ارائه يك روش نوين تشخيص نفوذ مبتني بر ناهنجاري در شبكه هاي كنترل صنعتي

چكيده انگليسي :

A Novel Approach For Detecting Anomalies In Industrial Networks Hamed Farsi h farsi@ec iut ac ir June 13 2016 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language Farsi Supervisor Prof Ali Fanian a fanian@cc iut ac ir Abstract Industrial control systems is the core part of infrastructures such as power grid nowadays with enhancement in tech nology the need for centralized control over infrastructures is intensified For this reason there is a rising trend to extractindustrial networks from isolation and connect them to public networks such as internet There are some advantages in con necting industrial networks to public networks such as various control network interconnection via WAN remote controlover control networks and adoption to TCP IP stack One important disadvantage of connecting industrial networks to pub lic network is security degradation which is unacceptable for industrial networks which control critical infrastructures As aresult control networks become more vulnerable to cyber attacks and being exposed to the same threats that make suffer ITnetworks For this reasons securing industrial networks become very important However public networks and industrialnetworks are inherently different and security strategies which are used in public networks cannot be adopted to industrialnetworks One of the network security elements is intrusion detection system Intrusion detection systems are deployed innetworks and detect intrusions and attacks by means of analyzing network traffic In this thesis a comprehensive intrusiondetection system for Modbus TCP networks is proposed with the consideration of security differences between industrialnetwork and public networks in mind The proposed intrusion detection system is a state based intrusion detection anddesigned with this principle in mind that during stable situation industrial network status is not changed significantly Theproposed intrusion detection system triggers an alarm when state of the process changes The proposed comprehensivedetection system comprises three complementary components first component is state based intrusion detection which de tects transformation in process state Second component is critical state detection which determines whether the processstate is in critical hypervolume or not and the third component is anomaly origin detection which determines the processvariable that causes anomaly For evaluating effieciency of proposed approche a boiler control system is simulated and testdatasets are provided from this simulation Proposed intrusion detection system evaluated through these datasets Resultsshow that proposed approch is highly efficient for detecting these anomalies Key Words Intrusion Detection System Industrial Networks Modbus TCP anomaly Detection

فارسي، حامد

ارائه يك روش نوين تشخيص نفوذ مبتني بر ناهنجاري در شبكه هاي كنترل صنعتي

مدباس