工控网络局域可信计算环境构建方法与验证  被引量：10

作　　者：尚文利[1,2,3,4] 张修乐 刘贤达 尹隆[1,2,3,4] SHANG Wenli;ZHANG Xiule;LIU Xianda;YIN Long(Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang Liaoning 110016;Faculty of Automation and Electrical Engineering,Shenyang Ligong University,Shenyang Liaoning 110159,China;Institutes for Robotics and Intelligent Manufacturing,Chinese Academy of Sciences,Shenyang Liaoning 110016,China;Key Laboratory of Networked Control Systems,Chinese Academy of Sciences,Shenyang Liaoning 110016,China;University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院沈阳自动化研究所,辽宁沈阳110016 [2]中国科学院机器人与智能制造创新研究院,辽宁沈阳110016 [3]中国科学院网络化控制系统重点实验室,辽宁沈阳110016 [4]中国科学院大学,北京100049 [5]沈阳理工大学自动化与电气工程学院,辽宁沈阳110159

出　　处：《信息网络安全》2019年第4期1-10,共10页Netinfo Security

基　　金：国家自然科学基金面上项目[61773368];国家电网公司科技项目[52110118001H];中国科学院战略性先导科技专项[XDC02000000]

摘　　要：工业控制系统终端设备层信息安全防护能力相对薄弱,构建工控设备层局域可信计算环境对于大幅度提高工业控制系统信息安全防护能力具有重要意义。文章提出基于可信PLC的工控网络安全应用设计,从终端控制设备的安全问题入手,完成对设备自身及其所在网络的安全防护,构建高安全、高可信的工控网络运行环境。仿真实验结合可信PLC和工控系统专用安全产品等,搭建工控网络局域可信计算架构,验证可信PLC可信启动过程,引导可信PLC进行安全功能数据交换。使用基于深度信念网络的异常检测模型,对可信计算环境下的正常通信数据和遭受模拟攻击的数据进行检测。对比实验结果验证了工控网络局域可信计算环境的安全性和可信性。The information security protection capability of terminal system layer of industrial control system is relatively weak.Constructing the trusted computing environment of the local industrial control equipment layer is of great significance for greatly improving the information security protection capability of industrial control system.This paper proposes the design of industrial control network security application based on trusted PLC.Starting from the security problem of terminal control equipment,the application design completes the security protection of the equipment itself and its network,and constructs high-security and high-trusted industrial control network operating environment.The simulation experiment combines the trusted PLC and the special safety products of industrial control system to build the local trusted computing architecture of industrial control network,verify the trusted start-up process of trusted PLC,and guide the trusted PLC to exchange the security function data.The anomaly detection model based on deep belief network is used to detect the normal communication data and the data subjected to the simulated attack in the trusted computing environment.The experimental results verify the security and credibility of the local trusted computing environment of industrial control network.

关 键 词：工业控制系统 可信PLC 可信计算环境 深度信念网络 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]