摘要
目前,针对工业控制系统(ICS)网络安全的途径主要是基于防火墙、数据二极管和其他入侵防御方法,这可能不足以应对那些日益增长的、来自积极攻击者的网络威胁。为了提高ICS的网络安全性,提出一种基于行为特征分析的恶意代码检测方法,该方法综合利用网络流量数据、主机系统数据以及测量的过程参数,实现对恶意代码的精准检测。详细分析ICS的业务特征以及网络拓扑,剖析针对ICS的网络攻击技术。所提方法通过对ICS的原始日志信息以及流量信息进行提取,利用基于空间分析和时间分析相互融合的恶意代码检测方法对ICS行为数据进行异常检测。实践表明,所提方法可以有效发现隐藏在网络中的恶意代码攻击行为。
The approaches to industrial control system(ICS)network security are mainly based on firewalls,data diodes and other intrusion prevention methods at present,and these may not be sufficient to address the growing network threats from active attackers.In order to improve the network security of ICS,a malicious code detection method based on behavior feature analysis is proposed,which comprehensively utilizes network traffic data,host system data,and measured process parameters to achieve accurate detection of malicious code.This paper analyzes the service characteristics and network topology of ICS in detail,and analyzes the network attack technology against ICS.The proposed method extracts the original log information and traffic information of ICS,and uses the malicious code detection method based on the integration of spatial analysis and temporal analysis to detect the anomaly of ICS behavior data.Practice shows that the method proposed in this paper can effectively find malicious code attacks hidden in the network.
作者
樊凯
毕凯峰
FAN Kai;BI Kaifeng(China Southern Power Grid Co.,Ltd.,Guangzhou 510000,China;China Southern Power Grid Digital Grid Research Institute Co.,Ltd.,Guangzhou 510000,China)
出处
《微型电脑应用》
2024年第3期97-101,共5页
Microcomputer Applications
基金
中国南方电网公司科技资助项目(ZBKJXM20190077)。
关键词
工业控制系统
恶意代码检测
空间分析
时间分析
industrial control system
malicious code detection
spatial analysis
time analysis
