Research On Covert Attack Method Based On Data-driven In DCS

Distributed control system(DCS)is a new generation of automatic control system that integrates computing,communication and other technologies with physical processes.At present,DCS has been widely used in power,metallurgy,petrochemical and other key industries.However,with the continuous integration of industrialization and informatization,the communication system of DCS is no longer isolated.The system loopholes are increasing,and the risk of information security is gradually expanding.Network security is a contest between attack and defense,the study of potential attacks in DCS is of great significance to enhance the national industrial control security protection capability and promote the development of industrial information security industry.This paper constructs a data-driven system modeling method based on gaussian process regression model optimized by salp swarm algorithm(SSA-GPR)and proposes the covert replay attack and false data injection attack based on SSA-GPR.In addition,the paper validates and evaluates the feasibility and concealment of the two attacks through experiments.The main research contents are as follows:(1)The information security problems faced by industrial control systems such as DCS are studied.DCS plays an important role in national key facilities,but it is faced with serious threat of network attacks.At present,there are many types of network attacks in industrial control systems such as DCS.Replay attacks and false data injection attacks have certain concealment while destroying system resources,and they have become a research hotspot in the field of industrial control system information security.(2)The concept of DCS and the related theoretical knowledge of construction attack are analyzed.Firstly,the composition of DCS is analyzed,and the mathematical model of the basic control structure of the control system is established;Secondly,the network characteristics of DCS are analyzed,and the vulnerability of its communication system is studied;Then,a data-driven system modeling algorithm based on SSA-GPR is constructed,which provides a model basis for the implementation of covert replay attacks and false data injection attacks.Finally,combined with the characteristics of industrial control system,the theoretical basis and detection flow of cumulative sum anomaly detection algorithm in DCS are described.(3)A covert replay attack model based on SSA-GPR in DCS is proposed.Firstly,the principle and implementation method of traditional replay attack in DCS are expounded,and the problems existing in the implementation of traditional replay attack are analyzed.Secondly,aiming at the shortcomings of traditional replay attack,a highly concealed replay attack model is proposed,and the feasibility of the proposed attack is explained theoretically.Then,a covert attacker is designed to realize the replay attack based on SSA-GPR.Finally,through simulation examples and comparative experiments,it is proved that the proposed replay attack has good concealment.(4)A covert false data injection attack model based on SSA-GPR in DCS is proposed.The covert attacker intercepts the control network signal in the DCS and identifies the system through SSA-GPR algorithm,so as to closely simulate the expected behavior of the physical process.On this basis,the covert attacker injects false control signal into the forward network path of the DCS in order to transfer the target physical object to the state expected by the attacker.The specific signal is injected into the feedback network path of the DCS to make the signal value of the feedback loop normal,and then the covert attack in DCS is realized.Finally,through simulation examples and comparative experiments,it is proved that the proposed false data injection attack has good concealment.