工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差。为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻...工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差。为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻击研究面向ICS,建立一种隐蔽的FDI攻击模型,可以在不影响ICS正常通信情况下注入虚假数据篡改监控变量。遵循该攻击模型,在煤制甲醇仿真工厂进行了验证实验,证明威胁切实存在,且难以察觉;同时,分析了威胁的严重性并讨论了防御措施。展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
The authors propose a new persistent transmission based real time Ethernet MAC protocol that provides a predictable upper bound for the delivery delay of real time frames. Moreover, it is compatible with the protocol ...The authors propose a new persistent transmission based real time Ethernet MAC protocol that provides a predictable upper bound for the delivery delay of real time frames. Moreover, it is compatible with the protocol used by the existing Ethernet controllers for conventional datagram traffic and thus standard Ethernet stations can be used in the system without any modification. The paper describes the protocol in detail and analyses the maximum delivery delay for real time traffic and the efficiency of the channel.展开更多
Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of contr...Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.展开更多
文摘工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差。为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻击研究面向ICS,建立一种隐蔽的FDI攻击模型,可以在不影响ICS正常通信情况下注入虚假数据篡改监控变量。遵循该攻击模型,在煤制甲醇仿真工厂进行了验证实验,证明威胁切实存在,且难以察觉;同时,分析了威胁的严重性并讨论了防御措施。
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
基金TheNationalNaturalScienceFoundationofChina (No .6 9984 0 0 3)
文摘The authors propose a new persistent transmission based real time Ethernet MAC protocol that provides a predictable upper bound for the delivery delay of real time frames. Moreover, it is compatible with the protocol used by the existing Ethernet controllers for conventional datagram traffic and thus standard Ethernet stations can be used in the system without any modification. The paper describes the protocol in detail and analyses the maximum delivery delay for real time traffic and the efficiency of the channel.
基金This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT:Ministry of Science and ICT)(Nos.NRF-2016M2A8A4952280 and NRF-2020R1A2C1012187).
文摘Cyberattacks on the Industrial Control System(ICS)have recently been increasing,made more intelligent by advancing technologies.As such,cybersecurity for such systems is attracting attention.As a core element of control devices,the Programmable Logic Controller(PLC)in an ICS carries out on-site control over the ICS.A cyberattack on the PLC will cause damages on the overall ICS,with Stuxnet and Duqu as the most representative cases.Thus,cybersecurity for PLCs is considered essential,and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks.In this study,a vulnerability analysis was conducted on the XGB PLC.Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack,memory modulation attack,and FTP/Web service account theft for the verification of the results.Based on the results,the attacks were proven to be able to cause the PLC to malfunction and disable it,and the identified vulnerabilities were defined.