National Natural Science Foundation of China (Grant Nos. 61501447, 61502474) and Independent project of Key Laboratory of Networked Control System Chinese Academy of Sciences: Research on abnormal behavior modeling, online intrusion detection and self-learning method in industrial control network.
In smart cities, the networked control system plays a significant role in transportation systems, power stations or other critical infrastructures, and it is facing many security issues. From this point, this paper proposes a content-based deep communication control approach to guarantee its security. Based on the layer architecture, this approach analyzes the interactive content in depth according to different industrial communication protocols, and implements the access control between two distinct enclaves. For OPC Classic, we acquire the dynamic port provided by OPC server, and open a new connection belonging to this port; for Modbus/TCP, we not only analyze the ordinary function codes and addresses, but also check the register or coil values by using the multi-bit Trie-tree matching algorithm. Besides, the white-listing strategy is introduced to satisfy the special requirements of industrial communication. Our experiment results show that, on the one hand the proposed approach provides OPC and Modbus/TCP defenses in depth; on the other hand it has less than 1 ms forwarding latency and 0 packet loss rate when the rule number reaches 200, and all these meet the availability requirements in the networked control system. In particular, this approach has been successfully applied in several real-world petrochemical control systems.