关键词: 工业控制系统,安全审计,异常行为检测

Abstract: At present,Industrial control system(ICS) is widely used in electric power,transportation,water conservancy,large manufacturing industry and national critical infrastructure．ICS has become the important part of the national security strategy．However,the traditional information security technology(such as firewall technology,intrusion detection technology,etc.) has the different technical principle and the different network protocol,and doesn’t have a good protection effect in ICS．In order to effectively improve the Industrial control system information security(ICSIS) protection,based on the specific data and protocol and the highly real-time requirement,this paper designed an ICSIS audit system,which mainly includes data acquisition module,content detection mo-dule,abnormal behavior judgment module,behavior handling module,audit response module．The testing results show that the ICSIS audit system can comprehensive audit the ICS,and the use of ICSIS audit system can greatly improve the ICS safety protection ability.

Key words: Industrial control system,Security audit,Abnormal behavior detection