| Industrial Control Systems(ICS)are widely used in industries such as petroleum,chemical and power,with the integration of information technology and industrialization,the internal communication network of industrial control systems is gradually interconnected with the Internet.Inevitably,it breaks the closedness of the original hardware and software of the industrial control system and is vulnerable to more attacks.Since the industrial control system is an important part of the national infrastructure,unlike the traditional computer network security,if the industrial control system is attacked,it will affect industrial production and even personal safety.This paper studies the safety of industrial control systems based on the two parts of intrusion detection and safety assessment.Among them,intrusion detection identifies the attack modes that the industrial control system is vulnerable to by constructing an intrusion detection system,and determine potential threat events.Then use the probability and consequences of different threat events to design a safety assessment method to calculate the overall vulnerability of the system.This paper proposes an industrial control system intrusion detection method to identify threats.Aiming at the problem that there are many features and redundancy in the dataset of industrial control network,Principal component analysis(PCA)feature dimension reduction and random forest feature selection are introduced to reduce feature dimension and computational complexity.Then the Convolutional Neural Network(CNN)is designed to classify the normal and abnormal traffic in the data set.The classification results after the dimension reduction are compared with other methods.The experimental results show that the PCA dimensionality reduction preprocessing and CNN classification algorithm can be used.Effectively improve the accuracy of detection and reduce the rate of false positives.After using the intrusion detection to identify the attack mode,use it as the leaf node of the attack tree.The industrial control system security is used as the root node to build the attack tree of the target system.The corresponding defense nodes are added to form the attack defense tree.Finally,the attributes affecting the attack mode are analyzed,and the multi-attribute utility theory is adopted.To calculate the vulnerability of leaf nodes.In order to reduce the subjectivity of expert evaluation in safety assessment,this paper uses fuzzyconsistent judgment matrix and fuzzy analytic hierarchy process(FAHP)to calculate the weight of each attribute,and then obtain the overall vulnerability of the system.In order to verify the effectiveness of the proposed safety assessment method,this paper builds a virtual heat exchanger industrial system.In order to determine the threat mode that the system may be subjected to,The system is investigated for attacks,man-in-the-middle attacks,command injection attacks,and response injection attacks.The methods and consequences of implementing the attacks were analyzed.Finally,the system is evaluated for security according to the above security assessment method,and the overall vulnerability of the system is calculated to determine the part of the system that requires important defense.In this paper,the intrusion detection method is researched in this part of threat discovery.An intrusion detection method based on PCA and CNN is proposed.The classification effect of high accuracy rate and low false alarm rate was obtained on the industrial control system network dataset.Then,using the identified threats,a security assessment method based on FAHP and attack defense tree is proposed,which can better quantify the vulnerability of industrial control system and reduce the influence of subjective factors.Finally,a virtual heat exchanger system is implemented to verify the scientificity and effectiveness of the proposed safety assessment method. |
PDF Full Text Request