工业控制系统的入侵检测系统研究

发布时间：2018-04-29 07:56

本文选题：工业控制系统 + 信息安全　；参考：《华北电力大学(北京)》2014年硕士论文

【摘要】：随着计算机技术的发展、通用开发标准和互联网技术的广泛使用,工业控制系统变得更加开放,同时也使得针对工业控制系统的攻击大幅增长。工业控制系统安全事件频发,针对工业控制系统的攻击手段日趋复杂和多样化,造成的后果十分严重。工业控制系统作为国家战略的重要组成部分,其信息安全问题尤为重要,因此很多国家都加快了工业控制系统信息安全防护的研究。入侵检测技术作为有效防止工业控制系统受到攻击的手段之一,也是当今国内外研究的前沿课题。本文分析了工业控制系统当前的安全现状,讨论了工业控制系统存在的脆弱性和安全防护需求。在分析传统入侵检测方法的基础上,剖析工业控制系统的入侵检测系统的功能需求,进行了面向工业控制系统入侵检测系统的总体设计。本文提出一种面向工业控制系统的复合式入侵检测系统,该系统包含入侵检测引擎、基于误用检测技术的入侵检测模块和基于异常检测技术的入侵检测模块三部分,并对后两个模块进行了详细设计。最后本文针对智能变电站进行了入侵检测系统的典型部署和设计,并进行了基于智能变电站的DoS实验,着重评估了复合式入侵检测系统的漏报率和误报率,以及准确率,得到了良好的实验结果,通过实验验证了该系统的有效性。本文提出的工业控制系统的复合式入侵检测系统可以对没有强大计算能力和足够内存的系统进行防护,并且不影响原有系统的业务需求；在不影响被监控系统的条件下,易于整合到原有系统中。
[Abstract]:With the development of computer technology and the wide use of general development standards and Internet technology, industrial control systems become more open, and attacks against industrial control systems increase dramatically. Industrial control system security incidents occur frequently, and the attack methods against industrial control system are becoming more and more complex and diversified, resulting in very serious consequences. As an important part of the national strategy, the information security of industrial control system is particularly important, so many countries have accelerated the research of information security protection of industrial control system. As one of the effective methods to prevent the industrial control system from being attacked, intrusion detection technology is also a frontier research topic at home and abroad. In this paper, the present security situation of industrial control system is analyzed, and the vulnerability of industrial control system and the requirement of safety protection are discussed. Based on the analysis of the traditional intrusion detection methods and the functional requirements of the industrial control system intrusion detection system, the overall design of the industrial control system oriented intrusion detection system is carried out. This paper presents a composite intrusion detection system for industrial control system. The system consists of three parts: intrusion detection engine, intrusion detection module based on misuse detection technology and intrusion detection module based on anomaly detection technology. The latter two modules are designed in detail. Finally, the typical deployment and design of intrusion detection system for intelligent substation are carried out, and the DoS experiment based on intelligent substation is carried out. The failure rate, false alarm rate and accuracy rate of composite intrusion detection system are evaluated emphatically. Good experimental results are obtained and the effectiveness of the system is verified by experiments. The composite intrusion detection system of the industrial control system proposed in this paper can protect the system without strong computing power and enough memory, and does not affect the business requirements of the original system. Easy to integrate into the original system.
【学位授予单位】：华北电力大学(北京)
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP273

【参考文献】