簡易檢索 / 詳目顯示

回結果列表
研究生: 楊明軒
Ming-Xuan Yang
論文名稱: 應用於分散式工控系統之異常控制行為偵測
Anomaly Behavior Detection in Distributed Control Systems
指導教授: 吳宗成
Tzong-Chen Wu
口試委員: 查士朝
Shi-Cho Cha
羅乃維
Nai-Wei Lo
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2020
畢業學年度: 108
語文別: 中文
論文頁數: 70
中文關鍵詞: 工業控制系統資料採集與監控系統分散式控制系統異常偵測
外文關鍵詞: Industrial control system, Supervisory Control And Data Acquisition, Distributed Control Systems, Anomaly detection
相關次數: 點閱:245下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  •  上一筆

    • 隨著資訊化和工業化的發展,許多工廠逐漸開始加入IT系統,便利化的同時也增加了被攻擊的風險。如果工業控制系統遭受破壞,則可能會造成財產損失甚至影響到人身安全,為了不影響工業控制系統的可用性和即時性的需求,異常偵測是常用的資安防護方式。
    本論文提出透過深度剖析工控網路的每種長度封包的位置變化數值,來偵測異常控制的方法。本方法可以在不了解工業控制協定的基礎上,去檢測是否存在異常控制行為。
    本方法的優點有下列幾點:
    (1) 能夠在不影響工廠運作的可用性和即時性的前提下,辨識發生異常控制的設備。
    (2) 可以偵測外部攻擊者或內賊的惡意控制行為。
    (3) 可以偵測未知工控協定的封包格式架構是否異常
    本論文研究的結果將改善未知工業控制協定的異常控制行為偵測的方法。

    With the development of informatization and industrialization, many factories have gradually begun to adopt IT systems. However ,this may lead to an increased risk of attacks. Once the industrial control systems (ICS) comes under attack, it is likely to cause great financial loss or even casualities. In order not to affect the availability and immediacy, anomaly detection is one of the cyber defense approaches for ICS.
    This paper proposes a method for detecting anomaly control by deeply analyzing the change value of each packet in the industrial control network. This method can detect whether there is abnormal control behavior without understanding the industrial control protocol.
    The advantages of this method are as follows:
    (1) Without affecting the availability and immediacy of factory operation, this method can identify which equipment with abnormal control.
    (2) This method can detect the malicious control behavior of external attackers and insiders.
    (3) It can detect whether the packet format structure of the unknown industrial control protocol is abnormal
    The result indicated how to improve the detecting rate of abnormal control behaviors of unknown industrial control protocol.

    摘要 i Abstract ii 誌謝 iii 目錄 v 圖目錄 viii 表目錄 ix 第一章 緒論 1 1.1 研究背景與動機 2 1.2 研究目的 3 1.3 論文架構 4 1.4 研究限制 5 第二章 文獻探討 7 2.1 工業控制系統 7 2.1.1 監控與資料擷取系統 7 2.1.2 分散式控制系統 8 2.1.3 系統功能 10 2.1.4 資料流與控制流 11 2.2 工業控制網路 11 2.2.1 普度模型 11 2.2.2 流程自動化協定 15 2.2.3 SCADA 協定可能的脆弱點 15 2.2.4 DCS 協定可能的脆弱點 17 2.3 安全威脅剖析 19 2.3.1 第一階段: 不可用 (No Available) 20 2.3.2 第二階段: 錯誤的回應處理 (Improper Responses) 21 2.3.3 第三階段: 惡意的操控 (Malicious Actions) 22 2.4 防禦機制 23 2.4.1 針對第一階段不可用之防禦機制 23 2.4.2 針對第二階段錯誤的回應處理之防禦機制 24 2.4.3 針對第三階段惡意的操控之防禦機制 24 2.5 工控測試平台 26 第三章 異常控制行為偵測機制 28 3.1 系統架構與流程 28 3.1.1 系統架構 28 3.1.2 系統流程 34 3.2 工控封包收集方法 36 3.2.1 SCADA之封包收集 36 3.2.2 DCS之封包收集 37 3.3 未知工控協定之異常控制行為偵測 38 3.3.1 統計模式 39 3.3.2 偵測模式 39 3.4 測試方式 40 3.4.1 SCADA協定之測試方式 40 3.4.2 DCS協定之測試方式 41 第四章 實驗結果與分析 44 4.1 實驗環境 44 4.1.1 SCADA的實驗環境 44 4.1.2 DCS的實驗環境 46 4.2 實驗設計 49 4.2.1 SCADA實驗設計 49 4.2.2 DCS實驗設計 54 4.3 結果與分析 58 4.3.1 SCADA實驗測試結果分析 58 4.3.2 DCS 實驗測試結果分析 61 第五章 結論與未來研究方向 65 5.1 結論 65 5.2 未來研究方向 67 參考文獻 68

    [1]P. Ackerman, Industrial cybersecurity : efficiency secure critical infrastructure systems. Packt (in English), 2017.
    [2]S. Automation, "Modbus messaging on tcp/ip implementation guide v1. 0b," MODBUS Organization, last accessed June, vol. 30, p. 2015, 2006.
    [3]S. Bologna, A. Fasani, and M. Martellini, "The importance of securing industrial control systems of critical infrastructures," General Secretariat. Como, Italy: Landau Network. Retrieved January, vol. 14, p. 2014, 2013.
    [4]D. U. Case, "Analysis of the cyber attack on the Ukrainian power grid," Electricity Information Sharing and Analysis Center (E-ISAC), vol. 388, 2016.
    [5]H. Christiansson and E. Luiijf, "Creating a European SCADA security testbed," in International Conference on Critical Infrastructure Protection, 2007: Springer, pp. 237-247.
    [6]D. Fauri, B. de Wijs, J. den Hartog, E. Costante, E. Zambon, and S. Etalle, "Encryption in ICS networks: A blessing or a curse?," in 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm), 2017: IEEE, pp. 289-294.
    [7]W. Gao, T. Morris, B. Reaves, and D. Richey, "On SCADA control system command and response injection and intrusion detection," in 2010 eCrime Researchers Summit, 2010: IEEE, pp. 1-9.
    [8]Y. Geng, Y. Wang, W. Liu, Q. Wei, K. Liu, and H. Wu, "A survey of industrial control system testbeds," in IOP Conference Series: Materials Science and Engineering, 2019, vol. 569, no. 4: IOP Publishing, p. 042030.
    [9]D. Hentunen and A. Tikkanen, "Havex hunts for ICS/SCADA systems," in F-Secure, 2014.
    [10]V. M. Igure, S. A. Laughter, and R. D. Williams, "Security issues in SCADA networks," Comput. Secur., vol. 25, no. 7, pp. 498-506, 2006.
    [11]R. A. Jones and B. Horowitz, "A system‐aware cyber security architecture," Systems Engineering, vol. 15, no. 2, pp. 225-240, 2012.
    [12]R. Langner, "Stuxnet: Dissecting a Cyberwarfare Weapon," IEEE Security & Privacy, vol. 9, pp. 49-51, 2011.
    [13]A. Lemay, J. Rochon, and J. M. Fernandez, "A Practical flow white list approach for SCADA systems," in 4th International Symposium for ICS & SCADA Cyber Security Research 2016 4, 2016, pp. 23-31.
    [14]C. T. Lin, S. L. Wu, and M. L. Lee, "Cyber attack and defense on industry control systems," in 2017 IEEE Conference on Dependable and Secure Computing, 2017: IEEE, pp. 524-526.
    [15]B. Meixell and E. Forner, "Out of control: Demonstrating scada exploitation," presented at the Black Hat (2013), 2013.
    [16]B. Miller and D. Rowe, "A survey SCADA of and critical infrastructure incidents," in Proceedings of the 1st Annual conference on Research in information technology, 2012, pp. 51-56.
    [17]R. Mitchell and I. R. Chen, "A survey of intrusion detection techniques for cyber-physical systems," ACM Computing Surveys (CSUR), vol. 46, no. 4, pp. 1-29, 2014.
    [18]J. w. Myung and S. Hong, "ICS malware Triton attack and countermeasures," International Journal of Emerging Multidisciplinary Research, vol. 3, no. 2, pp. 13-17, 2019.
    [19]M. Niedermaier, A. von Bodisco, and D. Merli, "CoRT: A Communication Robustness Testbed for Industrial Control System Components," arXiv preprint arXiv:1904.04286, 2019.
    [20]R. I. Ogie, "Cyber security incidents on critical infrastructure and industrial networks," in Proceedings of the 9th International Conference on Computer and Automation Engineering, 2017: ACM, pp. 254-258.
    [21]L. Rajesh and P. Satyanarayana, "Vulnerability Analysis and Enhancement of Security of Communication Protocol in Industrial Control Systems," Helix, vol. 9, no. 04, pp. 5122-5127, 2019.
    [22]A. Rezai, P. Keshavarzi, and Z. Moravej, "Key management issue in SCADA networks: A review," Engineering science and technology, an international journal, vol. 20, no. 1, pp. 354-363, 2017.
    [23]S. Shin, T. Kwon, G.-Y. Jo, Y. Park, and H. Rhy, "An experimental study of hierarchical intrusion detection for wireless industrial sensor networks," IEEE Trans. Ind. Inform., vol. 6, no. 4, pp. 744-757, 2010.
    [24]M. A. P. Specification, "MODBUS Application Protocol Specification V1.1," from http://www.modbus.org/doc/Modbus_Application_Proftocol_V1_1.pdf.
    [25]K. Stouffer, J. Falco, and K. Scarfone, "Guide to industrial control systems (ICS) security," NIST special publication, vol. 800, no. 82, pp. 16-16, 2011.
    [26]Tim Dawson, "Who Were the Leading Vendors of Industrial Controls in 2017 ?," 20-Nov-2018. [Online] Available: https://www.interactanalysis.com/who-were-the-leading-vendors-of-industrial-controls-plcs-and-dcs-in-2017/.[Accessed: 01-Jun-2020].
    [27]D. Upadhyay and S. Sampalli, "SCADA (Supervisory Control and Data Acquisition)systems: Vulnerability assessment and security recommendations," Comput. Secur, 2020.
    [28]X. Zhou, Z. Xu, L. Wang, K. Chen, C. Chen, and W. Zhang, "APT Attack Analysis in SCADA Systems," in MATEC Web of Conferences, 2018, vol. 173: EDP Sciences.

    無法下載圖示 全文公開日期 2025/07/02 (校內網路)
    全文公開日期 2030/07/02 (校外網路)
    全文公開日期 2030/07/02 (國家圖書館:臺灣博碩士論文系統)
    QR CODE