Response method for industrial control system network attack based on virtual operation and state transition

Abstract

The invention provides an industrial control system network attack response method based on virtual operation and state transition. In the abnormal state of the industrial control system, the method proposes a recovery mechanism based on state transition, which is used for timely recovery of on-site equipment after the industrial control system is attacked. Normal operation; at the same time, an isolation mechanism based on virtual operation is proposed to isolate field devices after the industrial control system is attacked and avoid further malicious control. These two mechanisms are completed through the internal data exchange center and external data exchange center of the industrial control system. Match and trigger. The recovery mechanism ensures that the industrial control system will not lose its operating capability or cause serious consequences after an abnormality occurs; the isolation mechanism ensures that after the external control center of the industrial control system is invaded and controlled by the network, the field equipment will not be continuously affected. The further impact of the wrong instructions issued improves the cyber attack response capability of the industrial control system.

Description

technical field [0001] The invention relates to the network security problem of control loss after an industrial control system is attacked by a network, in particular to a method for responding to a network attack of an industrial control system based on virtual operation and state transition. Background technique [0002] Industrial control system (referred to as industrial control system) is an automatic control system used in industrial fields such as energy, water supply, and industrial automation. Based on the data obtained from the remote site, the industrial control system analyzes the operation of the field equipment, and according to the pre-designed response strategy, sends the corresponding control instructions to the field equipment to monitor and ensure the normal operation of the field equipment. Today, industrial control systems are combined with Ethernet and a common operating system is introduced, which significantly improves work efficiency and openness. ...

AI Technical Summary

Problems solved by technology

These methods have a certain effect on defending against network attacks, but since only the monitoring and defense of network attacks are considered, once the defense is breached and the intruder has begun to interfere with the normal operation of the field equipment, how to effectively protect the field Equipment suffers as little damage as possible and is protected from continuous attack hazards.

In fact, the role of defense strategies is often limited. If an industrial control system does not have an effective strategy to restore and isolate the system in time after the defense is breached, it is very likely that the intruder will take the initiative or further attack through continuous attacks. Extend the loss

Images