基于Hadoop的SCADA系统异常行为分析系统设计与实现

发布时间：2018-03-28 10:00

本文选题：SCADA　切入点：Hadoop　出处：《西南石油大学》2017年硕士论文

【摘要】：在网络技术不断发展和SCADA系统漏洞不断增多的今天,网络攻击也向着分布化、规模化、复杂化等趋势发展,仅仅依靠被动的修补漏洞或者更新病毒库的方法已经不能满足当前情况的需求。因此,如何利用系统本身产生的海量日志和数据,去发现潜在的软件或用户对系统进行的恶意行为操作,如何为信息安全研究人员提供快速方便的开发测试环境是本课题的研究重点。本文通过实地调研并参与川东北气矿主动防御系统的安装与部署,与工程技术人员沟通,并结合Hadoop大数据平台技术,提出基于Hadoop的SCADA系统异常行为分析系统。旨在实现一个数据来源多样与快速,储存量大且易扩展,算法开发方便以及交互界面友好的异常行为数据分析平台。首先,Hadoop是一个分布式系统基础架构,用户可以在不了解分布式底层细节的情况下开发分布式程序,充分利用集群的性能进行高速运算和储存。针对新环境下SCADA系统中日志数据量大,结构多样等特点,利用其开源组件Flume与Kafka可有效地、稳定地对各个SCADA服务器中的日志数据进行搜集、传输和储存,并且由于SCADA系统对稳定性的要求,该系统被设计为高可用(HA)模式,可实现故障机无缝切换的操作,解决了安全算法研究人员对数据需求的问题。其次,通过调研发现,针对工业控制系统安全防御的算法研究还处在探索阶段,为了解决算法研究人员开发周期长,使用的编程语言不统一,测试算法多样性问题,该系统设计并引入Apache Software Foundation(ASF)开发的开源项目Mahout机器学习库,该机器学习库集成多种常用的算法,安全算法研究人员可根据自己的需求,通过修改或复写其相应的对象与方法,就可快速实现用户自定义算法。这就可以让算法研究人员有更多的精力放在算法的优化上面,而不是繁杂的代码实现,可以大大地减少算法研究周期。最后,通过系统性能测试和实际的异常入侵测试与结果分析实验,表明该基于Hadoop的SCADA系统异常行为分析系统可以有效地为算法研究人员提供一个良好且快速的算法开发与测试环境。
[Abstract]:With the continuous development of network technology and the increasing of SCADA system vulnerabilities, network attacks are developing towards the trend of distribution, scale and complexity. Passive methods of fixing vulnerabilities or updating virus libraries are no longer sufficient to meet the needs of the current situation. Therefore, how to make use of the huge amount of logs and data generated by the system itself, To detect malicious actions by potential software or users on the system, How to provide information security researchers with a rapid and convenient development and test environment is the focus of this study. This paper, through field investigation and participation in the installation and deployment of active defense system in Northeast Sichuan Gas Mine, communicates with engineers and technicians. Combined with the technology of Hadoop big data platform, this paper proposes an abnormal behavior analysis system of SCADA system based on Hadoop, which aims to realize a data source of various and fast, large storage and easy to expand. Firstly, Hadoop is a distributed system infrastructure, and users can develop distributed programs without knowing the details of distributed system. This paper makes full use of the performance of cluster to perform high speed operation and storage. Aiming at the characteristics of large amount of log data and diverse structure in SCADA system under the new environment, the open source components Flume and Kafka can be used effectively. The log data in each SCADA server is collected, transmitted and stored stably. Because of the stability requirement of the SCADA system, the system is designed as a highly available SCADA mode, which can realize the seamless switching operation of the fault machine. The problem of data requirement of security algorithm researchers is solved. Secondly, through investigation, it is found that the research on security defense algorithm for industrial control system is still in the exploratory stage, in order to solve the problem that the development period of algorithm researchers is long, The system designs and introduces the open source project Mahout machine learning library developed by Apache Software Foundation. The machine learning library integrates many common algorithms. Security algorithm researchers can quickly implement user-defined algorithms by modifying or duplicating their corresponding objects and methods according to their own needs. Instead of the complicated code implementation, the algorithm research cycle can be greatly reduced. Finally, through the system performance test and the actual abnormal intrusion test and result analysis experiment, The results show that the anomaly behavior analysis system of SCADA system based on Hadoop can effectively provide a good and fast algorithm development and testing environment for algorithm researchers.
【学位授予单位】：西南石油大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【相似文献】