| 引用本文: |
-
刘俊矫,潘志文,辛明峰,陈新,孙怡亭,李仕杰,吕飞,朱红松,孙利民.工业控制系统攻击与检测技术研究[J].信息安全学报,已采用 [点击复制]
- liujunjiao,panzhiwen,xinmingfeng,chenxin,sunyiting,lishijie,lvfei,zhuhongsong,sunlimin.A Survey of Attacks and Detection Techniques on Industrial Control Systems[J].Journal of Cyber Security,Accept [点击复制]
|
|
| |
|
|
| 本文已被:浏览 2463次 下载 255次 |
|
| 工业控制系统攻击与检测技术研究 |
|
刘俊矫, 潘志文, 辛明峰, 陈新, 孙怡亭, 李仕杰, 吕飞, 朱红松, 孙利民
|
|
|
| (中国科学院信息工程研究所) |
|
| 摘要: |
| 针对工业控制系统(Industrial Control System,ICS)的攻击事件日益增多,攻击手段复杂先进,攻击技术隐蔽多样,使得ICS网络攻防态势日益严峻。这些精心设计的攻击可能导致系统偏离预期的规定运行,造成对关键设施损坏、非计划停产、人员伤亡等严重后果。尽管近年来国内外针对ICS攻击与检测技术的研究工作不断涌现,但仍未出现全面总结与探讨国内外技术发展现状及趋势的综述性文章。本文从ICS攻击与检测角度,首先对ICS的典型架构、关键控制设备类型以及安全防护的脆弱性进行深入剖析;接着从网络、逻辑、固件和感知层面对ICS攻击技术进行分类,分析攻击原理、攻击后果和规避策略;最后归纳针对各层面ICS攻击的检测技术体系,总结现有检测技术的优势与不足,提出未来ICS攻击检测技术研究的趋势与展望。 |
| 关键词: 工业控制系统 工控系统安全 控制逻辑 PLC攻击 入侵检测 工控网络 物理过程 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.32 |
| 投稿时间:2021-06-19修订日期:2021-08-30 |
| 基金项目:论文录用后填写 |
|
| A Survey of Attacks and Detection Techniques on Industrial Control Systems |
|
liujunjiao, panzhiwen, xinmingfeng, chenxin, sunyiting, lishijie, lvfei, zhuhongsong, sunlimin
|
| (institute of information engineering,CAS) |
| Abstract: |
| Industrial Control System (ICS) security has become increasingly important as attacks targeting ICSs are more prominent. Attackers are more sophisticated, using sophisticated and advanced attacks, and covert and diverse attack techniques, making the ICS network offensive and defensive situation increasingly severe. These well-designed attacks may cause the ICS system to deviate from the expected operation, causing serious consequences such as damage to key facilities, un-planned shutdowns, and even casualties. Although research work on ICS attack and detection technology has continu-ously emerged in recent years at home and abroad, there is still no review article that comprehensively summarizes and discusses the current status and trends of technology development at home and abroad. The research scope of this paper is not to discuss various application scenarios, nor to focus on heterogeneous and diverse ICS devices, but to locate the threat analysis of the process control layer, field control layer, and field device layer in the typical architecture of industrial control system. From the perspective of ICS attack and detection, this research first conducts an in-depth analysis of the typical architecture of ICS, the operating mechanism of key control equipment, the vulnerability of security protection, and the challenges of security technology; then, it analyzes the ICS attack technology from the network, logic, firmware, and perception levels. Classify, analyze attack principles, avoidance strategies, and the observable phenomena that at-tacks may bring; secondly, summarize the detection technology system for ICS attacks at all levels, analyze the scientific principles and strategies of detection technology, and discuss detection methods and solutions for different types of at-tacks. Summarize the existing advanced ICS attack detection and evaluation indicators; finally, summarize the ad-vantages and disadvantages of existing detection technologies, and propose future trends and prospects for the research of ICS attack detection technologies to promote differences in computer science, cybernetics, information security, cyber physics, etc. Interaction between researchers in the discipline. |
| Key words: Industrial control system industrial control system security control logic PLC attack intrusion detection industrial control network physical process |
|
|
|
|
|
