| Security of Industry Control System (ICS) is becoming a significant issue as the intrusions it faces are becoming more complicated and diversified. Due to increasing complexity and standardization, ICS is exposed to more intrusions and becoming more vulnerable than ever.To protect ICS from diverse intrusions and also explore the emerging research field of ICS-oriented intrusion detection, this thesis mainly conducted research shown as below, which was based on security needs and characteristic of ICS.(1) The fundamental issues of ICS-oriented intrusion detection were analyzed based on key security needs, main intrusion types and vulnerability of ICS. First, the key security needs of ICS were analyzed. Then, main intrusion types and vulnerability of ICS was analyzed. Finally, based on the former analysis, multi-layer structure and synergy of ICS-oriented intrusion detection was analyzed, including network topology design, synergy mechanism of information and resources, detecting strategy for each layer.(2) Intrusion detection method of multi-classify SVM for process monitor and control layer was proposed. First, the framework of intrusion detection based multi-classify SVM was constructed. Then, algorithm of multi-classify SVM was designed and illustrated. Finally, the effectiveness of multi-classify SVM was tested and validated based on data-set which met the characteristic of process monitor and control layer.(3) Intrusion detection method for field control layer of ICS was designed and tested based on Modbus characteristic and main intrusions. Three-layer intrusion methods were designed, including independent protocol field analysis, protocol field correlation analysis and communication pattern analysis. The effectiveness of the3-layer intrusion methods was tested and validated through Snort rule transformation and intrusion detection platform. |
PDF Full Text Request