引用本文:张文安,洪榛,朱俊威,等.工业控制系统网络入侵检测方法综述[J].控制与决策,2019,34(11):2277-2288
【打印本页】   【HTML】   【下载PDF全文】   查看/发表评论  【EndNote】   【RefMan】   【BibTex】 附件
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 113次   下载 146 本文二维码信息
码上扫一扫!
分享到: 微信 更多
工业控制系统网络入侵检测方法综述
张文安1,2, 洪榛1,2, 朱俊威1, 陈博1,2
(1. 浙江工业大学信息工程学院,杭州310023;2. 浙江工业大学网络空间安全研究院,杭州310023)
摘要:
随着工业控制系统(industrial control systems,ICS)的网络化,其原有的封闭性被打破, 各种病毒、木马等随着正常的信息流进入ICS,已严重威胁ICS的安全性,如何做好ICS安全防护已迫在眉睫.入侵检测方法作为一种主动的信息安全防护技术可以有效弥补防火墙等传统安全防护技术的不足,被认为是ICS的第二道安全防线,可以实现对ICS外部和内部入侵的实时检测.当前工控系统入侵检测的研究非常活跃,来自计算机、自动化以及通信等不同领域的研究人员从不同角度提出一系列ICS入侵检测方法,已成为ICS安全领域一个热点研究方向.鉴于此,综述了ICS入侵检测的研究现状、存在的问题以及有待进一步解决的问题.
关键词:  工业控制系统  网络入侵检测  模式匹配  时域分析  频域分析  设备指纹
DOI:10.13195/j.kzyjc.2019.1302
分类号:TP273
基金项目:国家自然科学基金项目(61573319,61803334,61973277);浙江省自然科学基金项目(LQ18F030012);国家留学基金项目(201908330040).
A survey of network intrusion detection methods for industrial control systems
ZHANG Wen-an1,2,HONG Zhen1,2,ZHU Jun-wei1,CHEN Bo1,2
(1. College of Information Engineering,Zhejiang University of Technology,Hangzhou310023,China;2. Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou310023,China)
Abstract:
With the networking of industrial control systems(ICS), its original closeness has been broken. Various viruses and Trojans have entered ICS with normal information flow, which has seriously threatened the security of ICS. Then, how to protect ICS security becomes an issue of prior importance. Intrusion detection, as an active information security protection technology, can effectively remedy the shortcomings of traditional security protection technologies such as firewalls. It is often considered as the second security line of ICS, and can realize real-time detection of external and internal intrusions of ICS. At present, the research of intrusion detection in industrial control systems is very active. Researchers from different fields, such as computer, automation and communication, have proposed a series of ICS intrusion detection methods from different perspectives, which has become a hot research direction in the field of ICS security. This paper briefly reviews the state-of-art of the ICS intrusion detection, the existing problems and the problems to be further solved.
Key words:  industrial control systems  network intrusion detection  pattern matching  time-domain analysis  frequency-domain analysis  device fingerprinting

用微信扫一扫

用微信扫一扫