| ICS systems, short for Industrial Control Systems, have been widely applied in fields such as production process, power facilities and transportations. Security of traditional control system mainly depends on its exclusive technology and private protocols, which takes almost no security measures. As companies are becoming more concerned of the management of production process data, industrial control systems have been continuously adopting open Internet to interconnect with enterprise networks. In addition, industrial control systems are often used for critical infrastructures, which causes the attackers with either political or economic purposes to launch attacks initiatively, finally resulting in serious consequences. Therefore, in recent years, information security of industrial control systems is becoming an urgent topic with widespread concerns. In this thesis, the security demands, attack types and vulnerabilities of ICS network are studied. A network anomaly detection algorithm is designed for protecting the ICS systems and the optimization of defense resource allocation for control networks is studied. The main contributions of the thesis are as follows:Fundamental issues of the network security in industrial control systems are studied, including vulnerability analysis, network security demands and practical solutions of industrial control network. Firstly, the requirements of industrial control systems are analyzed in accordance with the characteristics of industrial sites. Specifically, these include real-time requirement, availability and cyber-physical interaction in the system. Secondly, the threats and attacks are analyzed, covering both system-related threats and process-related threats.A semi-supervised K-means based network anomaly detection method with incomplete information is designed. In order to fully exploit valid information provided by well-known types of attacks existing in industrial control networks, a new K-means algorithm based on incomplete information is developed combining the semi-supervised algorithm, which could be used to enhance the detection rate. In order to verify the effectiveness of the algorithm, the thesis also simulates the industrial network attacks, and the collected data is used as training set for detection. Experimental results show that the algorithm is able to avoid the shortcomings of semi-supervised K-means for network anomaly detection. An optimization model for defense resource allocation in industrial networked control systems is built. The correlation between network nodes is studied as well as the QoS requirements. The negative effects on real-time perfomance induced by anomaly detection measures are analyzed and consided as a factor in the optimization problem. The primary objective is to minimize the total cost of network deployment for control system defense strategy. |
PDF Full Text Request