Research On Security Technology Of Network Control System Based On Cyber-physical Concept

Represented as the "Stuxnet" virus, the advanced cyber attacks target the major infrastructure related to the national economy and people’s livelihood, making the security issues of industrial automation control systems rise up to national safety issues. The security issues between control system and IT systems are essentially different. The core is that the control system is closely linked with the physical system, which is a cyber-physical fused system. At present, in the control system security research field, academia basicly follows the theories and methods of IT system, which can not provide mathematical description,intrusion detection methods and security risk assessment techniques of the security issues like "Stuxnet" virus. Therefore, we need to establish a new technical system based on cyber-physical concept in order to deal with the challenge of control system security,Taking network control system(NCS) as the research object, this paper deeply studies the security protocol at the communication channel layer, intrusion detection at the device layer, trust management and safe resources allocation at the system layer, and other scientific issues. The cyber-physical method is used to build a NCS security technical system.Firstly, the mathematical description of security issues in NCS is given. From the perspective of control theory, the cyber security concept is introduced, and the essential features of NCS cyber security problem are analyzed. By analyzing the hackers’ attack behavior on NCS communication channel, the uniform communication channel attack model is established, which mathematically describes the typical message attack modes, such as modification, eavesdrop, drop, replay, etc. By analyzing the hacker’s attack behavior on NCS control process, the hacker attack functions is introduced, and the state equations of the control system are extended. The mathematical model of the spoofing and Do S attack is established, and some typical attack strategy is mathematically described, including surge, bias and geometric attack. The NCS security target concept based on security status collection and failure probability is proposed, which provides basic theorical platform for the following NCS security techniques research.In order to solve the NCS fieldbus security state synchronization problem, using stream cipher technology to improvement the safety of fieldbus protocol, a communication mechanism(S3M) based on the security state synchronization is proposed, and its security performance is proved. The S3 M dynamically splits stream cipher into encryption factor, authentication factor and synchronization factor, which respectively realizes the encryption, authentication and synchronization of fieldbus message. Thus S3 M can, assures the confidentiality, integrity and security synchronization of fieldbus message without increasing the protocol communication load. Taking Modbus for instance, this paper illustrates the stream cipher machine selection, bit stream splitting and MAC operator construction process in S3 M. S3 M is compared with other fieldbus s safety mechanisms like KSSM and AES encryption, and the result shows that S3 M has better defense capability and realizability.Network intrusion detection algorithm in IT systems is completely useless for the legal agreement but illegal content network attack by the hackers who obtain the right to control network. Aimed at this problem, the traditional non-parametric CUSUM algorithm is improved, and a NCS intrusion detection algorithms based on industrial control model is proposed. The improved CUSUM algorithm does not need to know the probability distribution of hacking, which can efficiently deal with the internal attack from intellectual hackers. Taking blast furnace stove dome temperature control system as targer object, the simulation results verify the efficiency of the algorithm. On the basis of the improved CUSUM algorithm, using the Bayes condition probability theorem to relevantly calculate the continuous detecting results, the fault alarm rate in intrusion detection can be decreased efficiently.In NCS that exists malicious nodes, how to isolate and restrict them to ensure the system’s safe operation is an important issue needed to be solved in the system level for the industrial control system safety. Under this circumstance, a safe assignment method based on clusters credibility is proposed, which allocates the tasks needed to be implemented to the safe nodes at the maximum degree. In order to describe NCS reasonably, the NCS is abstracted into clustered system. The multi-agent model is used to describe the operation strategy of the clustered system. The credibility concept and quantitive calculating method of nodes and clusters is given. The functional safety and network security of each unit and controller are quantized, and the values of functional safety and network security are treated as the basis of the credibility calculation. Thus, a safe tasks management mechanism based on credibility is constructed. The simulation results show that the mechanism can ensure effective isolation of nodes with low credibility.This thesis analyzes the essence of NCS security problem from the aspect of cyber-physical system. The integrated technical system including hackers’ behavior description, security goal definition, communication channel security protocol, intrusion detection theory and system trust management is established, which can offer theoretical basis and method instruction for technical research and product development in this field.