Research On Theories And Key Technologies Of Industrial Control Network Security Defense System

With the organized and targeted attacks against industrial control networks occur frequently in recent years such as the outbreak of Stuxnet and the incident of Ukraine power grid attacked by hackers,the security threats that industrial control networks face are becoming more and more serious.As industrial control network is rather professional and has a higher demand of reliability when it is running,which in turn makes the protection of industrial control network special.Thus it is hard to meet the demand of security protection if we simply adopt traditional information s ecurity protection theories and measures into industrial control networks.The exploration and establishment of a secure and reliable industrial control network is very important to ensure the industrial production running smoothly and ensure the safety of life and property.In this paper,we set the present situation and demand of security protection in industrial control network as the main line of research.On the basis of analysis and research on industrial control network and existing information secur ity protection theory,the security protection theory of industrial control network based on immune theory is proposed.Besides,the model of industrial control network security defense system is established,and the key technologies needed in its establishment are developed.The research and achievements of this paper are mainly reflected in the following five aspects:(1)This paper introduces immune theory into security protection of industrial control network,and proposes the industrial control network security defense system with immunity capability.On the basis of research on traditional network security protection theories,according to characteristics of industrial control network and its special requirements of security protection,this paper establishes an industrial control network security defense system in which the network environment is trustable,the network status is knowable and the network operation is controllable.Three defensive attributes the industrial control network security defens e system should posses are defined,they are the dependability of network environment,the knowability of network status and controllability of network operation.On the basis of these three defensive attributes,through defining security services and security mechanisms in industrial control network,to describe the architecture of industrial control network security defense system.The establishment of industrial control network security defense system provides theoretical basis for construction of industrial control network security protection.(2)This paper proposes industrial control network trusted environment model.According to the characteristics that the network environment of industrial control network is enclosed,clear and limited,through ensuring the dependability of network boundary,terminal equipment and interaction behavior based on trusted measurement theory,to construct a clear and trustable industrial control network environment.Aims at the dependability of terminal equipment,the terminal access detection technology based on trusted measurement is studied.It collects characteristic values of terminal equipments accessed to network and measures their dependability,to ensure that the terminal equipments accessed to network are trustable.Aims at the dependability of interaction behavior,the secure data access technology based on dual datasheets is proposed,one datasheet for read operations and the other for write operations.According to different data access requests from the user,it assigns different access authorities to the user and connects the user to the corresponding data sheet to perform operations.Thus it can implement split and independency of read and write,and ensure the dependability of data access behaviors.(3)For the requirement of knowability for network status,this paper proposes the security monitoring mechanism of industrial control network.Through real-time monitoring for network operation based on situational awareness theory,to implement knowability of terminal equipment accession,network interactive content and abnormal event.It can make present running status of industrial control network clear and can obtain kinds of security threats occur in network in time.According to the requirement of knowability for network interaction,the protocol deep analysis technology is researched to implement comprehensive analysis for content of communication between terminal equipments from data link layer to application layer.According to the requirement of knowability for abnomality,network events fusion technology and security events correlation analysis technology are researched.Through the fusion of network events occur in network,it can extract security events which may threat the security of network running and analyze the relationship between these security events to find attack processes performing in network,which can provide technological support for implementation of network security monitoring mechanism.Finally,through researching the technology of network attack process modeling to describe attack behaviors occur in industrial control network,and improve the ability of network attack behavior analysis.(4)Aims at the requirement of controllability for network operation,the industrial control network security response mechanism is proposed.This paper constructed a closed-loop network security response mechanism framework based on the theory of self-healing.For the abnormal situation occur in network,this mechanism can take corresponding security response measure to ensure the network running smoothly.According to the requirement of self-recovery,the network attack block technology based on linkage mechanism is researched.Through implementing linkage response between network security detection eq uipments and network communication equipments,when there are attacks occur in network,a network security detection equipment can send corresponding access control rules to a network communication equipment to block the performance of attack before the attacker makes further or substantial damage to the network.(5)According to the features of smart substation and its special requirements in network security protection,this paper adopts the research achievements of industrial control network security defense system theory and key technologies into security protection of smart substation control network,to design and construct a security defense system for smart substation control network,which can provide an example to the research on industrial control network security defense system theory and key technologies.