协议[J]. 网络与信息安全学报, 2022, 8(6): 39-51.
[13]	刘军, 袁霖, 冯志尚. 集群网络密钥管理方案研究综述[J]. 网络与信息安全学报, 2022, 8(6): 52-69.
[14]	肖敏, 姚涛, 刘媛妮, 黄永洪. 具有隐私保护的动态高效车载云管理方案[J]. 网络与信息安全学报, 2022, 8(6): 70-83.
[15]	林佳滢, 周文柏, 张卫明, 俞能海. 空域频域相结合的唇型篡改检测方法[J]. 网络与信息安全学报, 2022, 8(6): 146-155.