工业控制网络数据访问控制技术研究与实现

发布时间：2018-04-28 16:45

本文选题：工业控制网络 + 访问控制　；参考：《电子科技大学》2016年硕士论文

【摘要】：近年来,针对工业控制网络的攻击事件频繁发生,其严重威胁到国家和重要生产部门的安全以及造成了重大的经济损失。最典型的是“震网”病毒攻击伊朗核设备的事件。由于工业控制网络在设计之初被应用于封闭的网络环境中,并未周全的考虑信息安全问题,使得工业控制网络的缺陷完全暴露在外,让入侵者有机可乘,从而发动各种攻击。鉴于此,本文通过设计针对各类攻击的安全方案来实现对工业控制网络信息安全的防护,主要工作为:1、研究了工业控制网络的结构及其结构特点。分析了工业控制网络的脆弱性,由此提出了工业控制网络防御方案。并着重对总方案中的第二层次防御进行研究,设计了针对基于恶意数据包的攻击、欺骗性攻击以及异常流量攻击等的攻击防御方案。2、针对基于恶意数据包的攻击、欺骗性攻击,设计了访问控制防御模型。根据访问控制原理,设计了访问控制防御模型总框架,其包括了数据信息提取和安全策略两大部分。重点设计了安全域、白名单以及针对欺骗性攻击和syn flood攻击的安全策略。在linux平台的netfilter/iptables框架下实现了上述安全策略,并进行测试。3、针对工业控制网络的异常流量攻击,设计了基于多分类支持向量机(SVM)的异常流量检测系统。根据经典CIDF入侵检测系统,设计了异常流量检测系统总框架,其包括了数据信息提取、数据预处理以及异常流量检测模型。结合异常流量攻击特点和二分类SVM,设计了基于多分类SVM的检测模型。在linux平台下结合libsvm软件实现了多分类SVM检测模型的构造,并进行了测试。本文针对工业控制网络的各类攻击,设计的访问控制防御模型和基于多分类SVM的异常流量检测系统,对工控信息安全的发展有着积极的意义。
[Abstract]:In recent years, attacks against industrial control networks occur frequently, which seriously threaten the security of countries and important production departments and cause great economic losses. The most typical attack on Iran's nuclear equipment was the earthquake net virus. Because the industrial control network was applied in the closed network environment at the beginning of the design, it did not consider the information security thoroughly, so that the defects of the industrial control network were completely exposed, so that the intruders could take advantage of it, thus launching all kinds of attacks. In view of this, this paper designs a security scheme for various attacks to protect the information security of industrial control network. The main work is: 1. The structure and structural characteristics of industrial control network are studied. The vulnerability of industrial control network is analyzed, and the defense scheme of industrial control network is put forward. The second level of defense in the total scheme is studied, and the attack defense scheme. 2 is designed for attack based on malicious data packet, deceptive attack and abnormal traffic attack, and deceptive attack against attack based on malicious packet, deceptive attack, etc. An access control defense model is designed. According to the principle of access control, the general framework of access control defense model is designed, which includes two parts: data information extraction and security policy. The security domain, whitelist and security strategy for deceptive attack and syn flood attack are designed. The above security strategy is implemented under the netfilter/iptables framework of linux platform, and the outlier flow detection system based on multi-class support vector machine (SVM) is designed for the abnormal traffic attack of industrial control network. According to the classical CIDF intrusion detection system, the general framework of anomaly traffic detection system is designed, which includes data information extraction, data preprocessing and abnormal traffic detection model. Combined with the characteristics of abnormal traffic attack and two-class SVM, a detection model based on multi-classification SVM is designed. The multi-class SVM detection model is constructed based on linux and libsvm software, and tested. This paper aims at various kinds of attacks of industrial control network, designs the access control defense model and the abnormal flow detection system based on multi-class SVM, which has positive significance for the development of industrial control information security.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP393.08

【参考文献】