| In recent years, industrial control net attacks occurr frequently, which become a threat to the country and lead to significant economic losses. The incident that Iran’s nuclear facility suffered from Stuxnet is a representative event. Because of thoughtless of communication security, industrial control net which applied to isolated and closed network is under kinds of attacks. According to that, a security method is propsed to prevent industrial control net from attacking. The working content as belows:1. The structural features and vulnerabilities of industrial control net are studies. And kinds of attacks which based on the vulnerabilities of industrial control net are studied. According to the characteristics and harmfulness, a solution is proposed. And attacks are divided into three categories: malicious packets, spoofing attacks and anomaly traffic attacks. A security method based on three categories is proposed.2. An access control model is designed to prevent malicious packets and spooing attacks. This model based on access control theory includes data analysis and security policies. The latter, which is the key, consists of security region, whitelist and policies for spoofing and syn flood. All of the above policies are tested on the netfilter/iptables platform.3. An anomaly traffic detection system based on one to rest SVM is designed to prevent anomaly traffic attacks. This system based on CIDF includes data analysis, data handling and anomaly traffic detection model. Based on the characteristics of traffic attacks and SVM, the anomaly traffic detection model which is the kernel of this system is designed. Besides, this model is constructed on the linux platform by libsvm while which is tested by KDD data.The study of access control model and the anamoly detection system based on one to rest SVM is useful to the development of industrial control information security. |
PDF Full Text Request