非侵入式的基于功耗的PLC异常监测系统

发布时间：2017-12-31 16:09

本文关键词：非侵入式的基于功耗的PLC异常监测系统　出处：《浙江大学》2017年硕士论文　论文类型：学位论文

【摘要】：工业控制系统广泛应用于关键基础设施的建设中,关系到国计民生,其重要性不言而喻。随着信息技术的发展,工业控制系统不再是物理隔绝系统,其与信息技术的结合为工业控制系统本身带来了严重的安全威胁。可编程逻辑控制器(Programmable Logic Controller,PLC)作为工业控制系统中的关键组成部分,直接控制现场设备的运行,一旦其遭到攻击运行了恶意指令,将直接给控制现场造成重大财产损失甚至人员伤亡。然而,现有的防护方案大多是移植于传统的网络安全方案,无法很好的应用于工业控制系统中。PLC运行逻辑简单且工作模式单一,其运行时产生的功耗信息与运行的程序之间有密切的关系。基于上述分析,本文创新性地提出了一种非侵入式的基于功耗的PLC安全监测系统。基于功耗的监测系统通过采集PLC运行时的功耗信息,并结合稀疏编码算法从原始信息中提取最优的特征组合,然后通过训练一个基于长短记忆单元的神经网络来完成异常程序的检测。该检测算法在不需要异常程序样本的情况下,可以实现对已知攻击和未知攻击的检测。为了验证算法的有效性,我们在实验室搭建了简单的液位控制系统,并完成了木马攻击,基于该实验平台,我们验证了在正常情况和异常情况下,该算法都能达到很好的检测效果。当攻击程序与原程序的差别大于0.63%时,检测准确率高于99.83%。在完成实验验证后,我们基于自主设计的STM32数据采集器完成了实时监测系统的开发。该系统具有非侵入式,无需对原工业控制系统进行软硬件的修改,能够实现对未知异常进行检测等优点。
[Abstract]:Industrial control systems are widely used in the construction of key infrastructure in relation to the importance of self-evident. Beneficial to the people's livelihood, with the development of information technology, industrial control system is no longer a physical isolation system, combined with the information technology has brought a serious security threat for the industrial control system. The programmable logic controller (Programmable Logic Controller, PLC) as a key component in the industrial control system, direct control of site equipment operation, once the attack run malicious commands directly to the control site causing heavy casualties and property losses. However, most of the existing protection scheme of network security solutions to the traditional application of transplantation, not very good at.PLC industrial control system operation logic is simple and single working mode, a secret between the power of information and operation of its runtime program Cut the relationship. Based on the above analysis, this paper proposes a non intrusive PLC safety monitoring system based on power consumption. The power consumption of the monitoring system through the power consumption information collection PLC based on runtime, and combined with the sparse encoding feature extraction algorithm is the optimal combination of the information from the original, and then through the training of a neural network the length of the memory element is accomplished based on the abnormal detection. The detection algorithm does not require abnormal samples, can be used to detect known and unknown attack. In order to verify the effectiveness of the algorithm, we build a simple level control system in the laboratory, and completed the Trojan attacks, based on the experimental platform and we verified in normal and abnormal conditions, the algorithm can achieve good detection effect. When the attack program with the original program the difference is greater than 0.63%, the detection accuracy The rate is higher than that of 99.83%. in the experiment verification, we designed STM32 data acquisition system is completed based on development of real-time monitoring system. The system is non intrusive, without the original industrial control system hardware and software modifications, can realize the advantages of detection of unknown anomalies.

【学位授予单位】：浙江大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP274;TP273

【参考文献】