摘要: 隨著工業(yè)信息化的發(fā)展,,工業(yè)控制系統(tǒng)(Industrial Control System,,ICS)的安全防護越來越重要。入侵檢測是實時監(jiān)控ICS內(nèi)部和外部安全的一種技術(shù),,能夠有效精準地檢測出攻擊行為并采取措施,,因此,面向ICS入侵檢測技術(shù)成為工控領(lǐng)域的一個研究熱點,。首先從ICS的結(jié)構(gòu)入手,,給出了ICS入侵檢測的重要性;其次對ICS入侵檢測技術(shù)進行分類,,分別對工業(yè)控制系統(tǒng)下的誤用入侵檢測技術(shù),、異常入侵檢測技術(shù)、網(wǎng)絡入侵檢測技術(shù),、主機入侵檢測技術(shù)的研究現(xiàn)狀進行介紹和分析,;最后針對應用現(xiàn)狀進行了展望。
A survey of intrusion detection technology on industrial control system
Liu Rui1,,2,,Hong Sheng3,,Li Wei1,,2,Wang Xin1,,2
(1.Beijing Jinghang Computation and Communication Research Institute,,Beijing 100073,China,;2.The Classified Information Carrier Safety Management Engineering Technology Research Center of Beijing,, Beijing 100073,China,; 3.School of Cyber Science and Technology,,Beihang University,Beijing 100083,,China)
Abstract: With the development of industrial informatization, the security protection of industrial control system(ICS) is becoming more and more important. Intrusion detection is a technology of real-time monitoring the internal and external security of ICS, which can effectively detect attacks and take measures. Therefore, ICS oriented intrusion detection technology has become a research hotspot in the field of industrial control.This paper starts with the structure of ICS, and it gives the importance of ICS intrusion detection. Then it classifies ICS intrusion detection technology, introduces and analyzes the research status of misuse intrusion detection technology, abnormal intrusion detection technology, network intrusion detection technology, host intrusion detection technology in industrial control system. Finally, the current development and application status of ICS IDS have been prospected.
Key words : industrial control system,;intrusion detection technology;misuse intrusion detection technology,;abnormal intrusion detection technology
0 引言
5G網(wǎng)絡和工業(yè)互聯(lián)網(wǎng)的發(fā)展,,促進工業(yè)向智能化轉(zhuǎn)變,即工業(yè)控制系統(tǒng)(Industrial Control System,,ICS)正朝著復雜,、精密、智能和自動化的方向進步,。設備功能,、規(guī)模以及網(wǎng)絡環(huán)境的改變,致使ICS固有的安全漏洞不斷被利用,,安全威脅顯著增加[1],。若不能及時檢測并發(fā)現(xiàn)安全隱患,潛在入侵可能會造成系統(tǒng)停止工作,、數(shù)據(jù)泄露等,,輕則影響ICS穩(wěn)定運行,重則對國家利益、公共安全造成嚴重破壞,。2020年新冠肺炎疫情突然爆發(fā),,企業(yè)數(shù)字化轉(zhuǎn)型更為迫切,導致網(wǎng)絡安全攻擊事件頻發(fā),,如2020年以色列供水部門設備遭黑客攻擊事件,、巴西電力公司受Sodinokibi勒索軟件攻擊事件、印度新冠疫苗制造廠受黑客攻擊致使數(shù)據(jù)泄露[2],。同年,,我國的工控漏洞也持有上升趨勢。ICS網(wǎng)絡安全風險分外部非法目的攻擊和ICS正常運轉(zhuǎn)威脅[3],,有意無意地對系統(tǒng)造成影響,;同時,由于ICS自身存在歷時性的先天脆弱性[4],,通信,、終端、設備均易受到入侵,。因此,,如何更有效地監(jiān)控和維護ICS信息安全在工業(yè)信息化轉(zhuǎn)型中成為重大課題。
