Intrusion Detection And Defense In The PLC-based Control System

The network physical security problem of ICS(Industrial Control Systems)is becoming more and more serious.The security risks and intrusion threats of ICS are increasing from the point of network information security and physical data integrity.With the number of industrial safety accidents increasing,the corresponding damage and disaster is also more serious.Therefore,ICS network information and data security needs more and more comprehensive study as the key areas.Based on such background,in order to detect intrusion threats to PLC-based control system and establish the integrated defense system of security system and key national infrastructure security,this paper aims at the intrusion type of network physical security,the controller itself and its interaction with physical equipment data vulnerability.We do the following work based on research and design of the intrusion detection methods:1.False sequence injection(FSI)attacks was constructed based on the fault detection mechanism,which can avoid the existing system fault detection mechanism.FSI attack can perform misoperation and destroy the key equipment of the control system by infecting and tampering the input signal of the PLC.Firstly,we collect the signals or stack data exchanged between the PLC controller and the physical device.Then we use the input and output vector databases to identify a fault-free discrete event model similar to the fault detection modeling method.Finally,We search all the false sequences which can not be detected by the fault mechanism,and obtain the malicious sequence of the appropriate length to inject the attack on the input signal collected by the controlled sensors.The simulation results show that our method can cause some destructive threat to the control system with fault detection and prove the validity of our attack by the comparison experiment with the fault-like attack and the false data injection attack.2.We designed the intrusion detection mechanism based on anomaly data,which is designed for the controller in the control system to guarantee the integrity and security of the remote input signals.Furthermore we designed the effective FSI detection algorithm in consideration of the construction of the FSI attack sequence.Similar to the attack modeling,we firstly sample the database and identify the fault-free discrete event model which can highly reproduce the system to be detected.Then,we divide the detection process into two phases to design the anomaly data detection algorithm.In the first stage,the input signal of the monitored controller is compared with the predicted output of the model to obtain the residual value and judge whether the data is abnormal.The second stage is to design the additional FSI detection algorithm to defense the attack.In the end,we analysis the data,locate the specific attack source and give the corresponding response measures.Finally,the simulation results show that our test can play a good role in detecting and isolating the threat of FSI attack.3.We designed the intrusion detection based on safety specifications,which is designed for the control programs and instructions of programmable controller to protect them from malicious code injection.Only validated programs and instructions can be uploaded from the operating system or the control server to the specified programmable controller device.Firstly,the PLC code(IL code)is formatted by IL2 bool IL algorithm into intermediate language;and then Boolean logic instruction code is iteratively implement the transformation that generates input programs for the verification tool Nu SMV through the template instantiation(Template Instantiate)process;Finally,we will check our safety properties one through executing the formal code model(Nu SMV code)input with the verification tool Nu SMV.Each Boolean specification denotes that whether security attributes in the finite state machine are true.If any attribute of the reachable path is FALSE,the corresponding counter-example is given and can not be uploaded to the PLC.Finally,compared with the SABOT and HOMER models,the simulation results prove that our model detection on the control system facing malicious code injection can detect the attack more accurately in a shorter time to protect the system.