卷接设备IPC控制系统网络安全监测模型的构建  被引量：5

作　　者：倪雄军[1] 李健俊[2] 李钰靓[3] 文德明[4] 姜学峰[2] 张益南 李威[2] 张晓东 NI Xiongjun;LI Jianjun;LI Yuliang;WEN Deming;JIANG Xuefeng;ZHANG Yinan;LI Wei;ZHANG Xiaodong(Production Management Department,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310008,China;Information Center,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310008,China;Hangzhou Cigarette Factory,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310008,China;Changde Tobacco Machinery Co.,Ltd.,Changde 415000,Hunan,China;Hangzhou UWNTEK Automation System Co.,Ltd.,Hangzhou 311107,China)

机构地区：[1]浙江中烟工业有限责任公司生产管理部,杭州市310008 [2]浙江中烟工业有限责任公司信息中心,杭州市310008 [3]浙江中烟工业有限责任公司杭州卷烟厂,杭州市310008 [4]常德烟草机械有限责任公司,湖南省常德市415000 [5]杭州优稳自动化系统有限公司,杭州市311107

出　　处：《烟草科技》2022年第1期99-106,共8页Tobacco Science & Technology

基　　金：浙江中烟工业有限责任公司科技项目“卷接设备电控系统深度安全技术研究与应用”(ZJZY2020E002)。

摘　　要：为解决卷接设备IPC控制系统因内部缺失防护措施而存在安全隐患等问题,通过分析IPC(Industrial Personal Computer)控制系统的安全漏洞和攻击路径,采用构建控制系统典型攻击链模型的方法,设计了系统网伪控制指令安全监测、IPC控制器非侵入式安全监测、控制网异常控制行为安全监测3个安全监测模块,结合数据无扰采集和安全风险预警技术,构建了能够覆盖卷接设备核心控制设备和通信网络的A3MA(Acquisition-Monitoring-Monitoring-Monitoring-Alarm)安全监测模型。以ZJ17E卷接机组的IPC控制系统为对象进行测试,结果表明:A3MA安全监测模型能够快速发现系统网伪控制指令行为,快速定位针对IPC控制器的未授权篡改行为,快速识别EtherCAT控制网的异常控制行为。该模型可为实现卷接设备IPC控制系统的多层安全监测提供技术支持。In order to overcome the hidden security troubles in the IPC control system of filtered cigarette maker in the absence of internal protection measures,the security holes and attacked routes of the IPC control system were analyzed and three security monitoring modules were designed by means of developing a typical attack chain model for the control system.The first module was designed for the security monitoring of pseudo instruction of the system network.The second module was designed for the non-intrusive security monitoring of the IPC controller,and the third module was designed for monitoring the abnormal control behavior of the control network.Thereby,an A3MA(Acquisition-Monitoring-Monitoring-Monitoring-Alarm)security monitoring model,which covered the IPC core controller and core communication network of the cigarette maker was configured by integrating with disturbance-free data acquisition and security risk early-warning.The security monitoring model was tested on an IPC control system in a ZJ17E cigarette maker,the results showed that the A3MA security monitoring model could rapidly discern the behaviors of pseudo-control instructions in the system network,rapidly locate the unauthorized tampering behaviors targeting IPC controller and rapidly identify the abnormal control behaviors of EtherCAT control network.This model provides a technical support for the multi-layer security monitoring of IPC control system in filtered cigarette maker.

关 键 词：卷接设备 IPC控制系统 安全漏洞 攻击路径 A3MA安全监测模型 

分 类 号：TS433[农业科学—烟草工业]