Researchon Security Evaluation Methodfor Industrial Control Network

Industrial Control Network(ICN)is an important part of industrial control.It connects all control devices and constructs a special network structure.Its main function is to transmit data and monitor the devices in industrial production in real time.In recent years,with the continuous development of technology,ICN is moving towards digital,intelligent,networked and integrated direction.ICN communication medium is mainly fieldbus technology or industrial Ethernet.ICN security is not only a key indicator of network design,but also an important prerequisite for industrial network operation and production security.If ICN fails or is maliciously damaged,it will not only lead to the failure of control equipment,but also cause serious consequences of property damage and casualties.Because of its own characteristics and the particularity of the working environment,there is a significant difference between the Internet and it.In ICN,the controller,network node,actuator and so on can communicate control class nodes have the characteristics of limited communication line bandwidth,low transmission rate,mutual interference between signals,transmission signal with the continuous reduction of communication distance.These equipments are affected by the harsh production environment and are prone to communication failures.Because ICN generally adopts distributed topology,each communication node may be far away from each other,and the number of communication nodes is too many,which increases the risk of ICN communication,and is vulnerable to external attacks or other damage.Aiming at the design problem of ICN Safety assessment framework,the factors affecting the safety of industrial control network are analyzed.The main factors are obtained and classified according to the reasons of the factors,and the influencing factors are divided into internal factors and external factors.Based on the effect of different factors on the ICN of different factors on the ICN,the index system of ICN safety assessment is constructed.In the study of ICN fault problem,the fault problem of ICN node is mainly studied.In the study of ICN security,the problem of ICNnetwork attack is mainly studied.At the same time,according to the problem of multi-factor ICN security assessment,a layered security evaluation model is designed.Based on the above research,this paper constructs a framework for the study of ICN security problem,which is easy to expand and can realize the security evaluation of ICN.Aiming at the problem of network intrusion detection in ICN.By analyzing the network traffic data,an intrusion detection method based on Imbalanced Random Walk Model,IRWM is proposed.This method can solve the quantity imbalance and information imbalance in the classification of unbalanced data set.The accuracy of the results can be controlled by different values of the parameters,and the classification accuracy can be improved by multiple training iterations.Therefore,in the ICN intrusion detection problem,the classified training data are divided into two groups: positive and negative data.Positive example data is a relatively large number of normal data,and counterexample data is a small number of intrusion data.Positive example and negative example data sets are mapped into positive example and negative example graph respectively,and then the unclassified data are wandered on the positive and negative example graph respectively to obtain the probability that the data belongs to the two graphs.Finally,the classification of the data is determined through probability comparison.Finally,the experiment proves that the method can accurately detect the intrusion phenomenon of the network.Compared with other classification methods,it has higher detection accuracy under the condition of unbalanced data.Aiming at the problem of node fault diagnosis in ICN,through the analysis of network node data collected by ICN historical database.It is found that the general characteristics of sudden network faults in ICN are obvious.According to the network traffic monitoring data and the real-time status of the equipment,the location,type and main cause of the fault can be found and diagnosed.However,it is difficult to find some potential network failures,and these potential failures will become sudden failures in a certain state,and eventually lead to unsafe events.Based on the above research,an ICN potential fault diagnosis model based on confidence rule base is established.Belief Rule Base,BRB can effectively use both quantitative data and qualitative information.And can effectively describe the fuzzy uncertainty and probability uncertainty knowledge,has a strong ability to model complexsystems.Therefore,in the research of fault diagnosis,we first collect the traffic information of the node,select the network traffic that can be observed.Then,analyze and filter.Finally,the fault diagnosis model is constructed with delay and packet loss rate as fault feature attributes,and the reasoning process and parameter optimization method are given.Finally,experiments show that this method can effectively identify the potential network faults of various ICN components.Aiming at the problem of ICN security assessment,this paper proposes a new security assessment method based on ER and BRB by analyzing the characteristics of the internal and external factors of ICN security impact.Firstly,the expert knowledge is used to construct the security evaluation model based on ICN fault assessment and ICN,and different safety evaluation indexes are selected according to different factors.Then,the ER algorithm is used to fuse the security indicators and factors in ICN failure assessment and ICN security assessment to get the internal security and external security values.Then the model is established by BRB and the initial parameters of the model are optimized by CMA-ES,and the final model is obtained.Experiments show that this method can effectively achieve the ICN security evaluation,and the evaluation accuracy is better than the traditional method.Finally,through the analysis of a real engineering case,the feasibility of the method in engineering application is proved,and the method has a good application prospect.