摘要
针对工业控制系统网络拓扑和工控业务的行为模式,设计了一种基于白名单机制的工业控制网络分级入侵检测算法,从网络实体、工控操作以及工控操作流程三个方面分别建立白名单规则,然后结合对应的算法进行入侵检测。同时,根据不同类型白名单各自的特点,给出了相应的白名单生成算法,增强了系统的可用性和移植性。实验表明,提出的算法能够准确检测工控网络的各种攻击和异常。
Aiming at the network topology of industrial control systems and the behavior patterns of industrial control services,a hierarchical intrusion detection algorithm based on white list mechanism for industrial control networks is designed.A white list rule is established from three aspects:network entity,industrial control operation,and industrial control operation flow,and then the corresponding algorithm are used for intrusion detection.At the same time,according to the characteristics of different types of white lists,a corresponding white list generation algorithm is given,which enhances the availability and portability of the system.Experiments indicate that the proposed algorithm can accurately detect various attacks and anomalies of the industrial control network.
作者
严彪
尹丽波
应欢
孙玉砚
陈新
孙利民
YAN Biao;YIN Li-bo;YING Huan;SUN Yu-yan;CHEN Xin;SUN Li-min(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;National Industrial Information Security Development Research Center,Beijing 100040,China;China Electric Power Research Institute Co.,Ltd.,Beijing 100192,China)
出处
《通信技术》
2018年第4期907-912,共6页
Communications Technology
基金
国家重点研发计划(No.2016YFC1202204)
自然基金重点项目(No.U1766215)
国家自然科学基金青年项目(No.61702506)
国家电网公司科学技术项目(No.52110417001B)~~
关键词
工业控制网络
入侵检测
分级白名单检测
规则生成
industrial control network
intrusion detection
hierarchical white list detection
rule generation
