针对工业控制网络(Industrial Control Network,ICN)远程接入场景下未经授权访问、拒绝服务攻击、欺骗攻击以及信息披露等安全问题,通过STRIDE威胁建模方法对该场景下的潜在威胁进行分析,提出一种基于动态贝叶斯博弈的接入检测框架.该方法能够将试图接入ICN的非法、恶意请求筛选出来并阻断,同时利用持续进行的多轮博弈迭代以及SDN灵活动态的特性对策略参数进行实时调整,以防止相同恶意接入源的再次访问.仿真实验结果表明,随着博弈轮数的增加,相比于现有的两类恶意接入防御方法,该框架的检测准确性提升了 3%以上,假阳性比例下降了 1.2%以上,检测效率提升了 14.7%以上,且具有较好的鲁棒性.
Study on Malicious Access Detection in Industrial Control Networks Based on Dynamic Bayesian Games
In view of security issues such as unauthorized access,denial of service attacks,spoofing attacks and information disclo-sure in the remote access scenario of industrial control network(ICN),the STRIDE threat modeling method is used to analyze the potential threats in this scenario.An access detection framework based on dynamic Bayesian game is proposed.This method can screen and block illegal and malicious requests trying to access the ICN.At the same time,it uses the continuous multiple rounds of game iterations and the flexible and dynamic characteristics of SDN to adjust the policy parameters in real time to prevent the same malicious access source from being accessing again.Simulation experimental results show that as the number of game rounds increases,compared with the existing two types of malicious access defense methods,the detection accuracy of this framework in-creases by more than 3%,the false positive rate decreases by more than 1.2%,the detection efficiency has improved by more than 14.7%,and it has good robustness.
Industrial control networkSoftware-defined networkDynamic Bayesian gameMalicious access detection
万方数据
维普
