發(fā)布時間：2018-05-14 07:23

  本文選題：工業(yè)控制系統(tǒng)（ICS） + 信息安全�。� 參考：《重慶理工大學》2014年碩士論文

【摘要】：工業(yè)控制系統(tǒng)（Industrial Control System，ICS）是電力、冶金、化工、石油、天然氣、水利、交通等關(guān)鍵基礎(chǔ)設(shè)施的核心系統(tǒng)，其運行安全性直接關(guān)系到人民生命財產(chǎn)安全和國家戰(zhàn)略安全。然而長期以來，ICS屬于封閉的專有系統(tǒng)，與互聯(lián)網(wǎng)處于“物理隔離”狀態(tài)，其設(shè)計與實施目標主要注重系統(tǒng)的功能性、可用性、可測性和可控性。隨著網(wǎng)絡與信息技術(shù)的發(fā)展，尤其是互聯(lián)網(wǎng)、云計算、物聯(lián)網(wǎng)的廣泛應用，ICS已逐漸開始從“封閉系統(tǒng)”變成了“開放系統(tǒng)”（如允許遠程操控、允許與企業(yè)內(nèi)部或產(chǎn)業(yè)鏈上的其他系統(tǒng)互聯(lián)互通等）、從“專有技術(shù)系統(tǒng)”變成了“通用技術(shù)系統(tǒng)”（如采用Windows操作系統(tǒng)、TCP/IP協(xié)議等），致使ICS的安全形勢日益嚴峻。ICS的信息安全形勢已經(jīng)引起了國家、政府機關(guān)、大型國有企業(yè)及高等院校的高度重視，已然成為近年來信息安全領(lǐng)域研究的熱點。 該文依據(jù)“上位機系統(tǒng)文件變更異常檢測上下位機通信異常檢測下位機數(shù)據(jù)異常檢測”的邏輯主線展開深入研究。首先，對ICS的發(fā)展概況和信息安全現(xiàn)狀進行了深入分析，分析了ICS現(xiàn)有的防護手段（工業(yè)防火墻技術(shù)）及其局限性，研究分析了當前主流的異常檢測技術(shù)；其次，論文對ICS的體系結(jié)構(gòu)進行了詳細分析，將ICS系統(tǒng)分為“企業(yè)區(qū)”、“上位機區(qū)”、“下位機區(qū)”三個區(qū)域進行不同等級的安全防護。針對上位機區(qū)異常檢測，論文研究了上位機系統(tǒng)文件變更異常檢測技術(shù)，設(shè)計了文件變更異常檢測的流程與方法；針對上下位機通信異常檢測，該文著重研究了開源異常檢測系統(tǒng)Snort及其規(guī)則，總結(jié)和設(shè)計了一套基于“工業(yè)現(xiàn)場總線協(xié)議——MODBUS協(xié)議”的Snort規(guī)則；針對ICS下位機的控制數(shù)據(jù)、通信協(xié)議、高實時性等特點，結(jié)合聚類的相關(guān)算法，提出了一種基于自適應聚類的離群點挖掘算法（ACBOD,AdaptiveClustering-Based Outlier Detection）。 在以上研究基礎(chǔ)上，采用ASP.NET工具，研制了面向ICS的異常檢測原型系統(tǒng)，，該系統(tǒng)包括：上位機系統(tǒng)文件變更異常檢測、上下位機通信異常檢測、下位機數(shù)據(jù)異常檢測等三個模塊；最后，通過設(shè)計三組實驗分別對原型系統(tǒng)進行了實驗分析，實驗結(jié)果論證了系統(tǒng)的有效性、正確性和實用性。
[Abstract]:Industrial Control system is the core system of electric power, metallurgy, chemical industry, petroleum, natural gas, water conservancy, transportation and so on. Its operation safety is directly related to the safety of people's life and property and national strategic safety. However, for a long time, CICS is a closed proprietary system, which is "physically isolated" from the Internet. Its design and implementation aim is to focus on the functionality, usability, testability and controllability of the system. With the development of network and information technology, especially the Internet of Internet, cloud computing, the extensive application of Internet of things (ICS) has gradually begun to change from "closed system" to "open system" (such as allowing remote manipulation, Allowing interconnection with other systems within the enterprise or in the industrial chain, etc., has changed from "proprietary technology systems" to "universal technology systems" (such as the adoption of the Windows operating system / TCP / IP protocol, etc.), resulting in an increasingly serious security situation for ICS. ICSs The information security situation in China has caused the country, Government agencies, large-scale state-owned enterprises and institutions of higher learning attach great importance to it, which has become a hot topic in the field of information security in recent years. Based on the logic thread of "abnormal detection of file change of upper and lower computer communication anomaly detection of upper and lower computer", this paper makes a deep research on the logic thread of "detecting abnormal data of upper and lower computer". Firstly, the development and information security of ICS are deeply analyzed, the existing protection means of ICS (industrial firewall technology) and its limitations are analyzed, and the current mainstream anomaly detection technology is analyzed. In this paper, the architecture of ICS is analyzed in detail, and the ICS system is divided into three areas: "enterprise area", "upper computer area" and "lower computer area" for different levels of security protection. Aiming at the anomaly detection of upper computer area, this paper studies the technology of file change anomaly detection in upper computer system, designs the flow and method of file change anomaly detection, and aims at the communication anomaly detection of upper and lower computers. This paper studies the open source anomaly detection system (Snort) and its rules, summarizes and designs a set of Snort rules based on "industrial fieldbus protocol-Modbus protocol", aiming at the control data, communication protocol and high real-time performance of ICS slave computer. In this paper, an adaptive clustering based outlier mining algorithm is proposed, which is based on the correlation algorithm of clustering, and the adaptive Clustering-Based Outlier detection algorithm is proposed. Based on the above research, an anomaly detection prototype system for ICS is developed by using ASP.NET tool. The system includes three modules: the file change anomaly detection of the upper computer system, the communication anomaly detection of the upper and lower computer, and the abnormal detection of the data of the lower computer. Finally, three groups of experiments are designed to analyze the prototype system, and the experimental results demonstrate the validity, correctness and practicability of the system.
【學位授予單位】：重慶理工大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 王麗;俞程剛;;RS-485總線在儀表自動化控制系統(tǒng)中的應用[J];電腦知識與技術(shù);2010年18期

2 張帥;;工業(yè)控制系統(tǒng)安全現(xiàn)狀與風險分析——ICS工業(yè)控制系統(tǒng)安全風險分析之一[J];計算機安全;2012年01期

3 ;國務院關(guān)于大力推進信息化發(fā)展和切實保障信息安全的若干意見[J];中華人民共和國國務院公報;2012年21期

4 ;重慶市人民政府辦公廳轉(zhuǎn)發(fā)工業(yè)和信息化部關(guān)于加強工業(yè)控制系統(tǒng)信息安全管理通知的通知[J];重慶市人民政府公報;2012年02期

5 蔣盛益,徐雨明,陳溪輝;異常挖掘研究綜述[J];衡陽師范學院學報(自然科學);2004年03期

6 方怡;王君;王曉茹;;基于暫態(tài)穩(wěn)定評估的數(shù)據(jù)挖掘預處理[J];機電工程;2007年10期

7 蔣盛益,李慶華;聚類分析中的差異性度量方法研究[J];計算機工程與應用;2005年11期

8 薛安榮;姚林;鞠時光;陳偉鶴;馬漢達;;離群點挖掘方法綜述[J];計算機科學;2008年11期

9 李慶華,童健華,孟中樓,張薇;基于數(shù)據(jù)挖掘的入侵特征建模[J];計算機工程;2004年08期

10 連一峰,戴英俠,王航;基于模式挖掘的用戶行為異常檢測[J];計算機學報;2002年03期

相關(guān)博士學位論文 前1條

1 李超;網(wǎng)絡控制系統(tǒng)研究與設(shè)計[D];華北電力大學;2012年

本文編號：1886918