SIA OpenIR  > 工业控制网络与系统研究室
工控系统态势理解算法研究
Alternative TitleResearch on situation understanding algorithm of industrial control system
敖建松
Department工业控制网络与系统研究室
Thesis Advisor尚文利
Keyword工业控制系统 态势感知 去噪自编码器 MSET 聚类算法
Pages70页
Degree Discipline控制工程
Degree Name专业学位硕士
2020-05-26
Degree Grantor中国科学院沈阳自动化研究所
Place of Conferral沈阳
Abstract随着以太网技术的不断创新发展,智能制造,物联网等技术不断兴起,并逐步应用于实际生产之中,致使传统生产方式产生新一轮的革新。新一代信息技术与工业控制系统的深度融合,使传统工业控制系统不断发展,逐渐形成互联、智能、高效、一体化的特点,节约了大量的人力资源。与此同时,工控系统在加入开放式网络之后,系统规模不断变大,内部拓扑结构越加复杂,并且引入了传统的网络安全问题,导致原本认为不容易被外部攻击的封闭式工业控制网络,也因为存在设备同时连接到以太网成为攻击跳板,最终导致系统遭到攻击,使其安全管理难度和成本不断增加。目前,大多数严重的工控系统网络安全攻击事件多为长期性、潜伏性攻击,同时物理环境和人为因素的加入也导致了目前的攻击方式呈多样性、不确定性。传统的入侵检测手段和单一的安全防护机制无法全面的保障系统安全,最终导致现场控制层产生设备异常运行,造成严重的物理环境破坏,系统运行异常或者终止运行,带来巨大的损失。为了构建完善的工控系统安全防护机制,从全局的角度出发,实时的把控系统整体的安全状况,本文重点考虑工控系统现场控制层整体的安全防护,以态势感知理论为基础,并结合当前的网络安全态势感知(NSSA)领域成果,对工控系统态势感知理论这一重要课题进行研究,分析已有的传统网络安全态势感知框架的优缺点,结合工控网络安全的研究现状,提出适用于工控系统的态势感知模型。首先,本文透过当前重大的工控系统网络攻击事件和现阶段工业控制系统的网络安全研究现状进行分析,阐述了工控系统现场控制层安全防护的重要性以及进行工控系统态势感知研究的必要性。另外,鉴于态势感知理论近几年在传统网络安全领域快速发展并取得不少具有重大意义的研究成果,本文重点介绍了目前主流的网络安全态势感知框架的适用范围和优缺点以及现阶段工控系统态势感知发展的局限性和适应性。其次,提出适用于工控系统的态势理解算法。如何从复杂的系统环境中提取出有效的态势要素并进行合理的融合计算实现当前态势理解是目前态势感知所面临的难题,整个态势感知模型的输出是否有效取决于提取的态势要素是否可以准确的表征系统的实时状态。本文首先对工控系统控制现场层收集的数据进行归一化、降维等预处理方式提取出有效的态势信息;其次,借鉴故障检测领域中的MSET算法以及机器学习中的聚类算法和深度学习中的去噪自编码器等算法,设计出适用于工控系统的态势理解算法,实现有效态势要素的提取,并量化出实时的安全状况。最后,本文通过实验数据分析对比,说明了所提出算法的可执行性和有效性,态势理解算法的输出可以为系统安全管理人员提供可靠的决策依据,也为后态势预测阶段提供有效的输入。
Other AbstractWith the continuous innovation and development of Ethernet technology, intelligent manufacturing, Internet of things and other technologies continue to rise, and gradually applied to the actual production, resulting in a new round of innovation in the traditional production mode. The deep integration of the new generation of information technology and industrial control system has made the traditional industrial control system develop continuously, gradually forming the characteristics of interconnection, intelligence, high efficiency and integration, saving a lot of human resources. At the same time, after industrial control system joined the open network, the scale of the system became larger and larger, the internal topological structure became more and more complex, and the traditional network security problems were introduced, which led to the closed industrial control network that was originally thought not easy to be attacked by the outside, and also became the attack springboard because the equipment was connected to the Ethernet at the same time, eventually leading to the system being attacked, making its security management difficult and cost increasing. At present, most of the serious industrial control system network security attacks are long-term and latent attacks. At the same time, the addition of physical environment and human factors also leads to the current mode of attack showing diversity and uncertainty. Traditional intrusion detection methods and single security protection mechanism cannot fully guarantee the system security, which eventually leads to the abnormal operation of equipment on the control site, serious physical environment damage, abnormal or terminated operation of the system, and brings huge losses. In order to build a perfect safety protection mechanism for industrial control systems, the overall safety situation of the control system is real-time from a global perspective. This paper focuses on the overall safety protection of the on-site control layer of industrial control systems. Based on the situation awareness theory, combined with the existing research results of network security situation awareness (NSSA) , this paper studies the important topic of industrial control system situation awareness theory, analyzes the advantages and disadvantages of the existing traditional network security situation awareness framework, and proposes a situation awareness model suitable for industrial control systems in combination with the research status of industrial control network security. First of all, through the analysis of the current major industrial control system network attacks and the current research status of industrial control system network security, this paper expounds the importance of industrial control system on-site control layer security protection and the necessity of industrial control system situation awareness research. In addition, in view of the rapid development of situation awareness theory in the field of traditional network security in recent years and many significant research results, this paper focuses on the application scope, advantages and disadvantages of the current mainstream network security situation awareness framework, as well as the limitations and adaptability of the current situation awareness development of industrial control systems. Secondly, the situation understanding algorithm suitable for industrial control system is proposed. How to extract effective situation elements from complex system environment and make reasonable fusion calculation to realize current situation understanding is a difficult problem faced by situation awareness. Whether the output of the whole situation awareness model is effective depends on whether the extracted situation elements can accurately represent the real-time state of the system. In this paper, firstly, the data collected by the control field layer of the industrial control system are preprocessed by normalization, dimension reduction and other methods to extract effective situation information. Secondly, learning from MSET algorithm in fault detection field, clustering algorithm in machine learning and de-noising self-encoder algorithm in depth learning, a situation understanding algorithm suitable for industrial control system is designed to extract effective situation elements and quantify real-time security situation. Finally, through the analysis and comparison of experimental data, this paper illustrates the feasibility and effectiveness of the proposed algorithm. The output of situation understanding algorithm can provide reliable decision-making basis for system safety management personnel and effective input for post-situation prediction stage.
Language中文
Contribution Rank1
Document Type学位论文
Identifierhttp://ir.sia.cn/handle/173321/27148
Collection工业控制网络与系统研究室
Affiliation中国科学院沈阳自动化研究所
Recommended Citation
GB/T 7714
敖建松. 工控系统态势理解算法研究[D]. 沈阳. 中国科学院沈阳自动化研究所,2020.
Files in This Item:
File Name/Size DocType Version Access License
工控系统态势理解算法研究.pdf(3412KB)学位论文 开放获取CC BY-NC-SAApplication Full Text
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[敖建松]'s Articles
Baidu academic
Similar articles in Baidu academic
[敖建松]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[敖建松]'s Articles
Terms of Use
No data!
Social Bookmark/Share
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.