一种具有冗余和入侵检测的网络防御工业控制系统

D. Robinson, Charles Kim
{"title":"一种具有冗余和入侵检测的网络防御工业控制系统","authors":"D. Robinson, Charles Kim","doi":"10.1109/NAPS.2017.8107186","DOIUrl":null,"url":null,"abstract":"Technological advancement of Industrial Control Systems (ICS) and control systems automation over the past decade has brought greater interconnections of the control components. Modern control communication systems such as ModbusTCP are based on open standards that leverage Ethernet to allow interoperability between solutions from different vendors. The enhanced exchange of information has, as a side effect, created cyber security vulnerabilities such as entry points for hackers. Network monitoring typically applied to corporate networks is rarely implemented for ICS networks and should be mandatory for critical systems. Defense-in-Depth (DiD) is a concept that built on the premise of early detection and providing alerts of intrusions to guarantee that defensive action is taken prior to the breach of any critical assets. This paper validates the new intrusion detection based cyberdefensive architecture by using a Raspberry Pi based ModbusTCP control system that enables simulation of cyber-attacks, and illustrates a mitigation measure with the added feature of Modbus monitoring using Snort.","PeriodicalId":296428,"journal":{"name":"2017 North American Power Symposium (NAPS)","volume":"172 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A cyber-defensive industrial control system with redundancy and intrusion detection\",\"authors\":\"D. Robinson, Charles Kim\",\"doi\":\"10.1109/NAPS.2017.8107186\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Technological advancement of Industrial Control Systems (ICS) and control systems automation over the past decade has brought greater interconnections of the control components. Modern control communication systems such as ModbusTCP are based on open standards that leverage Ethernet to allow interoperability between solutions from different vendors. The enhanced exchange of information has, as a side effect, created cyber security vulnerabilities such as entry points for hackers. Network monitoring typically applied to corporate networks is rarely implemented for ICS networks and should be mandatory for critical systems. Defense-in-Depth (DiD) is a concept that built on the premise of early detection and providing alerts of intrusions to guarantee that defensive action is taken prior to the breach of any critical assets. This paper validates the new intrusion detection based cyberdefensive architecture by using a Raspberry Pi based ModbusTCP control system that enables simulation of cyber-attacks, and illustrates a mitigation measure with the added feature of Modbus monitoring using Snort.\",\"PeriodicalId\":296428,\"journal\":{\"name\":\"2017 North American Power Symposium (NAPS)\",\"volume\":\"172 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 North American Power Symposium (NAPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NAPS.2017.8107186\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 North American Power Symposium (NAPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NAPS.2017.8107186","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

摘要

在过去的十年中,工业控制系统(ICS)和控制系统自动化的技术进步带来了更大的控制组件互连。ModbusTCP等现代控制通信系统基于开放标准,利用以太网允许不同供应商的解决方案之间的互操作性。作为一个副作用,信息交换的加强造成了网络安全漏洞,比如黑客的入口。通常应用于公司网络的网络监视很少用于ICS网络,而对于关键系统应该是强制性的。纵深防御(DiD)是一个建立在早期检测和提供入侵警报的前提下的概念,以保证在任何关键资产遭到破坏之前采取防御行动。本文通过使用基于树莓派的Modbus控制系统验证了基于入侵检测的网络防御体系结构,该系统能够模拟网络攻击,并举例说明了使用Snort添加Modbus监控功能的缓解措施。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A cyber-defensive industrial control system with redundancy and intrusion detection
Technological advancement of Industrial Control Systems (ICS) and control systems automation over the past decade has brought greater interconnections of the control components. Modern control communication systems such as ModbusTCP are based on open standards that leverage Ethernet to allow interoperability between solutions from different vendors. The enhanced exchange of information has, as a side effect, created cyber security vulnerabilities such as entry points for hackers. Network monitoring typically applied to corporate networks is rarely implemented for ICS networks and should be mandatory for critical systems. Defense-in-Depth (DiD) is a concept that built on the premise of early detection and providing alerts of intrusions to guarantee that defensive action is taken prior to the breach of any critical assets. This paper validates the new intrusion detection based cyberdefensive architecture by using a Raspberry Pi based ModbusTCP control system that enables simulation of cyber-attacks, and illustrates a mitigation measure with the added feature of Modbus monitoring using Snort.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信