Research On Edge Service Security Technology Of Industrial Control System

In recent years,the rapid development of information technology and the introduction of new concepts such as "Internet +" and "Industry 4.0" have made the industrial control systems that were originally isolated in a state more exposed to the external Internet environment.Harmful incidents of attacks on industrial control systems have also intensified.The information security research of industrial control systems has become unstoppable,and security protection design on the edge server is one of the important research directions.In order to protect the edge service of industrial control system from being attacked by the external Internet,this thesis aims to study the information security protection technology of edge service of industrial control system,and design and realize the security protection of industrial control edge service system.The main research contents are as follows:First of all,for the system architecture of the edge service of the industrial control system,the security threats faced by the communication system of the data control layer and the processing layer are studied.The analysis focuses on the characteristics and vulnerabilities of the Modbus TCP communication protocol used for Ethernet transmission in industrial control systems,and the security vulnerabilities of the MQTT communication protocol used by the communication system between the industrial control edge processing layer and the cloud processing layer.Secondly,for the data communication security of the upper and lower computers of the industrial control system,the main research is on the security of Ethernet transmission.The abnormal behavior of the Modbus TCP communication protocol is summarized into three categories,namely,illegal protocol messages,denial of service attacks,and scanning threat services.Each type of feature rules that can be used for detection are described in detail,and a total of 12 abnormalities are summarized.behavior.Therefore,at the edge server of the industrial control system,a Snort-based abnormal traffic intrusion detection method is designed to monitor the data communication network of the upper and lower computers in real time,and alarm at any time when abnormal behavior occurs.Then for the communication system between the edge service and the cloud service,the RSA asymmetric encryption algorithm is studied and the encryption program is developed at the edge;the plaintext data packet in the MQTT communication is encrypted and protected by the secure transport layer protocol TLS,and the edge service side is designed Authentication and authorization management of client identity.From these three aspects,to defend against data tampering,theft and man-in-the-middle attacks,so as to ensure the security of the communication between the edge of the industrial control system and the Internet cloud.Finally,the above-mentioned security protection technologies are tested to verify the feasibility of the designed industrial control system Snort intrusion detection and the communication encryption from the edge processing layer to the cloud processing layer.This ensures that the communication process of data from the industrial control system Ethernet transmission to the edge processing layer to the cloud processing layer is encrypted,safe and stable.