Wireless Industrial Control System Security Experimental Testbed And Algorithm Validation

Recent years,due to the incresment of the malicious attacks against industrial control systems,the security of industrial control system has attracted great attention.At the same time,with the rapid development of industrial wireless technology,industrial wireless has been widely used in industrial control system.However,industrial wireless'openness characteristic leads the industrial wireless easier to be attacked.Considering the mainly researches about the wireless security of industrial control system focus on the attack modeling,attack detection and attack defense,lack the experimental research in physical network.Therefore,this paper builds up a wireless industrial control system security experimental testbed to analyze the industrial wireless security and verify the validity of industrial control wireless security theory in the real network.The research contents include the following parts:(1)This paper designs and builds up a wireless industrial security experimental testbed.The testbed includes four parts,they are the virtual plant run in Matlab,the controller,communication networks and wireless attack device.Meanwhile,the overall function of the testbed was tested in this paper(2)Considering the existence of packet loss and delay in wireless industrial system,it is important to study the validity of theoretical results in the real network through the experimental testbed.In this paper,we focus on whether the optimal Denial-of-Service(DoS)attack strategy under Linear-Quadratic-Gaussian(LQG)control is still established in the real wireless network.By setting up the double inverted pendulum system and the LQG control algorithm in the testbed,and using the software radio peripherals to implement the corresponding attack strategy on the DTD433M wireless terminal,the validity of the optimal DoS attack strategy in the real industrial wireless network is verified.(3)DTD433M wireless device transfers the wired Modbus device communication data into wireless transmission.As the DTD433M wireless terminal does not have the frequency hopping characteristic in the communic,ation process,it's vulnerable to the DoS attacks.This paper focuses on typical industrial wireless protocol,WirelessHART,mainly analyzes its frequency hopping mechanism.By collecting the channel data during the WirelessHART communication through the security experimental testbed,WirelessHART hopping vulnerability was verified.And the WirelessHART is successfully attacke by implementing the DoS attack through software radio peripherals.