工业控制系统勒索病毒分析及防护研究  

作　　者：莫小磊 苗勇 佟勇 童志明 隋天举 Mo Xiaolei;Miao Yong;Tong Yong;Tong Zhiming;Sui Tianju(Dalian University of Technology,Dalian 116000,China;Antiy Technology Group Co.,Ltd,Beijing 100000,China)

机构地区：[1]大连理工大学,大连116000 [2]安天科技集团股份有限公司,北京100000

出　　处：《数字化转型》2025年第2期75-85,98,共12页

基　　金：2023年产业基础再造和制造业高质量发展专项“工业互联网企业数据勒索攻击智能识别与风险响应系统”(项目编号:0747-2361SCCZA193);KGJ基础科研项目“5G航空JG应用安全增强模型与安全防护技术”(项目编号:JCKY2023110C080);大连市科技创新基金-应用基础研究“基于工业互联网的信息物理系统安全防护研究”(项目编号:2023JJ12GX014);航空科学基金项目“综合化互联航电系统网络安全”(项目编号:2022Z018063001)。

摘　　要：随着工业以太网、无线互联技术的发展,工业控制系统(ICS)已逐步摒弃原有独立、封闭的专有网络及通信协议,转而向开放、互联的网络格局演变,在推进工业企业数字化转型的同时,也带来了以太网固有的网络安全防护难题。以勒索病毒为代表的恶意网络攻击能对工控系统各层级、各节点、各设备发动攻击,严重威胁设备、财产、人员安全。本文针对工业控制系统勒索病毒攻击进行研究,重点对工控系统勒索病毒分类、特征、检测三方面进行分析和阐述,针对工控系统IT(信息技术)侧及OT(运营技术)侧低防护、弱隔离、多漏洞等不足,提出事前验证及管理、事后监测及识别的应对之策,为工业企业网络安全防护提供参考。With the development of industrial Ethernet and wireless communication technologies,Industrial Control Systems(ICS)have gradually moved away from their traditional independent and closed proprietary networks and communication protocols,evolving towards an open and interconnected network model.While this transition promotes the digital transformation of industrial enterprises,it also introduces inherent cybersecurity challenges associated with Ethernet.Ransomware,as a representative of malicious cyberattacks,can target various levels,nodes,and devices within ICS,posing significant threats to equipment,assets,and personnel safety.This paper investigates ransomware attacks on industrial control systems,focusing on three key aspects:classification,characteristics,and detection of ransomware in ICS.Addressing the shortcomings of IT(Information Technology)and OT(Operational Technology)sides,such as low defenses,weak isolation,and multiple vulnerabilities,we propose strategies for preemptive validation and management,as well as post-incident monitoring and identification.These recommendations aim to provide valuable insights for enhancing cybersecurity protections in industrial enterprises.

关 键 词：工业控制系统(ICS) 网络安全 勒索病毒 ATT&CK 

分 类 号：TP13[自动化与计算机技术—控制理论与控制工程]