簡易檢索 / 詳目顯示

回結果列表
研究生: 劉宗晁
Liu, Zong-Chao
論文名稱: 基於水壩工業控制系統的安全評估與防禦機制
Security Assessment and Defense Mechanism of Dam Industrial Control System
指導教授: 李忠憲
Li, Jung-Shian
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 英文
論文頁數: 79
中文關鍵詞: 共通準則安全評估工業控制系統水壩異常偵測
外文關鍵詞: Common Criteria, Security Assessment, SCADA Security, Dam, Anomaly detection
相關次數: 點閱:59下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 由於技術的進步,諸如電網和水庫之類的設備也將連接到網路,這將對我們的現代生活產生至關重要的影響。設備將由用於監督控制和數據採集(SCADA)系統的關鍵基礎設施控制。儘管使用網路會帶來便利,但也會引起網路攻擊的風險。也有很多情況發生在工業控制系統上的網路攻擊,實際上對當地的主要設施造成了嚴重傷害。這項研究以共通準則的形式評估了水壩系統的安全性,並制定了提高安全性的安全目標,並著重研究了工業控制系統上的網路攻擊。該模型重點關注水壩控制系統的威脅和風險。此外,我們使用共通準則來制定水壩在網路層的安全評估,最後再利用一種無監督學習算法來檢測這種環境中的惡意封包。

    關鍵字:共通準則,安全評估,工業控制系統安全,水壩,異常檢測

    Because of the advancement of technology, equipment such as power grids and reservoirs will also be connected to the network, which will have a crucial impact on our modern life. The equipment will be controlled by critical infrastructure for supervisory control and data acquisition (SCADA) systems. Although using the Internet brings convenience, it also causes the risk of cyberattacks. There are also many cases of cyber-attacks on industrial control system, which actually cause critical harm to major facilities on the ground.
    This research evaluates the security of the Dam system in the form of Common Criteria, and formulates security goals to improve this security, and focuses on the network attack vectors on the SCADA system. This model focus on threats and risks of Dam SCADA system. At last we use common criteria to formulate the security assessment of the dam at the network layer, and finally utilize an unsupervised learning algorithm to detect malicious packets in this environment.

    EXTENDED ABSTRACT II 誌謝 III CONTENTS IV FIGURE OF CONTENTS VII TABLE OF CONTENTS VIII 1. INTRODUCTION 1 1.1 RESEARCH MOTIVATION 1 1.2 RESEARCH PURPOSE 3 1.3 RESEARCH CONTRIBUTION 4 1.4 RESEARCH ARCHITECTURE 5 2. RELATED WORK 6 2.1 ICS CYBERATTACKS ARCHITECTURE 6 2.2 INDUSTRIAL CONTROL SYSTEM RELATED VULNERABILITY 10 Web Application Potentially Vulnerable to Clickjacking 10 Cryptographic Issues 10 Modbus/TCP Coil, Register Access 11 Dam Host RPC Request Handling Vulnerability 11 Web Server Directory Traversal Arbitrary File Access 11 2.3 INDUSTRIAL CONTROL SYSTEM RELATED ATTACKS 13 Reconnaissance Attack 13 Response Injection Attack 13 Command Injection Attack 14 Clickjacking Attack 14 Physical False Data Injection Attack 15 2.4 ICS DETECTION RELATED WORK 16 3. COMMON CRITERIA OF THE DAM SYSTEM 18 3.1 INTRODUCTION OF THE COMMON CRITERIA 19 3.1.1. ST reference 19 3.1.2. TOE reference 19 3.1.3. TOE overview 19 3.1.4. TOE Environment 21 3.1.5. TOE Description 22 3.1.6. TOE Document 23 3.2. CONFORMANCE CLAIMS 24 3.2.1. CC conformance claims 24 3.2.2. PP claim 24 3.2.3. Package claim 24 3.2.4. Conformance claim rationale 25 3.3 SECURITY PROBLEM DEFINITION 25 3.3.1. Description of assets 25 3.3.2. Threats 25 3.3.3 Organizational Security Policy 26 3.3.4 Assumption 27 3.4 SECURITY OBJECTIVES 28 3.4.1 Security Objectives for The TOE 28 3.4.2 Security Objectives for The Operational Environment 29 3.4.3 Security Objectives Rationale 30 3.5. EXTENDED COMPONENTS DEFINITION 36 3.5.1 Security Functional Requirements 36 3.6 SECURITY REQUIREMENTS 37 3.6.1 SECURITY FUNCTIONAL REQUIREMENTS 37 3.6.1.1 Security Audit (FAU) 38 3.6.1.2 User Data Protection (FDP) 39 3.6.1.3 Identification and Authentication (FIA) 39 3.6.1.4 Security Management (FMT) 40 3.6.1.5 Protection of the TSF (FPT) 40 3.6.1.6 TOE Access (FTA) 41 3.6.1.7 Trusted Path/Channels (FTP) 41 3.6.2 SECURITY ASSURANCE REQUIREMENTS 42 3.6.3 SECURITY REQUIREMENTS RATIONALE 43 3.6.3.1 Security Functional Requirements Rationale 43 3.6.3.2 SFR Rationale Related to Security Objectives 44 3.6.3.3 Dependency Rationale 47 3.7 TOE SUMMARY SPECIFICATION 48 3.7.1 TOE Security Functions 48 3.7.2 Security Audit 48 3.7.3 User Data Protection 49 3.7.4 Identification and Authentication 50 3.7.5 Security Management 51 3.7.6 Protection of The TSF 51 3.7.7 Security Management 52 4. SYSTEM ARCHITECTURE 53 4.1 INTRODUCTION OF THE DATASET 54 4.1.1 The Dam SCADA Network Dataset 54 4.1.2 SCADA Network Datasets for intrusion detection research 54 4.2 DATA PRE-PROCESSING 55 4.2.1 Feature Normalization 56 4.2.2 One-Hot Encoding 56 4.2.3 Auto-Encoder 57 4.3 FEATURE EXTRACTION 59 4.3.1 N-gram 59 4.3.2 TF-IDF 60 4.4 CLASSIFICATION METHOD 62 4.4.1 Hierarchical Clustering 62 4.4.2 Local Outlier Factor 65 4.5 MODEL ARCHITECTURE 68 5. EXPERIMENTAL RESULTS 70 5.1 RESEARCH ENVIRONMENT AND RELATED EVALUATION FACTORS 71 5.2 FEATURE EXTRACTION COMPARISON 73 6. CONCLUSION 76 REFERENCES 77

    [1] Henry, "台積電受變種 WannaCry 病毒入侵," 6 8 2018. [Online]. Available: https://buzzorange.com/techorange/2018/08/06/tsmc-internet-security-makes-factory-shutdown/. [Accessed 1 6 2020].
    [2] R. Langner, "Stuxnet: Dissecting a Cyberwarfare Weapon," IEEE Security & Privacy, vol. 9, no. 3, pp. 49-51, 2011.
    [3] Robert M. Lee, Michael J. Assante, Tim Conway, Analysis of the cyber attack on the Ukrainian power grid, Washington, DC USA, 2016.
    [4] 李宗翰, "強化關鍵基礎設施的網路安全, 企業參考架構," 13 12 2017. [Online]. Available: https://www.ithome.com.tw/news/119553. [Accessed 15 6 2020].
    [5] Stouffer, K. , Falco, J., & Scarfone, K., Guide to industrial control systems (ICS) security., USA: NIST, 2015.
    [6] M. Balderson, "Purdue Enterprise Reference Architecture," 25 4 2019. [Online]. Available: https://www.linkedin.com/pulse/purdue-enterprise-reference-architecture-pera-michelle-balderson. [Accessed 16 6 2020].
    [7] Upadhyay, Darshana, and Srinivas Sampalli, "SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations," Computers & Security, vol. 89, pp. 101666-101684, 2020.
    [8] A. T. Tunggal, "Common Vulnerabilities and Exposures," 20 5 2020. [Online]. Available: https://www.upguard.com/blog/cve. [Accessed 26 6 2020].
    [9] D. Pawade, D. Reja, A. Lahigude and E. Johri, "Implementation of Extension for Browser to Detect Vulnerable Elements on Web Pages and Avoid Clickjacking," in 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence), Noida, India, Jan, 14-15, 2016.
    [10] B. Chen, N. Pattanaik, A. Goulart, K. L. Butler-purry and D. Kundur, "Implementing attacks for modbus/TCP protocol in a real-time cyber physical system test bed," in 2015 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), Charleston, South Carolina, USA, May, 11-14, 2015.
    [11] "Vulnerability in Remote Procedure Call Could Allow Remote Code Execution," Microsoft, 21 6 2014. [Online]. Available: https://support.microsoft.com/zh-tw/help/982802/ms10-066-vulnerability-in-remote-procedure-call-could-allow-remote-cod. [Accessed 11 6 2020].
    [12] D. traversal, "Directory traversal, What is directory traversal?," PortSwigger, [Online]. Available: https://portswigger.net/web-security/file-path-traversal. [Accessed 20 6 2020].
    [13] M. Wakchaure, S. Sarwade and I. Siddavatam, "Reconnaissance of Industrial Control System by deep packet inspection," in IEEE International Conference on Engineering and Technology (ICETECH), Coimbatore, Tamil Nadu, India, Mar, 17-18, 2016.
    [14] T. Tai, "如何使用ARP欺騙技術進行中間人攻擊," [Online]. Available: https://www.uuu.com.tw/Public/content/article/20/20200217.htm. [Accessed 10 6 2020].
    [15] S. Chakrabarty and B. Sikdar, "Detection of Malicious Command Injection Attacks on Phase Shifter Control in Power Systems," IEEE Transactions on Power Systems, p. (Early Access) doi:10.1109/TPWRS.2020.3008184, 2020.
    [16] Tony, "ClickJacking的駭客攻擊方法," 11 9 2015. [Online]. Available: https://www.qa-knowhow.com/?p=2944. [Accessed 20 6 2020].
    [17] A. Chattopadhyay and U. Mitra, "Security Against False Data-Injection Attack in Cyber-Physical Systems," IEEE Transactions on Control of Network Systems, vol. 7, no. 2, pp. 1015-1027, 2020.
    [18] Chih-Yuan Lin, Simin Nadjm-Tehrani, and Mikael Asplund, "Timing-based Anomaly Detection in SCADA Networks," in Critical Information Infrastructures Security, Lucca, Italy, Oct 8-13,2017.
    [19] K. Meir, "Cyber-attack detection in SCADA systems using temporal pattern recognition techniques," Computers & Security, vol. 84, pp. 225-238, 28 5 2019.
    [20] 國家通訊傳播委員會, "通訊傳播法規解釋," 25 6 2012. [Online]. Available: https://ncclaw.ncc.gov.tw/FLAW/FLAWDOC01.aspx?id=FL076355&flno=5. [Accessed 25 6 2020].
    [21] Antoine Lemay , José M. Fernandez and École Polytechnique de Montréal, "Providing SCADA network data sets for intrusion detection research," in Usenix on cyber security, Austin, Texas, USA, Aug, 8, 2016.
    [22] "資料前處理," 16 12 2016. [Online]. Available: https://ithelp.ithome.com.tw/articles/10186204. [Accessed 22 6 2020].
    [23] ITREAD, "python資料預處理:資料標準化," 26 11 2018. [Online]. Available: https://www.itread01.com/content/1543176304.html. [Accessed 20 6 2020].
    [24] G. Gledec, R. Šoić and Š. Dembitz, "Dynamic N-Gram System Based on an Online Croatian Spellchecking Service, vol. 7, pp. 149988-149995," IEEE Access, vol. 7, pp. 149988-149995, 2019.
    [25] Taufik Fuadi Abidin, Ridha Ferdhiana, "Algorithm for updating n-grams word dictionary for web classification," in 2016 International Conference on Informatics and Computing (ICIC 2016), Mataram, Indonesia, October 28-29, 2016.
    [26] Edward Raff, Richard Zak, Russell Cox, Jared Sylvester, Paul Yacci, Rebecca Ward, Anna Tracy, Mark McLean & Charles Nicholas, "An investigation of byte n-gram features for malware classification," Journal of Computer Virology and Hacking Techniques, vol. 14, pp. 1-20, 2018.
    [27] S. E. Robertson, "Understanding Inverse Document Frequency:On theoretical arguments for IDF," Journal of Documentation, vol. 60, no. 5, pp. 503-520, 2004.
    [28] S. Park and Y. B. Park, "Photovoltaic power data analysis using hierarchical clustering," in International Conference on Information Networking (ICOIN), Chiang Mai, Thailand, Jan 10-12, 2018.
    [29] Z. Gan and X. Zhou, "Abnormal Network Traffic Detection Based on Improved LOF Algorithm," in 10th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), Hangzhou, China, Aug 25-26, 2018.

    下載圖示 校內:2025-06-01公開
    校外:2025-06-01公開
    QR CODE