面向工业互联网设备的异常行为关联分析攻击溯源技术研究OA北大核心CSTPCD
Research on Traceability Techniques of Anomalous Behavior Correlation Analysis Attacks for Industrial Internet Devices
针对工业互联网场景下工控网络侧、设备侧异常行为分析溯源技术攻击过程机理分析不清、跳转流程不明确等问题,提出了一种基于异常行为关联分析映射的攻击溯源检测方法.该方法基于异常行为序列相似度比对、异常行为序列与攻击阶段映射分析,将设备攻击映射情况与网络异常行为进行关联分析,串联不同设备之间的攻击关联子图构建完整攻击链条进行精准溯源.最终,通过构建工业智能设备仿真测试环境,实现常见工业设备攻击行为的重放复现,验证了所提出的攻击检测溯源方法的有效性.
In this paper,an attack tracing detection method based on abnormal behavior correlation analysis mapping is proposed to solve the problem of unclear attack mechanism analysis and jump process in industrial control network side and device side under the industrial Internet scenario.The method is based on similarity comparison of abnormal behavior sequences,mapping analysis of abnormal behavior sequences and attack stages,and constructing a complete attack chain by linking the attack association subgraphs between different devices in series.Finally,the effectiveness of the attack detection and traceability method is verified,through constructing a simulation test environment for industrial intelligent devices and realizing the replay reproduction of common industrial device attack behaviors.
林晨;刚占慧;韦彦;郭娴;曲海阔;王冲华
国家工业信息安全发展研究中心 北京 100040
计算机与自动化
工业互联网攻击溯源攻击检测异常行为工控安全系统
industrial Internetattack attributionattack detectionabnormal behaviorsecurity of industrial control system
《信息安全研究》 2024 (006)
532-538 / 7
国防基础科研计划资助项目(JCKY2021608B001)
评论