基于工业控制网络的流量异常检测

发布时间：2018-05-07 01:01

本文选题：工业控制网络 + 流量特性　；参考：《北京工业大学》2014年硕士论文

【摘要】：随着工业化与信息化进程的不断交叉融合，越来越多的信息技术应用到了工业领域，工业控制网络开始由封闭转向开放，随之也带来了很多安全问题。现有的工业控制系统安全保障方案的研究主要集中在访问控制、现场总线安全协议、组态软件安全设计等方面，但由于工业控制网络与普通IT网络的差异性，使很多安全保障方案还远不能够付之于实际生产过程中。对工业控制网络流量进行异常检测是保障工业控制系统安全的有效方法之一。本文针对工业控制网络的现状，将安全监测的重点放在工业控制网络上，主要从网络流量特性的角度出发，进行相关研究。自互联网问世以来，对于普通IT网络的研究从未间断，也取得了一定的成果。直观上来看，工业控制网络的流量特性一定与普通IT网络有所不同。目前针对工业控制网络流量特性的研究很少，而且大部分对工业控制网络的研究仅采用网络仿真来获取流量数据进行分析，这使得结论和实际结果之间可能存在严重偏差。本文通过采集真实环境下的基于工业以太网的工业控制网络流量，将其与普通IT网络流量进行对比，对其重要特性进行详细分析，并分析了其与普通IT网络流量特性产生差异的原因及其对流量建模的影响，，然后本文提出一种基于乘积季节ARIMA模型的工业控制网络流量建模方法，用于建立正常的工业网络流量模型，最后本文模拟了Stuxnet攻击流量，通过乘积季节ARIMA模型预测正常流量来对异常流量进行检测，实验结果表明，该方法具有较好的检测效果。
[Abstract]:With the continuous integration of industrialization and information technology, more and more information technology has been applied to the field of industry, and the industrial control network has begun to change from closed to open, which brings a lot of security problems. The current research on the security scheme of industrial control system mainly focuses on access control, fieldbus security protocol, configuration software security design and so on. However, due to the difference between industrial control network and general IT network, So that many safety and security programs can not be paid in the actual production process. Abnormal detection of industrial control network flow is one of the effective methods to ensure the safety of industrial control system. In view of the present situation of industrial control network, this paper focuses on the industrial control network, mainly from the point of view of network traffic characteristics, carries on the related research. Since the advent of the Internet, the study of ordinary IT networks has never been interrupted, and has also achieved certain results. Intuitively, the traffic characteristics of industrial control networks must be different from those of normal IT networks. At present, there are few researches on the traffic characteristics of industrial control networks, and most of the researches on industrial control networks only use network simulation to obtain traffic data for analysis, which may lead to a serious deviation between the conclusions and the actual results. In this paper, the industrial control network traffic based on industrial Ethernet in real environment is collected and compared with that of common IT network, and its important characteristics are analyzed in detail. The reason of the difference between the traffic characteristics of IT network and that of common IT network is analyzed, and the influence on traffic modeling is analyzed. Then, a method of industrial control network traffic modeling based on product seasonal ARIMA model is proposed in this paper. It is used to establish the normal industrial network traffic model. Finally, the Stuxnet attack traffic is simulated in this paper, and the abnormal traffic is detected by the product seasonal ARIMA model. The experimental results show that the method has good detection effect.
【学位授予单位】：北京工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.06

【共引文献】