摘要
针对工业控制系统所遭受的隐蔽攻击,提出一种面向工业控制过程的入侵检测方法。该方法关注被控物理系统的状态变化,在旧有的安全报警机制无法发现攻击的前提下,将入侵检测问题抽象成被控对象状态变化检测的最优停止问题。通过对非参量累积和CUSUM算法中的偏移常数进行自适应的取值优化,进一步缩短了工业控制过程的检测延迟。仿真实验表明,该方法能够及时发现攻击者对传感器观测数据的篡改,有效避免了被控系统受到物理破坏。
Aiming at the stealthy attacks suffered by industrial control systems, this paper proposes an intrusion detection method oriented to industrial control process. The method focused on the change in the state of the controlled physical system, and under the premise that the alarm mechanism cannot detect the attack;it abstracted the intrusion detection into the optimization stopping of the detection of the state of the controlled system. Through adaptive optimization of the reference value in the non-parametric cumulative sum(CUSUM) algorithm, the detection delay of the industrial control process is further shortened. Simulation experiments indicate that this method can detect the tampering of the sensor observation data by the attacker in time, and effectively avoid the physical damage of the controlled system.
作者
敖麒
朱振乾
李大勇
AO Qi;ZHU Zhenqian;LI Dayong(Sichuan Innovation Center of Industrial Cyber Security Co.,Ltd.,Chengdu Sichuan 610064,China;China Electronics Technology Cyber Security Co.,Ltd.,Chengdu Sichuan 610041,China;Beijing North Vehicle Group Corporation,Beijing 100072,China)
出处
《通信技术》
2021年第2期451-456,共6页
Communications Technology
关键词
工业控制系统
信息安全
入侵检测
隐蔽攻击
industrial control system
Information Security
intrusion detection
stealthy attack
