| The main principles of security protection in the industrial control network environment of the power industry are: security zone,network dedicated,horizontal isolation,and vertical isolation.Under the guidance of this sixteen-character policy,the current typical network topology of the industrial control environment of the electric power industry is isolated by region,that is,security isolation mainly relies on security products such as firewalls and gatekeepers at the border of the region.In the past scenarios where the degree of informatization of the industrial environment was low,the safety protection principles of the power industry were not outdated.However,with the gradual improvement of the informatization and intelligence of the power industrial control environment,cloud computing,big data,and SDN(Soft Defined Network)technologies have been introduced into the industrial control environment,and the industrial network architecture has been continuously optimized,resulting in a large area The granularity of the security isolation protection means is no longer applicable,and it is difficult to detect and block the abnormality of industrial control equipment in time.In order to solve this situation,this thesis takes the fine-grained isolation technology of industrial control environment as the research topic,realizes the isolation of industrial control environment business level,and improves the safety of industrial control system.The main work are as follows:1.Based on the characteristics of SDN network architecture,environment control in traditional from the host equipment level through the way of packet filter to realize equipment isolation,into SDN controller and forward layer in implementation,solves the past environment control in the network configuration tedious pain points,and avoid the equipment level of packet filter for old industrial control equipment the additional computational overhead.2.Use the SDN network architecture to realize the discovery and display of industrial control network topology,and open the API of sending flow table items according to the device information.After the operator selects the device in the visual interface to perform the isolation operation,the corresponding flow table entry will be issued to isolate the corresponding device to realize the operation isolation function of the visual interface.3.Research abnormal traffic detection technology,combined with the periodicity and repeatability of the industrial control network traffic itself,the global traffic is processed centrally in the SDN controller,and the size and time-related statistical characteristics of the industrial control traffic packet within a certain period of time are calculated.The industrial control traffic behavior model is obtained by using these statistical characteristics for model training.In the SDN controller,the model is used for real-time detection of data packets,and packets with abnormal detection results are discarded to realize the isolation of abnormal traffic behavior.4.Research deep packet inspection technology,combined with the characteristics of Modbus protocol,whether the application layer functional code and data segment of the packet were within a reasonable threshold was verified.Modbus packets with normal verification results were signed,and the subsequent detection efficiency was improved based on signature matching.With the addition of this technology module,the SDN controller can detect and isolate the packet of abnormal industrial control instructions in real time,so as to achieve the purpose of isolation of abnormal industrial control instructions. |
PDF Full Text Request