基于工控通信模式的层次识别方法  被引量：1

作　　者：孙蒙蒙 刘贤达 盛川[2,3,4] 刘欢 SUN Mengmeng;LIU Xianda;SHENG Chuan;LIU Huan(College of Information Engineering,Shenyang University of Chemical Technology,Shenyang 110142,China;Key Laboratory of Networked Control Systems,Chinese Academy of Sciences,Shenyang 110016,China;Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang 110016,China;Institutes for Robotics and Intelligent Manufacturing,Chinese Academy of Sciences,Shenyang 110169,China)

机构地区：[1]沈阳化工大学信息工程学院,辽宁沈阳110142 [2]中国科学院网络化控制系统重点实验室,辽宁沈阳110016 [3]中国科学院沈阳自动化研究所,辽宁沈阳110016 [4]中国科学院机器人与智能制造创新研究院,辽宁沈阳110169

出　　处：《现代电子技术》2023年第21期17-22,共6页Modern Electronics Technique

基　　金：国家重点研发计划(2021YFB2012400);中国科学院特别研究助理资助项目;辽宁省自然科学基金项目(2023⁃BS⁃028,2022⁃BS⁃030,2023JH2/101300202)。

摘　　要：工控资产探测可以为工控网络安全监控、工控威胁态势感知提供系统认知基础,在提高入侵检测系统的效率、安全威胁分析等方面也起到重要作用。作为工控资产探测的关键一步,设备层次识别能够有效构建控制系统层次结构,对后续识别设备的厂商、型号、版本等详细信息起着至关重要的作用。鉴于工业控制系统中控制通信数据流的持续性以及工控设备之间通信模式的稳定性等特点,提出一种基于工控设备间通信模式的层次识别方法,通过过滤出使用工控协议端口作为目的端口的网络流量,提取工控设备间的交互关系,提高设备层次识别的准确性。最后在4个公开数据集上进行实验,验证该方法能够有效地对典型工控系统中的设备进行层次划分,并且具有通用性。ICS(industrial control system)asset detection can provide a system cognition basis for industrial control network security monitoring and threat situation awareness.As a key step in industrial control asset detection,equipment hierarchy identi⁃fication can effectively build a control system hierarchy architecture,which plays a vital role in the subsequent identification of detailed information,such as manufacturer,model and version of the equipment.In view of the characteristics of the continuity of the control communication data flow and the stability of the communication mode among industrial control devices,a hierarchical identification method based on the communication mode among industrial control devices is proposed.By filtering out the network flow by taken the industrial control protocol port as the destination port,the interaction relationship among industrial control devices is extracted to improve the accuracy of device hierarchy identification.Finally,experiments are carried out on four public data sets.It is verified that the proposed method can effectively perform hierarchical division on the equipment in a typical industrial control system.In addition,the proposed method is universal.

关 键 词：层次识别 资产探测 工业控制系统 工控协议 联网设备 通信模式 网络流量 

分 类 号：TN918-34[电子电信—通信与信息系统] TP919[电子电信—信息与通信工程]