SIA OpenIR  > 工业控制网络与系统研究室
Content-based deep communication control for networked control system
Wan M(万明); Shang WL(尚文利); Kong LH(孔令和); Zeng P(曾鹏)
Department工业控制网络与系统研究室
Source PublicationTelecommunication Systems
ISSN1018-4864
2017
Volume65Issue:1Pages:155-168
Indexed BySCI ; EI
EI Accession number20163602779123
WOS IDWOS:000399021600012
Contribution Rank1
Funding OrganizationNational Natural Science Foundation of China (Grant Nos. 61501447, 61502474) and Independent project of Key Laboratory of Networked Control System Chinese Academy of Sciences: Research on abnormal behavior modeling, online intrusion detection and self-learning method in industrial control network.
KeywordContent-based Deep Communication Control Opc Classic Modbus/tcp White-listing
AbstractIn smart cities, the networked control system plays a significant role in transportation systems, power stations or other critical infrastructures, and it is facing many security issues. From this point, this paper proposes a content-based deep communication control approach to guarantee its security. Based on the layer architecture, this approach analyzes the interactive content in depth according to different industrial communication protocols, and implements the access control between two distinct enclaves. For OPC Classic, we acquire the dynamic port provided by OPC server, and open a new connection belonging to this port; for Modbus/TCP, we not only analyze the ordinary function codes and addresses, but also check the register or coil values by using the multi-bit Trie-tree matching algorithm. Besides, the white-listing strategy is introduced to satisfy the special requirements of industrial communication. Our experiment results show that, on the one hand the proposed approach provides OPC and Modbus/TCP defenses in depth; on the other hand it has less than 1 ms forwarding latency and 0 packet loss rate when the rule number reaches 200, and all these meet the availability requirements in the networked control system. In particular, this approach has been successfully applied in several real-world petrochemical control systems.
Language英语
WOS HeadingsScience & Technology ; Technology
WOS SubjectTelecommunications
WOS Research AreaTelecommunications
Citation statistics
Document Type期刊论文
Identifierhttp://ir.sia.cn/handle/173321/19184
Collection工业控制网络与系统研究室
Corresponding AuthorWan M(万明)
Affiliation1.Shenyang Institute of Automation Chinese Academy of Sciences, No.114, Nanta Street, Shenhe District, Shenyang 110016, China
2.Key Laboratory of Networked Control System Chinese Academy of Sciences, No.114, Nanta Street, Shenhe District, Shenyang 110016, China
3.Shanghai Jiao Tong University, No. 800, Dongchuan Road, Minhang District, Shanghai, 200240, China
Recommended Citation
GB/T 7714
Wan M,Shang WL,Kong LH,et al. Content-based deep communication control for networked control system[J]. Telecommunication Systems,2017,65(1):155-168.
APA Wan M,Shang WL,Kong LH,&Zeng P.(2017).Content-based deep communication control for networked control system.Telecommunication Systems,65(1),155-168.
MLA Wan M,et al."Content-based deep communication control for networked control system".Telecommunication Systems 65.1(2017):155-168.
Files in This Item: Download All
File Name/Size DocType Version Access License
Content-based deep c(5513KB)期刊论文作者接受稿开放获取ODC PDDLView Download
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[Wan M(万明)]'s Articles
[Shang WL(尚文利)]'s Articles
[Kong LH(孔令和)]'s Articles
Baidu academic
Similar articles in Baidu academic
[Wan M(万明)]'s Articles
[Shang WL(尚文利)]'s Articles
[Kong LH(孔令和)]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[Wan M(万明)]'s Articles
[Shang WL(尚文利)]'s Articles
[Kong LH(孔令和)]'s Articles
Terms of Use
No data!
Social Bookmark/Share
File name: Content-based deep communication control for networked control system.pdf
Format: Adobe PDF
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.