异构网络路由防攻击技术研究

发布时间：2018-07-05 15:37

本文选题：工业异构网 + 路由　；参考：《北京邮电大学》2014年硕士论文

【摘要】：随着计算机和网络通信技术的发展,工业生产过程逐渐实现数字化和智能化,自动化程度越来越高。工业控制系统最开始采用集中控制的计算机网络结构,之后进行技术改进,改用了分布式的计算机控制(DCS),现在采用的是现场总线技术(FSC),并逐渐实现了与以太网互连的智能化以太网端远程控制的嵌入式异构网络。CAN总线作为一种实现简单、传输速率快、高效且安全性优良的总线网络得到很多工业网络的亲睐,以太网和CAN总线互连的嵌入式异构网络成为近年来以太网与工业控制网融合的研究热点。但是工业总线外连给安全性良好的CAN总线带来了新的安全威胁,以太网端的路由攻击造成的网络瘫痪会直接影响工业总线网络的运行。本课题针对以太网和CAN总线互连的工业异构网络路由安全进行研究,并提出了针对常见路由ARP攻击和DDOS攻击的异构网络防护措施。针对工业异构网络,本文首先探索了工业控制网络的主要现场总线技术以及CAN总线的技术协议,分析了以太网与工业控制网互连的必要性及网络技术,并对以太网和CAN总线互连网络的发展现状进行了剖析。其次,本文分析了工业异构网络面临的安全威胁,重点讨论了常见的ARP攻击和DDOS攻击的原理和常见防护方法。然后,本文针对以上两种攻击方式提出了数据加密和协议改进两种防护措施,研究了适合工业控制数据的加密技术,并对协议改进方案进行了深入的技术分析。最后,本文对两种攻击方式及提出的协议改进方法进行了仿真验证,仿真结果表明提出的防御措施确实可以起到一定的有效防护作用。本文通过对工业异构网络路由安全及其防护措施的研究,为工业异构网络的安全技术研究提供了一个可借鉴的方案,同时对加密技术进行了研究分析,希望能引起更多人对工业异构网络安全的关注。
[Abstract]:With the development of computer and network communication technology, the industrial production process is becoming more and more digital and intelligent. The industrial control system initially adopted the centralized control computer network structure, and then carried on the technical improvement, Using distributed computer control (DCS), FSC (Field bus Technology) is used now, and the embedded heterogeneous network .CAN-bus, which is remotely controlled by intelligent Ethernet terminal interconnecting with Ethernet, is realized as a kind of simple realization and fast transmission rate. The bus network with high efficiency and good security has been favored by many industrial networks. The embedded heterogeneous network with Ethernet and can bus interconnection has become the research hotspot of the integration of Ethernet and industrial control network in recent years. However, the external connection of industrial bus brings a new security threat to the safe can bus. The network paralysis caused by the route attack on the Ethernet side will directly affect the operation of the industrial bus network. In this paper, the routing security of industrial heterogeneous network with Ethernet and can bus interconnection is studied, and the protection measures of heterogeneous network against common route ARP attacks and DDOS attacks are put forward. Aiming at the industrial heterogeneous network, this paper first explores the main fieldbus technology of the industrial control network and the technical protocol of can bus, and analyzes the necessity and network technology of the interconnection between Ethernet and the industrial control network. The development status of Ethernet and can bus interconnection network is analyzed. Secondly, this paper analyzes the security threats faced by industrial heterogeneous networks, and discusses the principles and common protection methods of common ARP attacks and DDOS attacks. Then, this paper puts forward two kinds of protection measures, data encryption and protocol improvement, studies the encryption technology suitable for industrial control data, and makes a deep technical analysis of the protocol improvement scheme. Finally, the two attack methods and the proposed protocol improvement methods are simulated and verified. The simulation results show that the proposed defense measures can play an effective role in defense. Based on the research of route security and protection measures of industrial heterogeneous network, this paper provides a reference scheme for the research of industrial heterogeneous network security technology, and analyzes the encryption technology at the same time. It is hoped that more people will pay more attention to the security of industrial heterogeneous networks.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】