基于仿真建模的工业控制网络入侵检测方法研究

doi:10.11959/j.issn.1000-436x.2017133

Abstract

Abstract:

At present,intrusion detection system over fieldbus network layer was a basic protection method in industrial control system.However,it has some weakness,such as poor generality,high false-positive rate,and unable to detect unknown anomaly.An industrial control system intrusion detection method based on fieldbus network equipment simulation was proposed.The method prevented control program from being tampered or destroyed based on controller simulation modelling.Controlled object simulation modelling was designed for ensuring that the system input was credible.Thus the intrusion detection of industrial control network was realized.At last,the results indicate that the proposed intrusion detecting method is available.

Key words: simulation, compiler theory, system identification, anomaly detection

CLC Number:

TP309

Yi-wei GAO,Rui-kang ZHOU,Ying-xu LAI,Ke-feng FAN,Xiang-zhen YAO,Lin LI. Research on industrial control system intrusion detection method based on simulation modelling[J]. Journal on Communications, 2017, 38(7): 186-198.

Figures/Tables 20

References 20

[1]	FALLIERE N , MURCHU L O , CHIEN E . W32 stuxnet dossier[R]. White Paper,Symantec Corp,Security Response, 2011.
[2]	DONALD P C . The application of autonomic computing for the protection of industrial control systems[M]. Tucson: The University of Arizona, 2011.
[3]	BENCSATH B , PEK G , BUTTYAN L ,et al. Duqu:analysis,detection,and lessons learned[C]// ACM European Workshop on System Security (EuroSec). Bern,Switzerland,ACM, 2012: 1-6.
[4]	STOUFFER K , FALCO J , SCARFONE K . SP 800-82,guide to industrial control systems (ICS) security[P]. National Institute of Standards＆ Technology, 2011.
[5]	李琳, 尚文利, 姚俊 ,等. 单类支持向量机在工业控制系统入侵检测中的应用研究综述[J]. 计算机应用研究, 2016,33(1): 7-11.
	LI L , SHANG W L , YAO J ,et al. Overview of one-class support vector machine in intrusion detection of industrial control system[J]. Application Research of Computers, 2016,33(1): 7-11.
[6]	CARDENAS A A , AMIN S , LIN Z S ,et al. Attacks against process control systems:risk assessment,detection,and response[C]// The 6th ACM Symposium on Information,Computer and Communications Security. ACM, 2011: 355-366.
[7]	WEI M , KIM K . Intrusion detection scheme using traffic prediction for wireless industrial networks[J]. Journal of Communications and Networks, 2012,14(3): 310-318.
[8]	BARBOSA R R R , SADRE R , PRAS A . Towards periodicity based anomaly detection in SCADA networks[C]// 2012 IEEE 17th International Conference on Emerging Technologies ＆ Factory Automation (ETFA 2012). 2012: 1-4.
[9]	RRUSHI J , KANG K D . Detecting anomalies in process control networks[M]. Critical Infrastructure Protection III. Springer Berlin Heidelberg, 2009: 151-165.
[10]	MORRIS T H , JONES B A , VAUGHN R B ,et al. Deterministic intrusion detection rules for Modbus protocols[C]// The 46th Hawaii International Conference on System Sciences (HICSS). 2013: 1773-1781.
[11]	MORRIST , VAUGHN R , DANDASS Y . A retrofit network intrusion detection system for modbus RTU and ASCII industrial control systems[C]// The 45th Hawaii International Conference on System Science. 2012: 2338-2345.
[12]	CARCANO A , COLETTA A , GUGLIELMI M ,et al. A multidimensional critical state analysis for detecting intrusions in SCADA systems[J]. IEEE Transactions on Industrial Informatics, 2011,7(2): 179-186.
[13]	FOVINO I N , CARCANO A , MUREL T D L ,et al. Modbus/DNP3 state-based intrusion detection system[C]// 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA). 2010: 729-736.
[14]	GOLDENBERG N , WOOL A . Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems[J]. International Journal of Critical Infrastructure Protection, 2013,6(2): 63-75.
[15]	DAMIANI E . Composite intrusion detection in process control networks[D]. Uniersity Degli Studi Di Milano, 2009.
[16]	LINDA O , MANIC M , VOLLMER T ,et al. Fuzzy logic based anomaly detection for embedded network security cyber sensor[C]// IEEE Symposium on Computational Intelligence in Cyber Security. 2011: 202-209.
[17]	LINDA O , VOLLMER T , MANIC M . Neural network based intrusion detection system for critical infrastructures[C]// International Joint Conference on Neural Networks. 2009: 1827-1834.
[18]	ANOOP A , SREEIA M S . New genetic algorithm based intrusion detection system for SCADA[J]. International Journal of Engineering Innovations and Research, 2013,2(2): 171-175.
[19]	济晓 . MATLAB 在振动信号处理中的应用[M]. 北京: 中国水利水电出版社, 2006.
	JI X . The application of MATLAB in vibration signal processing[M]. Beijing: China Water Conservancy and Hydropower Press, 2006.
[20]	言俊科 . 系统辨识理论及应用[M]. 北京: 国防工业出版社, 2003.
	YAN J K . System identification theory and application[M]. Beijing: National Defence Industry Press, 2003.

Metrics

Recommended 0

No Suggested Reading articles found!

模型	拟合相似度	拟合误差
ARX模型	0.891 9	0.272 3
ARMAX模型	0.922 8	0.110 9
Box-Jenkins模型	0.964 4	0.104 4
N4SID模型	0.856 3	0.124 4

攻击类型	攻击描述	检测结果
拒绝服务攻击/重放攻击	截获组态软件用于关闭 PLC的通信数据分组并重放导致PLC异常关闭	检出
逻辑代码篡改	修改 PLC 中控制逻辑的参数，造成控制结果发生偏差	检出
中间人攻击	修改液位高度传感器向 PLC发送的实时液位高度，并恶意地将液位高度调高0.1 m	检出

Research on industrial control system intrusion detection method based on simulation modelling

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 20

References 20

Related Articles 15

Metrics

Recommended 0

[1]	Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103.
[2]	Jianxin LIAO, Xiaoyuan FU, Qi QI, Jingyu WANG, Haifeng SUN. 6G-ADM: knowledge based 6G network management and control architecture [J]. Journal on Communications, 2022, 43(6): 3-15.
[3]	Quan CHEN, Lei YANG, Jianming GUO, Xingchen LI, Yong ZHAO, Xiaoqian CHEN. LEO mega-constellation network:networking technologies and state of the art [J]. Journal on Communications, 2022, 43(5): 177-189.
[4]	Fan ZHANG, Yun HUANG, Zizhuo FANG, Wei GUO. Lost-minimum post-training parameter quantization method for convolutional neural network [J]. Journal on Communications, 2022, 43(4): 114-122.
[5]	Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13.
[6]	Ping WU, Chaowen CHANG, Zhibin ZUO, Yingying MA. Address overloading-based packet forwarding verification in SDN [J]. Journal on Communications, 2022, 43(3): 88-100.
[7]	Haili SUN, Xiang LONG, Lansheng HAN, Yan HUANG, Qingbo LI. Overview of anomaly detection techniques for industrial Internet of things [J]. Journal on Communications, 2022, 43(3): 196-210.
[8]	Zhuo CHEN, Miao ZHU, Junwei DU. Multi-view graph neural network for fraud detection algorithm [J]. Journal on Communications, 2022, 43(11): 225-232.
[9]	Xueyuan DUAN, Yu FU, Kun WANG, Taotao LIU, Bin LI. Network traffic anomaly detection method based on multi-scale characteristic [J]. Journal on Communications, 2022, 43(10): 65-76.
[10]	Shaohu DING,Ning QI,Yiwei GUO. Evaluation of mimic defense strategy based on M-FlipIt game model [J]. Journal on Communications, 2020, 41(7): 186-194.
[11]	Tieming CHEN,Chengqiang JIN,Mingqi LYU,Tiantian ZHU. Intelligent detection method on network malicious traffic based on sample enhancement [J]. Journal on Communications, 2020, 41(6): 128-138.
[12]	Qi QI,Runye SHEN,Jingyu WANG. GAD:topology-aware time series anomaly detection [J]. Journal on Communications, 2020, 41(6): 152-160.
[13]	Xiaoli YIN, Tong ZHENG, Zhiwen SUN, Zhaoyuan ZHANG. Simulation of transmission characteristics of oceanic wireless optical communication systems based on orbital angular momentum multiplexing with space-time coding [J]. Journal on Communications, 2020, 41(12): 110-117.
[14]	Xiaohui YANG,Shengchang ZHANG. Anomaly detection model based on multi-grained cascade isolation forest algorithm [J]. Journal on Communications, 2019, 40(8): 133-142.
[15]	Jianping CHEN,Zhengxia YANG,Quan LIU,Hongjie WU,Yang XU,Qiming FU. Heuristic Sarsa algorithm based on value function transfer [J]. Journal on Communications, 2018, 39(8): 37-47.