Computer Science ›› 2018, Vol. 45 ›› Issue (4): 25-33.doi: 10.11896/j.issn.1002-137X.2018.04.004

Previous Articles     Next Articles

Summary of Security Technology and Application in Industrial Control System

SUO Yan-feng, WANG Shao-jie, QIN Yu, LI Qiu-xiang, FENG Da-jun and LI Jing-chun   

  • Online:2018-04-15 Published:2018-05-11

Abstract: In order to face the new challenges caused by the deep integration of control system and Internet technology and resist the target attack,such as shock virus,flame virus and BlackEnergy,aiming at the technical lag of industrial control system vulnerability mining,repair and control,and the problems of “difficult to detect,difficult to monitor,difficult to protect”,this paper researched the theoretical model,key technology,equipment development and test evaluation of industrial control system.Besides,through taking the research of vulnerability mining and utilization as the main line,taking theoretical system architecture research and test verification platform construction as the basis,taking dynamically monitoring protection and active defense as the goal,taking test example set attack and defense verification and typical demonstration as the applicationl,this paper proposed security technology solutions including industrial control system vulnerability mining,depth detection,dynamic protection,active defense,and designed the integrated security technology system including vulnerability mining,verification and evaluation,dynamic protection and active defense.

Key words: Industrial control system,Vulnerability mining,Validation evaluation,Dynamic protection,Active defense

[1] SADEGHI A R,WACHSMANN C,WAIDNER M.Security and privacy challenges in industrial internet of things[C]∥Procee-dings of the 52nd Annual Design Automation Conference.ACM,2015:54.
[2] THABET A.Stuxnet_Malware_Analysis_Paper[J].Freelancer MMware Reseafcher,2010:3-28.
[3] 安天实验室.对flame病毒攻击事件的分析报告[R].哈尔滨:安全实验室,2012.
[4] RAVAL S.BlackEnergy a threat to Industrial Control Systems network security[J].International Journal of Advance Research in Engineering,Science &Technology(IJAREST),2015,2(12):31-34.
[5] LAI Y X,LIU Z H,CAI X T,et al.Research on intrusion detection of industrial control system[J].Journal on Communications,2017,38(2):143-156.(in Chinese) 赖英旭,刘增辉,蔡晓田,等.工业控制系统入侵检测研究综述[J].通信学报,2017,8(2):143-156.
[6] SUN Y A,JING K,WANG Y Z.A Network Security Protection Research for Industrial Control System[J].Journal of Information Securyity Research,2017,3(2):171-176.(in Chinese) 孙易安,井柯,汪义舟.工业控制系统安全网络防护研究[J].信息安全研究,2017,3(2):171-176.
[7] YI S W,ZHANG C B,XIE F,et al.Security analysis of indus-trial control network protocols based on Peach [J].Journal of Tsinghua University(Science & Technology),2017,7(1):50-54.(in Chinese) 伊胜伟,张翀斌,谢丰,等.基于Peach的工业控制网络协议安全分析[J].清华大学学报(自然科学版),2017,7(1):50-54.
[8] ZHANG Y F,HONG Z,WU L F,et al.State based Fuzzing method for industrial control protocols[J].Computer Science,2017,4(5):132-140.(in Chinese) 张亚丰,洪征,吴礼发,等.基于状态的工业控制协议Fuzzing测试技术[J].计算机科学,2017,4(5):132-140.
[9] YU C Q.The Study of Industry Control System Device Vulnerability Discovery[D].Beijing:Beijing University of Posts and Telecommunications,2015.(in Chinese) 于长奇.工业控制设备漏洞挖掘技术研究[D].北京:北京邮电大学,2015.
[10] JIA C Q,FENG D Q.Security assessment for industrial control systems based on fuzzy analytic hierarchy process[J].Journal of Zhejiang University(Engineering Science),2016,50(4):759-765.(in Chinese) 贾驰千,冯冬芹.基于模糊层次分析法的工业控制系统安全评估[J].浙江大学学报(工学版),2016,0(4):759-765.
[11] GONG S D,WANG L.Cyber Security Risk Assessment for Industrial Control System Based on AHP and Information Entropy[J].Industrial Control Computer,2017,0(4):11-12,15.(in Chinese) 龚斯谛,王磊.基于AHP与信息熵的工业控制系统信息安全风险评估研究[J].工业控制计算机,2017,0(4):11-12,15.
[12] ZHONG L G.Research of Information Security Solutions of Industrial Control System Based on Trusted Computing [D].Dalian:Dalian University of Technolngy,2015.(in Chinese) 钟梁高.基于可信计算的工业控制系统信息安全解决方案研究[D].大连:大连理工大学,2015.
[13] WU H.Research on Industrial Control Environment Computing Node Security Protection Technology[D].Beijing:Beijing University of Technolngy,2016.(in Chinese) 吴欢.工业控制环境计算节点安全防护技术研究[D].北京:北京工业大学,2016.
[14] LIU N,YU X H,ZHANG J H.Coordinated Cyber-attack:Infe-rence and Thinking of Incident on Ukrainian Power Grid[J].Automation of Electric Power Systems,2016,40(6):144-147.(in Chinese) 刘念,余星火,张建华.网络协同攻击:乌克兰停电事件的推演与启示[J].电力系统自动化,2016,40(6):144-147.
[15] ASGHARI H,CIERE M,VAN EETEN M J G.Post-mortem of a zombie:conficker cleanup after six years[C]∥Usenix Con-ference on Security Symposium.2015:1-16.
[16] ISA.Security for Industrial Automation and Control Systems:ANSI/ISA-99.00.01-2007[S].
[17] IEC.Industrial communication networks-Network and system security IEC:62433[S].Geneva:IEC,2009.
[18] Department of Energy Federal Energy Regulatory Commis- sion:Mandatory Reliability Standards for Critical Infrastructure Protection.https://www.gao.gov/products/GAO-08-493R.
[19] The Smart Grid Interoperability Panel Cyber Security Working Group.Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security.https://www.smartgrid.gov/files/nistir_7628_.pdf.
[20] Regulatory Guide 5.71.Cyber security programs for nuclear facilities[M].U.S.Nuclear Regulatory Commission,2010.
[21] SCHNEIER B.Attack trees[J].Doctor Dobbs Journal,1999,24(12):21-29.
[22] PITRE-CAMBACDS L,BOUISSOU M.Beyond attacktrees:dynamic security modeling with Boolean logic Driven Markov Processes(BDMP)[C]∥Dependable Computing Conference(EDCC).IEEE,2010:199-208.
[23] KUIPERS D,FABRO M.Control systems cyber security:Defense in depth strategies[C]∥Conference:2007 ISA Expo.
[24] HADZIOSMANOVIC D,BOLZONI D,ETALLE S,et al.Challenges and opportunities in securing industrial control systems[C]∥Complexity in Engineering(COMPENG).IEEE,2012:1-6.
[25] ETALLE S,GREGORY C,BOLZONI D,et al.Monitoring Industrial Control Systems to improve operations and security[R].Security Matters,2013.
[26] 全国工业过程测量控制和自动化标准化技术委员会.工业控制系统信息安全:GB/T30976-2014[S].
[27] KONSTANTINOU C,MANIATAKOS M.Impact of firmware modification attacks on power systems field devices[C]∥IEEE International Conference on Smart Grid Communications.IEEE,2015:283-288.
[28] National Institute of Standards and Technology.MeasurementChallenges and Opportunitie s for Developing Smart Grid Testbeds Workshop 2014.http://www.nist.gov/smartgrid/upload/SG-Testbed-Workshop-Report-FINAL-1-2-8-2014.pdf.
[29] Idaho National Laboratory.National SCADA Test Bed(NSTB) Program.https://www.inl.gov.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] . [J]. Computer Science, 2018, 1(1): 1 .
[2] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75, 88 .
[3] XIA Qing-xun and ZHUANG Yi. Remote Attestation Mechanism Based on Locality Principle[J]. Computer Science, 2018, 45(4): 148 -151, 162 .
[4] LI Bai-shen, LI Ling-zhi, SUN Yong and ZHU Yan-qin. Intranet Defense Algorithm Based on Pseudo Boosting Decision Tree[J]. Computer Science, 2018, 45(4): 157 -162 .
[5] WANG Huan, ZHANG Yun-feng and ZHANG Yan. Rapid Decision Method for Repairing Sequence Based on CFDs[J]. Computer Science, 2018, 45(3): 311 -316 .
[6] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[7] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[8] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[9] LIU Qin. Study on Data Quality Based on Constraint in Computer Forensics[J]. Computer Science, 2018, 45(4): 169 -172 .
[10] ZHONG Fei and YANG Bin. License Plate Detection Based on Principal Component Analysis Network[J]. Computer Science, 2018, 45(3): 268 -273 .