工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差.为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻击研究面向ICS,建立一种隐蔽的FDI攻击模型,可以在不影响ICS正常通信情况下注入虚假数据篡改监控变量.遵循该攻击模型,在煤制甲醇仿真工厂进行了验证实验,证明威胁切实存在,且难以察觉;同时,分析了威胁的严重性并讨论了防御措施.
Abstract
The security assurance capabilities of industrial control systems(ICS)have a very uncoordinated contrast with their important status related to national economy and people's livelihood.To reveal the potential attack structure and methods of ICS,aimed to make ICS defense strategy research more practical and targeted,the research on false data injection(FDI)attack was oriented towards ICS,a kind of covert FDI attack model was created.The false data could be injected in ICS to tamper monitoring variables without affecting the normal communication of ICS.Following the attack model,a verification experiment in the simulation factory of coal-to-methanol shows that the threat actually exists and is difficult to detect.At the same time,the seriousness of the threat is analyzed and the defense measures are discussed.
关键词
FDI攻击/工控协议/ARP欺骗/Ettercap/Wireshark
Key words
FDI attack/Industrial control protocol/ARP spoofing/Ettercap/Wireshark
维普
万方数据