卷接设备IPC控制系统网络安全监测模型的构建

Configuration of network security monitoring model for IPC control system of filtered cigarette maker

为解决卷接设备IPC控制系统因内部缺失防护措施而存在安全隐患等问题,通过分析IPC(Industrial Personal Computer)控制系统的安全漏洞和攻击路径,采用构建控制系统典型攻击链模型的方法,设计了系统网伪控制指令安全监测、IPC控制器非侵入式安全监测、控制网异常控制行为安全监测3个安全监测模块,结合数据无扰采集和安全风险预警技术,构建了能够覆盖卷接设备核心控制设备和通信网络的A3MA(Acquisition-Monitoring-Monitoring-Monitoring-Alarm)安全监测模型。以ZJ17E卷接机组的IPC控制系统为对象进行测试,结果表明:A3MA安全监测模型能够快速发现系统网伪控制指令行为,快速定位针对IPC控制器的未授权篡改行为,快速识别EtherCAT控制网的异常控制行为。该模型可为实现卷接设备IPC控制系统的多层安全监测提供技术支持。

In order to overcome the hidden security troubles in the IPC control system of filtered cigarette maker in the absence of internal protection measures,the security holes and attacked routes of the IPC control system were analyzed and three security monitoring modules were designed by means of developing a typical attack chain model for the control system.The first module was designed for the security monitoring of pseudo instruction of the system network.The second module was designed for the non-intrusive security monitoring of the IPC controller,and the third module was designed for monitoring the abnormal control behavior of the control network.Thereby,an A3MA(Acquisition-Monitoring-Monitoring-Monitoring-Alarm)security monitoring model,which covered the IPC core controller and core communication network of the cigarette maker was configured by integrating with disturbance-free data acquisition and security risk early-warning.The security monitoring model was tested on an IPC control system in a ZJ17E cigarette maker,the results showed that the A3MA security monitoring model could rapidly discern the behaviors of pseudo-control instructions in the system network,rapidly locate the unauthorized tampering behaviors targeting IPC controller and rapidly identify the abnormal control behaviors of EtherCAT control network.This model provides a technical support for the multi-layer security monitoring of IPC control system in filtered cigarette maker.