摘要
针对目前工业控制系统中新型工业病毒的入侵检测难点问题,分析Modbus通讯协议的设计缺陷,提出Modbus TCP通讯深度解析方法,通过对Modbus应用层协议的关键字段的解析,有效应对来自协议应用层的威胁。在此基础上,提出Modbus TCP通讯的安全规则描述的一般形式,并进一步提出基于入侵检测规则和"白名单"相结合的工业SCADA系统中Modbus TCP通讯安全防御模型,通过定义不同区域间正常通讯的最小集合,极大程度上消除系统存在的风险敞口,通过及时报警兼顾可能合法但可疑的通讯流量。仿真实验验证了该方法的有效性。
To solve the problem that it is difficult to detect the intrusion of advanced industrial virus into the industrial control system, design flaws of Modbus TCP were analyzed, and a method was proposed, through which the Modbus TCP packet was deeply parsed to deal with the threat from the application layer. Furthermore, a normal method describing the security rule was proposed and a Modhus TCP communication protection method in the industrial control system or SCADA system that combining the IDS rule with "white-list" was designed, which defined what was necessary between different zones, thus the possibility of being attacked was diminished, while in the meantime a suspicious but probable legal packet would trigger an alarm. The simula- tion experiments validate the effectiveness of the proposed method.
出处
《计算机工程与设计》
CSCD
北大核心
2014年第11期3701-3707,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(61164012)
国家863高技术研究发展计划基金项目(2012AA041102-03)
