核电工控网络流量审计关键技术研究  

作　　者：李红霞 刘元 权小康 颜元超 褚瑞 张宏亮 LI Hongxia;LIU Yuan;QUAN Xiaokang;YAN Yuanchao;CHU Rui;ZHANG Hongliang(CGN Digital Technology Co.,Ltd.,Shanghai 200241,China;Beijing WINICSSEC Technologies Co.,Ltd.,Beijing 100085,China)

机构地区：[1]中广核数字科技有限公司,上海200241 [2]北京威努特技术有限公司,北京100085

出　　处：《自动化仪表》2025年第2期34-39,共6页Process Automation Instrumentation

摘　　要：数字化控制系统(DCS)是核电厂的关键系统,而保障DCS的安全功能至关重要。对DCS的网络安全防护需要结合对DCS高可用性、高可靠性、高安全性的要求,为DCS建立“一个中心、三重防护”的网络安全纵深防御体系。针对“三重防护”中安全通信网络的防护,通常采用对网络流量进行旁路监控审计的方法。通过对以太网接口物理单向技术的研究,可以安全、可靠地获取DCS网络流量。通过对核电工控私有协议解析以及网络通信行为检测等技术的研究,可实现对DCS网络协议、网络通信行为以及工艺逻辑的实时监测及审计。网络流量监测审计技术可及时发现针对核电工控协议的特定攻击行为及偏离正常网络通信、正常工艺逻辑的异常操作行为,提升安全通信网络防护能力,且监测审计过程可保障对DCS正常业务无影响。核电工控网络流量监测审计技术已在多个核电项目获得工程应用,为相关行业的工控网络流量审计提供了良好的实践参考。Digital control system(DCS)is the key system of nuclear power plant,and it is crucial to ensure the safety function of DCS.The network security protection of DCS needs to be combined with the requirements of high availability,high reliability and high security of DCS,to establish a network security deep defense system of“one center,triple protection”for DCS.For the protection of the security communication network in the“triple protection”,the method of bypass monitoring and auditing of network traffic is usually adopted.Through the research of physical unidirectional technology of Ethernet interface,DCS network traffic can be obtained safely and reliably.Through the research of nuclear power industrial control private protocol analysis and network communication behavior detection and other technology,real-time monitoring and auditing of DCS network protocol,network communication behavior and process logic can be realized.The network traffic monitoring and auditing technology can timely detect specific attacks on nuclear power industrial control protocols and abnormal operation behaviors that deviate from normal network communication and normal process logic,improve the protection capability of secure communication networks,and the monitoring and auditing process can guarantee that there is no impact on the normal business of DCS.Nuclear power industrial control network traffic monitoring and auditing technology has been applied in several nuclear power projects,providing a good practical reference for industrial control network traffic auditing in related industries.

关 键 词：核电厂 工业控制系统 网络安全 工业协议解析 白名单 流量审计 

分 类 号：TH-7[机械工程]