Research On Key Technology Of Industrial Control System Security Situational Awareness

With the combination of industry and information technology,data transmission environment of industry control system has changed from traditional physical isolated industry Ethernet to open internet,but its incomplete network security system has also brought huge security risks to communication transmission.Therefore,security situational awareness of industrial control devices or systems on the Internet has great practical significance in many key fields such as industry production,national economy and national defense.This thesis does research on communication environment in the industry control system Internet,analyzes loopholes in current industry control equipment and protocols.Starting from industry network situation security awareness model,this thesis discusses situation security awareness technology based on DPDK network data platform.This thesis takes three aspects of network security situation awareness as main research content: extraction strategy,high frequency sending and receiving management of protocol packets,management of awareness data storage and situation generation.In the research of extracting network security situation awareness information,this thesis optimizes the perceptual scanning strategy of situation information extraction in perceptual model.In order to overcome the shortcomings of the traditional perceptual scanning strategy,this thesis proposes a optimization strategy of network security situation awareness,this strategy is based on generalized Arnold scrambling algorithm.Compared with traditional awareness scanning strategy,which is inefficient in global perception and overdose intensity in same IP address segment.Take use of flexible outputs of generalized Arnold coefficient matrix,aware network security situation of full domain IP addresses using scrambling algorithm.Experiment proves that this method improves overall awareness efficiency and reduces perceived frequency and intensity of targets in the same IP or continuous IP address segment.Dealing with the problem of managing and extracting large-scale awareness messages,this thesis compares DPDK with different data capturing platforms and adopts DPDK as manage platform of high concurrency data receiving and sending.On the basis of discussing and analyzing security of common industry communication protocols,uses DPDK to construct industry user protocol stack,compared with traditional Linux kernel protocol stack,this industry user protocol stack uses polling mechanism to reduce the number of interrupts under the mass message scheduling,uses huge pages to improve memory usage efficiency,takes use of CPU affinity to avoid extra context switching and zero-copy technology to speed up data processing.This method not only improves overall packet awareness concurrency and speed,but also has benefits to classified processing data.For packet matching speed under high concurrency,this paper proposes a local perfect hash algorithm based on the proposed awareness optimization strategy,which can meet matching speed requirement of large-scale data packets with less resource occupation.Finally,aiming at the problem of awareness data storage and situation information generation,this thesis uses multi-level directory management approach to build overall storage framework.In order to extract the data content and generate the situation information conveniently,this thesis stores the file name and file format in a customized format.During practice use,it is easy to implement and operate the storage and retrieval method.