工业控制系统网络入侵检测方法综述

随着工业控制系统(industrial control systems,ICS)的网络化,其原有的封闭性被打破, 各种病毒、木马等随着正常的信息流进入ICS,已严重威胁ICS的安全性,如何做好ICS安全防护已迫在眉睫.入侵检测方法作为一种主动的信息安全防护技术可以有效弥补防火墙等传统安全防护技术的不足,被认为是ICS的第二道安全防线,可以实现对ICS外部和内部入侵的实时检测.当前工控系统入侵检测的研究非常活跃,来自计算机、自动化以及通信等不同领域的研究人员从不同角度提出一系列ICS入侵检测方法,已成为ICS安全领域一个热点研究方向.鉴于此,综述了ICS入侵检测的研究现状、存在的问题以及有待进一步解决的问题.

A survey of network intrusion detection methods for industrial control systems

With the networking of industrial control systems(ICS), its original closeness has been broken. Various viruses and Trojans have entered ICS with normal information flow, which has seriously threatened the security of ICS. Then, how to protect ICS security becomes an issue of prior importance. Intrusion detection, as an active information security protection technology, can effectively remedy the shortcomings of traditional security protection technologies such as firewalls. It is often considered as the second security line of ICS, and can realize real-time detection of external and internal intrusions of ICS. At present, the research of intrusion detection in industrial control systems is very active. Researchers from different fields, such as computer, automation and communication, have proposed a series of ICS intrusion detection methods from different perspectives, which has become a hot research direction in the field of ICS security. This paper briefly reviews the state-of-art of the ICS intrusion detection, the existing problems and the problems to be further solved.