摘要
随着工业控制系统(industrial control systems,ICS)的网络化,其原有的封闭性被打破,各种病毒、木马等随着正常的信息流进入ICS,已严重威胁ICS的安全性,如何做好ICS安全防护已迫在眉睫.入侵检测方法作为一种主动的信息安全防护技术可以有效弥补防火墙等传统安全防护技术的不足,被认为是ICS的第二道安全防线,可以实现对ICS外部和内部入侵的实时检测.当前工控系统入侵检测的研究非常活跃,来自计算机、自动化以及通信等不同领域的研究人员从不同角度提出一系列ICS入侵检测方法,已成为ICS安全领域一个热点研究方向.鉴于此,综述了ICS入侵检测的研究现状、存在的问题以及有待进一步解决的问题.
With the networking of industrial control systems(ICS),its original closeness has been broken.Various viruses and Trojans have entered ICS with normal information flow,which has seriously threatened the security of ICS.Then,how to protect ICS security becomes an issue of prior importance.Intrusion detection,as an active information security protection technology,can effectively remedy the shortcomings of traditional security protection technologies such as firewalls.It is often considered as the second security line of ICS,and can realize real-time detection of external and internal intrusions of ICS.At present,the research of intrusion detection in industrial control systems is very active.Researchers from different fields,such as computer,automation and communication,have proposed a series of ICS intrusion detection methods from different perspectives,which has become a hot research direction in the field of ICS security.This paper briefly reviews the state-of-art of the ICS intrusion detection,the existing problems and the problems to be further solved.
作者
张文安
洪榛
朱俊威
陈博
ZHANG Wen-an;HONG Zhen;ZHU Jun-wei;CHEN Bo(College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China;Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China)
出处
《控制与决策》
EI
CSCD
北大核心
2019年第11期2277-2288,共12页
Control and Decision
基金
国家自然科学基金项目(61573319,61803334,61973277)
浙江省自然科学基金项目(LQ18F030012)
国家留学基金项目(201908330040)
关键词
工业控制系统
网络入侵检测
模式匹配
时域分析
频域分析
设备指纹
industrial control systems
network intrusion detection
pattern matching
time-domain analysis
frequency-domain analysis
device fingerprinting
