簡易檢索 / 詳目顯示

回結果列表
研究生: 張鈞凱
Chun-Kai Chang
論文名稱: 工業網路安全入侵偵測系統開發
Development of an Intrusion Detection System for Industrial Network Security
指導教授: 梁書豪
Shu-Hao Liang
口試委員: 李維楨
黃政嘉
黃乾怡
梁書豪
學位類別: 碩士
Master
系所名稱: 產學創新學院 - 智慧製造科技研究所
Graduate Institute of Intelligent Manufacturing Tech
論文出版年: 2024
畢業學年度: 112
語文別: 英文
論文頁數: 68
中文關鍵詞: 工業物聯網資訊安全入侵偵測系統
外文關鍵詞: IIOT, Cybersecurity, IDS, Modbus TCP, Node-Red
相關次數: 點閱:594下載:29
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  •  上一筆

    • 本文針對工廠網路安全防護及入侵偵測系統進行探討及開發。基於傳統的網路安全架構中建立一個監控系統,研究與廠網路安全防護相關的漏洞。針對內部攻擊防護的重要性,設計一套入侵偵測系統,並在實驗中對其進行了驗證。研究中建立一個測試平台用於模擬實際工廠,平台具有可程式化邏輯控制器、交換器等常用工控及網路設備,主要工業通訊協定為Modbus TCP。入侵偵測系統的開發,採用python編成程式,監控所有與可程式化邏輯控制器傳輸的網路封包,並判斷是否有資訊安全威脅。圖示化與控制介面採用Node-Red開發,提供系統的狀態及安全警示。實驗中安全資訊和事件管理系統無法偵測到子網路遭受到的攻擊,故凸顯入侵偵測系統監控子網路的重要性。入侵偵測系統的運作透過1000筆網路封包的分析,藉由靜態閾值來偵測是否受到威脅或攻擊。實踐驗證設計共三種攻擊模式:分散式阻斷服務攻擊、ARP封包欺騙與惡意網際協定位址攻擊。實驗結果證明所開發的入侵偵測系統可以成功的偵測到子網路內部的攻擊,並提出即時的警示。在本研究成功偵測到已知的攻擊,發現安全資訊和事件管理系統與入侵偵測系統的重要性。討論靜態閾值的優缺點。後續提供硬體改善、軟體日誌傳輸功能與機器學習三種方供未來持續研究。

    This paper presents the development and evaluation of an intrusion detection system for enhancing factory network security Based on the conventional network security architecture, a monitoring system is established to study vulnerabilities related to factory network security protection. Considering the importance of protecting against internal attacks, an intrusion detection system is designed and verified through experiments. In the research, a testbed is built to simulate an actual factory. The testbed includes common industrial control and network devices such as programmable logic controllers (PLCs) and switches, with Modbus TCP as the main industrial communication protocol. The intrusion detection system (IDS) is developed using Python programming, monitoring all network packets transmitted between the PLC and other devices, and determining whether there are any information security threats. The visualization and control interface is developed using Node-Red, providing system status and security alerts. The experiments show that SIEM is unable to detect attacks on the subnet, highlighting the importance of IDS in monitoring subnets. The IDS system operates by analyzing 1,000 network packets and using static thresholds to detect threats or attacks. The practical verification includes three attack modes: DDoS, ARP spoofing, and Malicious IP. The experimental results demonstrate that the developed IDS can successfully detect internal attacks within the subnet and provide real-time alerts. This research successfully detects known attacks and highlights the importance of SIEM and IDS. It discusses the advantages and disadvantages of static thresholds. Future research directions are proposed, including hardware improvements, software log transmission functionality, and AI learning.

    摘要 III Abstract IV 誌謝 V Table of Contents VI List of Figures IX List of Tables XII Chapter 1. Introduction 1 1.1 Background and Motivation 1 1.2 Research Objectives 2 1.3 Thesis Organization 4 Chapter 2. Literature Review 6 2.1 Industry 4.0 6 2.1.1 Industrial Internet of Things 6 2.1.2 Smart Manufacturing 7 2.2 Industrial Protocols 7 2.2.1 Overview 7 2.2.2 Modbus 7 2.3 Cyber Threats in Industrial Control Systems 11 2.3.1 Denial of Service Attacks 11 2.3.2 Man-in-the-Middle Attacks 12 2.3.3 Malicious Command Injection 12 2.4 Cybersecurity in Factories 13 2.4.1 Firewall 13 2.4.2 Intranet/Internet Segmentation 14 2.4.3 Security Information and Event Management 14 2.4.4 Intrusion Detection System 15 Chapter 3. Testbed Design and Implementation 18 3.1 Hardware Components 18 3.1.1 Architecture 19 3.1.2 Local Computer 19 3.1.3 Attack Computer 20 3.1.4 Switch 21 3.1.5 PLC 22 3.2 Software Tools 23 3.2.1 Management Function 24 3.2.2 Monitoring Function 24 3.2.3 Function Development 25 3.2.4 Graphical User Interface 26 Chapter 4. System Design and Implementation 28 4.1 Testbed Implementation 28 4.1.1 Network Configuration 28 4.1.2 Sensor Control 29 4.1.3 Power Control 30 4.1.4 Human-Machine Interface 30 4.2 Intrusion Detection System Development 36 4.2.1 Application Programming Interface 36 4.2.2 Parameters 37 4.2.3 Variables 38 4.2.4 Function 38 4.3 Attack Scenario 42 4.3.1 DDoS Attack 42 4.3.2 ARP Spoofing 43 4.3.3 Malicious IP Attack 44 Chapter 5. Result and Discussion 46 5.1 FortiSIEM Evaluation 46 5.1.1 Attack in Intranet 46 5.1.2 Attack in Testbed 47 5.2 IDS Performance Analysis 47 5.2.1 DDoS Attack Analysis 48 5.2.2 ARP Spoofing Attack Analysis 50 5.2.3 Malicious IP Attack Analysis 52 5.2.4 Packet Data Analysis 54 5.2.5 Attack Packet Data Analysis 55 5.3 Comparative Results and Analysis 59 5.4 Conclusions 61 5.5 Limitations and Future Research Directions 64 REFERENCES 66

    [1] T. Micro, "預先防範風險趨勢科技 2023 上半年網路資安報告," 2023.
    [2] 李承澤, "實施IEC 62443-3-3以保護智慧製造中的資訊安全," 碩士, 機械工程系, 國立臺灣科技大學, 台北市, 2023. [Online]. Available: https://hdl.handle.net/11296/433t4m
    [3] C. Hare, K. S. Siyan, and K. Siyan, Internet firewalls and network security. New Riders Publishing, 1996.
    [4] G. Thomas, "Introduction to the modbus protocol," The Extension, vol. 9, no. 4, pp. 1-4, 2008.
    [5] 曾元均, "使用 Node-RED之工業物聯網設計與實作," 碩士, 機械工程系, 國立臺灣科技大學, 台北市, 2022. [Online]. Available: https://hdl.handle.net/11296/tz35xe
    [6] CrowdStrike. "12 Most Common Types of Cyberattacks Today - CrowdStrike." https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/ (accessed.
    [7] T. Pereira, L. Barreto, and A. Amaral, "Network and information security challenges within Industry 4.0 paradigm," Procedia Manufacturing, vol. 13, pp. 1253-1260, 2017/01/01/ 2017, doi: https://doi.org/10.1016/j.promfg.2017.09.047.
    [8] S. B. ElMamy, H. Mrabet, H. Gharbi, A. Jemai, and D. Trentesaux, "A survey on the usage of blockchain Technology for Cyber-Threats in the context of Industry 4.0," Sustainability, vol. 12, no. 21, p. 9179, 2020 2020, doi: 10.3390/su12219179.
    [9] V. B. D. V. S, "Security Threats and Concerns, Firmware Vulnerability Analysis in Industrial Internet of Things," International Journal of Emerging Trends in Engineering Research, vol. 8, no. 9, pp. 5255-5258, 2020, doi: 10.30534/ijeter/2020/59892020.
    [10] A. Esfahani et al., "An Efficient Web Authentication Mechanism Preventing Man-In-The-Middle Attacks in Industry 4.0 Supply Chain," IEEE Access, vol. 7, pp. 58981-58989, 2019, doi: 10.1109/ACCESS.2019.2914454.
    [11] I. Jamai, L. B. Azzouz, and L. A. Saïdane, "Security issues in Industry 4.0," in 2020 International Wireless Communications and Mobile Computing (IWCMC), 15-19 June 2020 2020, pp. 481-488, doi: 10.1109/IWCMC48107.2020.9148447.
    [12] M. Aydos, Y. Vural, and A. Tekerek, "Assessing risks and threats with layered approach to Internet of Things security," Measurement and Control, vol. 52, no. 5-6, pp. 338-353, 2019, doi: 10.1177/0020294019837991.
    [13] W. R. Cheswick, S. M. Bellovin, and A. D. Rubin, Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 2003.
    [14] S. Acharya, W. Jia, G. Zihui, T. Znati, and A. Greenberg, "Simulation study of firewalls to aid improved performance," in 39th Annual Simulation Symposium (ANSS'06), 2-6 April 2006 2006, pp. 8 pp.-26, doi: 10.1109/ANSS.2006.42.
    [15] M. David, H. Shon, H. Allen, V. Stephen, and B. Chris, Security Information and Event Management (SIEM) Implementation. McGraw-Hill Osborne Media, 2010, pp. -1.
    [16] M. AYMARD, "Security Monitoring System Applied to IoT," 2019.
    [17] R. Barnard, Intrusion detection systems. Gulf Professional Publishing, 1988.
    [18] T. A. Alamiedy, M. Anbar, Z. N. Alqattan, and Q. M. Alzubi, "Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm," Journal of Ambient Intelligence and Humanized Computing, vol. 11, no. 9, pp. 3735-3756, 2020.
    [19] Iiotntust, "GitHub - iiotntust/picking-machine." [Online]. Available: https://github.com/iiotntust/picking-machine?tab=readme-ov-file.
    [20] K. Kavyashree and C. N. Sowmyarani, "TCP Attack Detection Using Dynamic Threshold," in 2021 IEEE International Conference on Computation System and
    Information Technology for Sustainable Solutions (CSITSS), 16-18 Dec. 2021 2021, pp. 1-7, doi: 10.1109/CSITSS54238.2021.9683302.
    [21] "hping3 | Kali Linux Tools." https://www.kali.org/tools/hping3/ (accessed.
    [22] "dsniff | Kali Linux Tools." https://www.kali.org/tools/dsniff/#arpspoof (accessed.
    [23] LuYee. "GitHub - LuYee6813/ICSCracker: A useful ICS attack tool." https://github.com/LuYee6813/ICSCracker (accessed.
    [24] M. Vinaypamnani, "4907(S) Auditing settings on object were changed. - Windows 10," 2021 2021. [Online]. Available: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4907.
    [25] Y. Zhang, L. Wang, W. Sun, R. C. Green, and M. Alam, "Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids," Smart Grid, IEEE Transactions on, vol. 2, pp. 796-808, 01/01 2012, doi: 10.1109/TSG.2011.2159818.
    [26] H. Ghaeini and N. O. Tippenhauer, HAMIDS: Hierarchical Monitoring Intrusion Detection System for Industrial Control Systems. 2016, pp. 103-111.

    QR CODE