| With the advancement of the deep integration of informatization and industrialization,more and more technological means in the field of information have been applied to the industrial field.Integration of informatization and industrialization has brought great improvement to industrial productivity.But at the same time,the industry control system also faces more security challenges because of the intervention of information technologies.The original relatively closed industry control system has some inherent problems,such as old equipment,improper installation of patches,lack of safety mechanism and so on.When these devices with security risks are exposed to more severe network environment,malicious attackers can use a variety of attacks to destroy the security of industry control systems.Sequence attack,a kind of semantic attack,is a network attack method against industrial control system,which is both concealed and highly harmful.This paper designs and develops an intrusion detection system which can effectively detect sequence attacks.The system consists of five layers: capture layer,extraction layer,modeling layer,detection layer and response layer.In this paper,S7 protocol,which is widely used in industrial production environment,is taken as the research object,and the protocol is deeply analyzed,which lays a solid foundation for subsequent research.In order to accurately reflect the change of network traffic time series characteristics and its security impact,an industrial network traffic model is established based on discrete-time Markov chain.The detection layer compares the model constructed in the learning stage with the model constructed in the detection stage,finds the abnormal situation and reports it.This paper innovatively proposes a detection optimization method based on event importance and event semantics for weight allocation.Through detection optimization,the false alarm rate of intrusion detection system can be significantly reduced.Finally,this paper uses the industrial simulation environment in the industry control system security laboratory to test the detection effect of intrusion detection system.In the security environment without attack,the intrusion detection system works in the learning and detection stages respectively,finds a small number of false positives and analyses the causes of false positives.In order to test the detection effect of the system on sequence attack,a sequence attack flow rate for shielded doors in rail transit control system is constructed.Playback attack traffic,intrusion detection system accurately found the anomalies caused by sequence attacks.The results show that the intrusion detection system designed and developed in this paper can effectively detect sequence attacks against industrial control systems. |
PDF Full Text Request