工业防火墙的设计与规则学习方法研究
文献类型:学位论文
| 作者 | 雷艳晴
|
| 学位类别 | 硕士 |
| 答辩日期 | 2016-05-25 |
| 授予单位 | 中国科学院沈阳自动化研究所 |
| 导师 | 尚文利 |
| 关键词 | 工业控制系统 modbus tcp 工业防火墙 神经网络 规则学习 |
| 其他题名 | Industrial Firewall Design and Rule Learning Method Study |
| 学位专业 | 控制理论与控制工程 |
| 中文摘要 | 传统防火墙是专家根据经验事先设定好过滤规则,以实现工控系统的安全防护策略,其主要的缺点是,防火墙规则设置的大部分过程,如:数据包类型识别,日志文件分析,学习和规则生成都需要大量专业人士的参与,并且无法抵抗未知的网络攻击,难以适应实时变化的网络需求,因此,对新一代智能防火墙技术的研究应运而生。智能防火墙是传统防火墙技术与机器学习算法相结合的产物,不需要专业的知识储备,更有助于一般化使用,并且具有较好的自适应能力,能够根据对防火墙日志信息的分析,学习出新的防火墙规则集,从而能有效应对新的网络攻击,阻止非法访问。本论文重点研究基于Modbus通信协议的工业防火墙规则自学习算法。本论文首先阐述了工业控制系统体系架构、工控网络面临的安全漏洞,重点分析了Modbus通讯协议存在的设计缺陷和安全问题,详细介绍了防火墙技术的现有研究成果,深入研究了神经网络算法的优势与不足。利用改进的BP神经网络算法,在Linux操作系统下的Netfilter/Iptables框架内设计了一种针对Modbus TCP协议的工业防火墙规则自学习算法。通过神经网络的自学习和自适应能力,建立基于神经网络的防火墙规则自学习模型,使工业防火墙在复杂的工控网络环境中保持较好的适应能力,能根据学习获取新知识,形成新的行为模式,自动生成并更新规则库,减轻了管理员的工作负担,而且能够有效抵御新型未知的网络攻击。本文针对防火墙的性能,设计了测试方案,从规则自学习能力和防火墙整体性能两个方面进行了严格测试。实验结果表明,该系统能有效学习生成新规则,可以有效保障网络内的信息安全,并且防火墙性能也能达到要求。 |
| 英文摘要 | Traditional firewalls filtering rules are experts in pre-configured based on experience, in order to achieve security policy on industrial control system, its main drawback is that most of the process of setting firewall rules, such as: packet type identification, log file analysis, learning and rules generation need a lot of professionals involved, and can not resist the unknown network attacks in real time, is difficult to adapt to changing network demand, therefore, for a new generation of intelligent firewall technology research emerged. Intelligent firewall is the product of the traditional firewall technology combined with machine learning algorithms, does not require professional knowledge base, more conducive to generalized use, and has good adaptive capacity, according to the firewall log information analysis, learning the new firewall rule sets, which can effectively respond to the new network attacks, prevent unauthorized access. This article focuses on industrial firewall rules based on Modbus Protocol self-learning algorithm. This paper describes the architecture of industrial control systems, industrial control networks face security vulnerabilities, analyzes the design flaws and security issues exists in Modbus communication protocol, detailing the existing firewall technology research, in-depth study of the advantages and disadvantages of neural network algorithm. Using the improved BP neural network algorithm, within Netfilter / Iptables framework in the Linux operating system and devised a rules self-learning algorithm for industrial firewall on Modbus TCP protocol. Through self-learning and adaptive ability of neural network, the firewall establish rules self-learning model, so that industrial firewall to maintain a good ability to adapt in a complex industrial network environment, can acquire new knowledge based on learning the formation of new behavior mode, automatically generate and update the rule base, reducing administrator workload, and can be effective against new, unknown attacks. In this paper, we design a rigorous test program for the performance of the firewall, from both the rules self-learning ability and overall performance of the firewall. Experimental results show that the system can learn to generate new rules, effective within the network information security, and firewall performance can meet the requirements. |
| 语种 | 中文 |
| 产权排序 | 1 |
| 页码 | 67页 |
| 源URL | [http://ir.sia.cn/handle/173321/19613]  |
| 专题 | 沈阳自动化研究所_工业控制网络与系统研究室 |
| 推荐引用方式 GB/T 7714 | 雷艳晴. 工业防火墙的设计与规则学习方法研究[D]. 中国科学院沈阳自动化研究所. 2016. |
入库方式: OAI收割
来源:沈阳自动化研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。