Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSMReportar como inadecuado




Identification of ICS Security Risks toward the Analysis of Packet Interaction Characteristics Using State Sequence Matching Based on SF-FSM - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Security and Communication Networks - Volume 2017 2017, Article ID 2430835, 17 pages - https:-doi.org-10.1155-2017-2430835

Research Article

Institute of Cyber-Systems and Control, Zhejiang University, Hangzhou 310027, China

National Engineering Laboratory for Safety and Security Technology of Industrial Control System, Zhejiang University, Hangzhou 310027, China

State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou 310027, China

Correspondence should be addressed to Dongqin Feng

Received 3 November 2016; Revised 21 January 2017; Accepted 26 February 2017; Published 13 April 2017

Academic Editor: Mamoun Alazab

Copyright © 2017 Jianxin Xu and Dongqin Feng. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

This paper discusses two aspects of major risks related to the cyber security of an industrial control system ICS, including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine SF-FSM model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.





Autor: Jianxin Xu and Dongqin Feng

Fuente: https://www.hindawi.com/



DESCARGAR PDF




Documentos relacionados