新型工业控制系统勒索蠕虫威胁与防御  被引量：10

作　　者：刘煜堃 诸葛建伟[1] 吴一雄 LIU Yukun 1, ZHUGE Jianwei 1 , WU Yixiong 1,2(1. Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China ;2. College of Mathematics and Computer Science, Fuzhou University, Fuzhou Fujian 350116, Chin)

机构地区：[1]清华大学网络科学与网络空间研究院,北京100084 [2]福州大学数学与计算机科学学院,福州350116

出　　处：《计算机应用》2018年第6期1608-1613,共6页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61472209);清华大学国际科技合作项目(20163000227);清华大学自主科研计划课题(20151080436)~~

摘　　要：工业控制系统(ICS)的大规模攻击对于电力生产、输配电、石油化工、水处理和传输等涉及国计民生的关键基础设施是一个巨大的威胁,目前提出的针对ICS的勒索蠕虫受限于工控网络隔离的特性,难以大规模传播。基于观察到的ICS实际开发场景,针对ICS高度隔离化的问题,提出一种基于新的攻击路径的勒索蠕虫威胁模型。此威胁模型首先将工程师站作为初次感染目标,然后以工程师站作为跳板,对处于内部网络的工业控制设备进行攻击,最后实现蠕虫式感染和勒索。基于此威胁模型,实现了ICSGhost——一种勒索蠕虫原型。在封闭的实验环境中,ICSGhost能够以预设的攻击路径对ICS进行蠕虫式感染;同时,针对该勒索蠕虫威胁,讨论了防御方案。实验结果表明此种威胁切实存在,并且由于其传播路径基于ICS实际的开发场景,较难检测和防范。Industrial Control System（ICS） is widely used in critical infrastructure projects related to the national economy and people＇s livelihood such as power generation, transmission and distribution, petrochemical industry, water treatment and transmission. Large-scale attack on ICS is a huge threat to critical infrastructure. At present, the proposed ransomware worm for ICS is limited by the isolation characteristics of industrial control network, and it is difficult to spread on a large scale.Based on the observed actual development scene of ICS, in order to solve the problem of high isolation for ICS, a novel ransomware worm threat model with a new attack path was proposed. Firstly, the engineer station was taken as the primary infection target. Then, the engineer station was used as the springboard to attack the industrial control devices in the internal network. Finally, the worm infection and ransom were realized. Based on the proposed threat model, ICSGhost, which was a ransomware worm prototype, was implemented. In the closed experimental environment, ICSGhost can realize worm infection for ICS with a predetermined attack path. At the same time, for the ransomware worm threat, the defense plan was discussed.The experimental results show that such threat exists, and because its propagation path is based on the actual development scene of ICS, it is difficult to detect and guard against.

关 键 词：工业控制系统 蠕虫 勒索软件 网络犯罪 安全威胁 

分 类 号：TP273[自动化与计算机技术—检测技术与自动化装置] TP309[自动化与计算机技术—控制科学与工程]