基于工业流程分析的工控网络安全审计系统研究

Study on the Audit System of Industrial Control Network Based on Industrial Process Analysis

当前工控网络安全审计产品的总体技术实施思路基本侧重于指令级审计、参数阈值级审计、工控协议审计、环境级审计、行为级审计等方面,这种传统的思路应用于不同的实际工业环境下时显示出一些不足之处。具体表现在不同的行业都有各自不同于其它行业的独特工艺,脱离不同行业的控制工艺以及实际工业流程的传统审计显得深度不够,其实际的审计效果也很难真实、精准地满足用户需求。基于工业流程分析的工控安全审计的技术实现的核心是将基于控制工艺的控制业务流程融入安全审计产品的技术策略中,在具体的技术实现上需要将重点的工艺控制要求进行梳理和汇总,提供给工控网络安全审计产品的设计人员,设计人员结合汇总的工艺要求和对协议的深度解析,定制化的进行工控网络安全审计产品攻击告警规则库的更新,制定与实际应用环境的控制工艺深度融合的定制化的规则库。

At present,the overall technical implementation of industrial control network security audit products focuses on command level audit,parameter threshold level audit,industrial control protocol audit,environment level audit and behavior level audit,etc.This traditional approach shows some deficiencies when applied to different practical industrial environments.Specifically,different industries have their own unique processes that are different from others.Traditional auditing that deviates from the control process of different industries and the actual industrial process is not deep enough,and the actual auditing effect is difficult to truly and accurately meet the needs of users.The core of the technical implementation of the security audit based on industrial process analysis is to integrate the control business process into the technical strategies of security audit products.In specific,it is necessary to study and summarize the key industrial process control requirements,and provide them to the designers of the security audit products.Then the designers customize the update of the attack alarm rule library in industrial control network security audit products,according to the summarized process requirements and the deep analysis of protocols.They also establish a customized rule library that is deeply integrated with the control technology in the practical application environment.