基于自适应深度检测的工控安全防护系统设计
|
摘要
为了解决工控防火墙及其他网络防护设备在接口流量过大、资源占用过多时,容易成为响应瓶颈的问题,研究一种基于自适应深度检测的工控安全防护系统。系统安装在被保护设备的上游,实现对工控协议的识别和深度解析,以及工控网络协议的深度检测过滤,并根据工控现场网络状态自适应动态调整深度检测算法级别。系统能够处理目前比较流行的各种工控协议,并对之进行深度解析,对工控现场网络起到保护作用。
Industrial control firewall and other network protection devices are easy to become response bottleneck when the interface flow is too large and resources are too occupied. In order to solve the problem, this paper proposes a kind of industrial safety protection system based on adaptive depth detection. The system is installed in the upstream of protection equipment, it can realize the recognition of industrial control protocol and parse protocol data deeply, and realize the depth of the realization of industrial control network protocol and testing or filtration. According to the state of industrial control field network, the system can adjust the level of depth detection algorithm dynamically, it can be able to handle all kinds of industrial control protocols in the current environment and analyzes protocol in-depth, which protects the industrial control site network.
Industrial control firewall and other network protection devices are easy to become response bottleneck when the interface flow is too large and resources are too occupied. In order to solve the problem, this paper proposes a kind of industrial safety protection system based on adaptive depth detection. The system is installed in the upstream of protection equipment, it can realize the recognition of industrial control protocol and parse protocol data deeply, and realize the depth of the realization of industrial control network protocol and testing or filtration. According to the state of industrial control field network, the system can adjust the level of depth detection algorithm dynamically, it can be able to handle all kinds of industrial control protocols in the current environment and analyzes protocol in-depth, which protects the industrial control site network.
引文
[1]STOUFFER K,FALCO J,SCARFONE K.Guide to industrial control systems(ICS)security[J].NIST Special Publication,2011,800(82):1-2.
[2]GAO W,MORRIS T H.On cyber attacks and signature based intrusion detection for MODBUS based industrial control systems[J].Journal of Digital Forensics,Security and Law,2014,9(1):37-56.
[3]谭湘.基于防火墙的企业网络安全设计与实现[D].西安:西安电子科技大学,2013.
[4]郝玉洁.深度包检测主机防火墙的研究与实现[D].成都:电子科技大学,2010.
[2]GAO W,MORRIS T H.On cyber attacks and signature based intrusion detection for MODBUS based industrial control systems[J].Journal of Digital Forensics,Security and Law,2014,9(1):37-56.
[3]谭湘.基于防火墙的企业网络安全设计与实现[D].西安:西安电子科技大学,2013.
[4]郝玉洁.深度包检测主机防火墙的研究与实现[D].成都:电子科技大学,2010.