一种非侵入式的基于功耗的可编程逻辑控制器异常检测方案（英文）

发布时间：2018-04-24 14:15

本文选题：工业控制系统 + 可编程逻辑控制器　；参考：《Frontiers of Information Technology & Electronic Engineering》2017年04期

【摘要】：工业控制系统广泛应用于关键基础设施的建设中,关系到国计民生,因此,攻击者越来越多地将其作为攻击目标,并造成严重的破坏。可编程逻辑控制器(Programmable logic controller,PLC)作为工业控制系统中的核心组件,能够直接控制现场设备,一旦PLC中运行了恶意程序,则可能直接造成重大财产损失甚至是人员伤亡。近些年来,针对PLC的攻击事件显著增加,这表明PLC存在很大的脆弱性,同时也提醒人们保护PLC安全的重要性。不幸的是,传统的入侵检测系统和杀毒软件并不能很好地保护PLC的安全,因此,针对PLC的有效的安全防护方案有待被研究。基于上述背景,本文提出了一种非侵入式的基于功耗的PLC异常检测方案。该方案通过分析PLC运行时的功耗变化来检测PLC中是否运行异常程序,分为功耗信息获取与功耗分析两部分。采集功耗信息是通过在PLC的供电线上串入一个电阻实现的,当PLC运行时,测量电阻两端的电压即可获取CPU的功耗信息。为了更好的分析功耗信息,本文首先从原始功耗数据中提取有效的特征值组合,然后利用正常样本来训练一个基于长短记忆(long short-term memory,LSTM)单元的神经网络模型,利用该模型对后续正常样本进行预测,通过比较测量到的功耗信息与预测的功耗信息,可以确定当前PLC中运行的程序是否为正常程序。该方案的优点是无需对原工控系统的封装部分进行软硬件的修改,且无需负样本即可实现对未知攻击的检测。我们在实验室测试平台上对该方法进行了评估,实验表明,对于原程序,只需改动0.63%即可达到99.83%的准确率。
[Abstract]:Industrial control system is widely used in the construction of critical infrastructure, which is related to the national economy and the people's livelihood. Therefore, the attackers increasingly take it as the target and cause serious damage. As the core component of industrial control system, Programmable logic Controller (PLC) can directly control the field equipment. Once a malicious program is run in PLC, it may cause serious property losses or even casualties. In recent years, the number of attacks against PLC has increased significantly, which indicates that PLC has great vulnerability and reminds people of the importance of protecting PLC security. Unfortunately, the traditional intrusion detection system and antivirus software can not protect the security of PLC very well. Therefore, the effective security protection scheme for PLC needs to be studied. Based on the above background, a non-intrusive PLC anomaly detection scheme based on power consumption is proposed. This scheme detects whether the abnormal program is running in PLC by analyzing the power change of PLC, which is divided into two parts: power information acquisition and power analysis. The power consumption information is collected by a series of resistors on the PLC power supply line. When the PLC is running, the power consumption information of the CPU can be obtained by measuring the voltage at both ends of the resistor. In order to better analyze power consumption information, this paper firstly extracts effective eigenvalue combinations from the original power consumption data, and then uses normal samples to train a neural network model based on long-memory long short-term memory LSTM unit. The model is used to predict the subsequent normal samples. By comparing the measured power consumption information with the predicted power consumption information, it is possible to determine whether the program running in the current PLC is a normal program. The advantage of this scheme is that it does not need to modify the hardware and software of the encapsulation part of the original industrial control system and can detect unknown attacks without negative samples. The method is evaluated on the laboratory test platform. The experimental results show that the accuracy rate of 99.83% can be achieved with only 0.63% modification of the original program.
【作者单位】： School
【基金】：Project supported by the National Basic Research Program(973)of China(No.2015AA050202)
【分类号】：TP309;TP273

【相似文献】