Research On The Key Security Issues Of Mobile And Open Industrial Control System

The industry infrastructure is key part of the national economy as well as the modern society and its security is the key core of the national security. Nowadays the industry control system (ICS) is being combined with the internet, mobile internet, and TCP/IP technology, which is called as mobile and open ICS. With this combination, many new security problems in mobile and open ICS have greatly grown and been focused.In this dissertation, some researches have been done on the following security issues of mobile and open ICS: key management system and authentication methods of mobile and open ICS, malware detection and prevention in mobile and open environment, some key technologies of security defense in depth, and application of big data and cloud computing in security analysis of mobile and open ICS. The main ideas and results of this dissertation are listed as following:1. Deep analyses are given on framework, application characteristics,security application and development, security threats and requirements of typical mobile and open ICS. Based on these, a new security model of mobile and open ICS is proposed.2. A key management system (KMS) based on identities is designed for mobile and open ICS, especially SCADA, which is used for secure communication and key exchange between communication entities, such as mobile users, Main Terminal Units (MTUs) and Remote Terminal Units (RTUs). A key management center is established, which uses the special identities of these communication entities to generate the shared key and the session key to encrypt and decrypt. In addition, a new Single Sign On(SSO) scheme based on this KMS is designed to provide security authentication between mobile users and ICS applications.3. A new security protection model of industrial control protocols based on Deep Packet Inspection (DPI) technology is designed,which can detect both the malformed data packets with error syntax and the misusing data packets with error temporal and logic feature to avoid these two kinds of attacking. To meet with the real time requirements of mobile and open ICS, this model is implemented by using of a Deterministic Finite Automaton (DFA)dynamic rules administration algorithm based on Aho-Corasick (AC)algorithm, and it is proven that this security protection model can improve the processing efficiency without taking up more system resources.4. One original kind of malicious behavior analysis model is proposed,which is designed based on the characteristics of software behaviors of mobile and open ICS, and is applied in the unusual behaviors excavation and analysis on mobile and open ICS. The core algorithm of this malicious behavior analysis model is based on the combination of the mixed multi-classification simple Bayesian algorithm and massive data incremental learning algorithm based on two-step screening. This malicious behavior analysis model can be easily expanded by configuration with the attributes of new malicious codes, and it is suitable for the rapid change characteristic of mobile and open ICS.5. Security application framework of big data and cloud computing applied in mobile and open ICS is proposed and algorithm parallelization as one of key issues of big data and cloud computing application is studied. Algorithms of Steepest-Descent Back Propagation (SDBP) and Levenberg-Marquardt Back Propagation (LMBP) are parallelized for ICS security detection by using Map-Reduce method. Simulation on Tennessee Eastman Process (TEP) platform is used to compare those two parallized BP algorithms and it is proven that parallized LMBP is more suitable for ICS security application.