Design Of Attack And Attack Detection For PLC Control System

The safety of industrial control systems(ICS)is closely related to national security.A high-level attacker obtains key knowledge about the system(for example,the physical model of the system and the corresponding detection threshold)through monitoring and analysis of the target ICS,so as to bypass the existing intrusion detection mechanism and attack the industrial control system.As one of the most important security measures in industrial control systems,attack detection technology can detect the attack and improve the security performance of industrial control systems.Therefore,studying the safety issues of ICS is helpful to formulate effective protective measures and has important practical application value.At present,we find that there is a lack of targeted experimental platforms and real data in the field of ICS security.Traditional methods such as traffic analysis and feature detection have low detection performance,so they cannot meet the needs of actual systems.In order to solve these problems,this thesis makes further research on the typical industrial control system-water level control system.Based on the self-designed water level control system,this thesis designs an attack method and corresponding attack detection method for the programmable logic controller(PLC),and verifies the feasibility and effectiveness of the attack and detection through physical experiments.The main work of this thesis is as follows:(1)The overall scheme of the water level control system experimental platform is designed,including the design of its hardware system and software.In response to the lack of an industrial control system experimental platform,we use Siemens S7-1500 PLC controller as the slave station of the system,and a PC host computer was used as the master station.A water level control system based on the PLC controller and electric valve were constructed.(2)Aiming at the problem of how to implement the attack on the PLC control system,we reproduced the replay attack and the ARP attack.We use Siemens s7-1500 PLC as the controller of the experimental platform.And the prior information of the attack was obtained by analyzing its S7 COMM communication protocol and analyzing its data packets.To enable an attack,we use python to write the attacker code to implement the replay attack against the PLC output under the windows platform and the ARP spoofing attack under the Linux platform.(3)Aiming at the problem of abnormal data detection,two data-driven attack detection methods have been implemented,namely an improved KNN classification algorithm and a softmax classifier based on neural networks.Considering the training to classify attack data and normal data,the acquired experimental data must be pre-processed,and then feature extraction should be performed to establish a corresponding attack detection model to detect network attacks.Finally,simulation results show the effectiveness of the two algorithms.(4)We verify the proposed attack method and detection method through the experimental platform of water level control system.We collect the water level data of the water level control system under normal operation and after being attacked,as well as the state of the valve and the inverter.And we detect abnormal data by the detection algorithm proposed above.Experiments verify that both attack detection methods can accurately identify anomalous data after being attacked.Finally,the work of this thesis is analyzed and summarized,the advantages and disadvantages of the experimental design are pointed out,and further research directions are proposed.