Research On Network Attack Scenarios Restoration Technology Of Industrial Control System

With the wide application of information and communication technology,industrial control system(ICS)are facing more and more serious information security threats.At the same time,due to the high coupling between information network and physical field,once they are subjected to network invasion,they are easy to cause serious breakdown to the controlled objects and even physical space.Therefore,on the basis of in-depth analysis of the mechanism of the control system,it is necessary to build an industrial information security protection system to improve the security performance of industrial control system.Among them,as an important component of the industrial information security protection system,attack scenarios restoration can provide strong information support for security reinforcement,and has gradually become the research focus of scientific researchers.Based on the background of information security protection of industrial control system,this thesis focuses on the related technology of attack scenarios restoration.Firstly,the characteristics of industrial control system are analyzed,which leads to the functional requirements of attack scene restoration.Secondly,an attack forensics technology scheme suitable based on fuzzy evidence reasoning for industrial scenarios is designed to provide effective data support for attack scenarios restoration.Then,based on the highly coupled characteristics of the information layer and the physical layer of industrial control system,an attack scenarios restoration technology scheme of "association" + "reasoning" is proposed.On the basis of logical relationship,the alarm association and path association scheme based on causal association analysis and similarity optimization strategy are designed.Then,aiming at the operational characteristics of industrial control system and the dependence of security correlation between the functions of industrial control system,an attack propagation process model based on Bayesian network is built to further calculate and reasoning evidence that is already relevant,so as to realize the existing security event reexamination.Finally,the hardware-in-the-loop strategy is used to build a simulation experiment platform to simulate the actual industrial control system,and on the basis of this platform,instantiate the scenario restoration scheme proposed in this thesis and verify the effectiveness of the proposed method.The experimental results show that the proposed attack scenarios restoration scheme for industrial environment can improve the scene split based on the reduction of false negatives and false positives,and can effectively identify the attacker's intention.It provides powerful insight support for system information security protection,and has certain theoretical value and practical research significance.