基于攻击图的Modbus网络脆弱性研究

发布时间：2018-01-04 18:34

本文关键词：基于攻击图的Modbus网络脆弱性研究　出处：《浙江大学》2015年硕士论文　论文类型：学位论文

【摘要】：近年来,工业控制领域出现了许多安全事件,造成了重大经济损失、人员伤亡以及社会影响。Modbus是工业上应用最广泛的通信协议之一,已经成为了事实上的工业标准。国内外专家对于信息领域安全问题已经做了大量研究,但是对于工业控制网络安全问题的研究,尤其对于Modbus网络脆弱性的研究并不多。本文建立了Modbus网络脆弱性定性分析的攻击图模型和基于PageRank的攻击图模型,提出了在两种模型上分别对Modbus网络脆弱性进行定性和定量分析的方法,并进行了实验,分析了Modbus网络的脆弱性,提出了防护建议。本文的主要工作如下：(1)建立了Modbus网络脆弱性的定性分析攻击图模型,分析了Modbus网络中节点的脆弱性。通过分析Modbus网络中存在的可被利用的漏洞,评定了Modbus网络中节点的资产价值,建立了Modbus网络的攻击图模型,并进行了脆弱性定性分析。(2)建立了Modbus网络的基于PageRank的攻击图模型(PageRank-based Attack Graph, PAG),并提出了Modbus网络脆弱性的度量指标和计算方法。首先介绍了Modbus协议的通信机制,分析了Modbus网络中设备之间的依赖关系,对Modbus网络中设备的资产价值进行了评估,使用PageRank方法确定了网络中各个节点的重要度等级。此外,通过分析Modbus网络的通信机制,确定了攻击者在攻击的过程中各个节点之间的状态转移概率。最后提出了Modbus网络脆弱性和节点脆弱性的度量指标,提出了使用贝叶斯网络对Modbus网络脆弱性进行定量分析的方法。(3)建立了锅炉控制系统的Modbus/TCP实验网络和数据采集系统的无线Modbus实验网络的仿真实验环境,进行了实验和分析。使用基于PageRank的攻击图对两个实验网络的脆弱性进行建模,分析了模型中的每个节点的脆弱性,分析了影响Modbus网络中节点脆弱性的因素,最后提出了对Modbus网络进行防护的指导建议。
[Abstract]:In recent years, there have been many security incidents in the field of industrial control, resulting in significant economic losses, casualties and social impact. Modbus is one of the most widely used communication protocols in industry. Experts at home and abroad have done a lot of research on the security of information field, but the research on the security of industrial control network. Especially for the Modbus network vulnerability is not much research. This paper establishes the Modbus network vulnerability qualitative analysis of the attack graph model and the attack graph model based on PageRank. In this paper, a qualitative and quantitative analysis method of Modbus network vulnerability is proposed based on two models, and experiments are carried out to analyze the vulnerability of Modbus network. The main work of this paper is as follows: 1) the qualitative analysis attack graph model of Modbus network vulnerability is established. The vulnerability of nodes in Modbus network is analyzed, and the assets value of nodes in Modbus network is evaluated by analyzing the exploitable vulnerabilities in Modbus network. The attack graph model of Modbus network is established. Finally, the vulnerability qualitative analysis. 2) the attack graph model based on PageRank of Modbus network is established (. PageRank-based Attack Graph. At the same time, the paper puts forward the measure index and calculation method of Modbus network vulnerability. Firstly, the communication mechanism of Modbus protocol is introduced. The dependence of devices in Modbus network is analyzed, and the asset value of devices in Modbus network is evaluated. PageRank method is used to determine the importance of each node in the network. In addition, the communication mechanism of Modbus network is analyzed. The state transition probability of each node during the attack is determined. Finally, the metrics of Modbus network vulnerability and node vulnerability are proposed. This paper presents a method of quantitative analysis of Modbus network vulnerability using Bayesian network. The Modbus/TCP experimental network of boiler control system and the simulation environment of wireless Modbus experimental network of data acquisition system are established. Using the attack graph based on PageRank to model the vulnerability of the two experimental networks and analyze the vulnerability of each node in the model. The factors that affect the vulnerability of nodes in Modbus network are analyzed. Finally, the guiding suggestions for the protection of Modbus network are put forward.
【学位授予单位】：浙江大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP273;TP393.08

【参考文献】