Review of KIISC (정보보호학회지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지

스마트 제조 환경에서의 이상징후 탐지 기술 현황

  • 김기현 ((주)앤앤에스피 부설연구소)
  • Published : 2019.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

4차 산업혁명이 본격화됨에 따라 스마트 제조 환경으로 변화하면서 제조 공장은 설비제어가 자동화되고 산업용 이더넷과 TCP/IP 기반으로 네트워크 연결되어 통합 운영되고 있으며 본사 비즈니스망의 MES, ERP, PLM 등과 연계되면서 랜섬웨어 등 악성코드 유입 및 외부 사이버 공격으로부터의 보안 위협이 높아지고 있다. 본 논문에서스마트 제조 공장에 대한 사이버 침입을 탐지하고 대응하기 위해 스마트 제조 환경에서의 이상징후 탐지 기술 현황을 분석한다. 먼저 ICS(Industrial Control System)에 대한 이상징후 탐지를 위해 ICS 위협 경로를 분석하고 스마트 제조 네트워크에서 사용되는 산업용 이더넷 프로토콜을 살펴본다. 다음으로 국내 제어망 이상징후 탐지 체계 구축 동향을 분석하고 제어망 이상징후 탐지 기술을 분류한다. 마지막으로 (주)앤앤에스피에서 과학기술정보통신부 과제로 수행하고 있는 "선제적인 제조공정 이상징후 인지" 연구과제의 수행 현황을 살펴본다.

Keywords

References

  1. ICS-CERT Homepage, Control Systems Vulnerabilities and Attack Paths, https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities
  2. D. Formby, S. Durbha, R. Beyah, "Out of Control: Ransomware for Industrial Control Systems", RSA Conference, 2017.
  3. E.M. Hutchins, M.J. Cloppert and R.M Amin "Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains," Proc. 6th Int'l Conf. Information Warfare and Security (ICIW 11), Academic Conferences Ltd., pp. 113-125, 2010.
  4. Michael J. Assante and Robert M. Lee, The Industrial Control System Cyber Kill Chain, SANS Institute, Oct. 2015.
  5. E-ISAC, SANS, Analysis of the Cyber Attack on the Ukrainian Power Grid - Defense Use Case. March 18, 2016.
  6. 권대욱, Smart Factory 구현을 위한 Engineering Model-제어 Engineering 기반 기술, 계장기술, pp.90-85, 2018. 07.
  7. Max Felser, Hans Doran, Gunnar Prytz, "Overview of Real-Time Ethernet solutions", 2010 IEEE International Conference, ETFA - Workshop, Sep. 2010.
  8. Micheal H., Barbara F., Challenges for IDS/IPS Deployment in Industrial Control Systems, SANS Institute InfoSec Reading Room, Jul. 2015.
  9. 김희민, 장엽, 윤정한, 최승오, 김우년, 박상우, 화이트리스트를 이용한 제어시스템의 보안관제 방법 및 이를 위한 시스템, 대한민국 등록특허 10-1871406, 2018.06.
  10. Mitchell R and Chen IR., "A survey of intrusion detection techniques for cyber-physical systems", ACM Comput Surv, 46(4), 55, 2014.
  11. Y. Hu, A. Yang, H. Li, Y. Sun, and L. Sun, "A survey of intrusion detection on industrial control systems", International Journal of Distributed Sensor Networks, vol.14, no.8, 2018.
  12. Morris T, Vaughn R and Dandass Y., "A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems", Proceeding of 45th Hawaii international conference on system science(HICSS), pp.2338-2345, Jan. 2012.
  13. 윤정한, 민병길, 김우년, 장문수 등, 화이트리스트를 이용한 네트워크 감시 장치 및 방법, 한국전력공사, 대한민국 특허 10-1360591, 2014. 02.
  14. J.H. Yun, S.H. Jeon, K.H. Kim, W.N. Kim, Burst-based Anomaly Detection on the DNP3 Protocol, International Journal of Control and Automation, V ol. 6, No. 2, pp.313-324, April, 2013
  15. Yusheng W, Kefeng F, Yingxu L, et al. "Intrusion detection of industrial control system based on Modbus TCP protocol", Proceeding of IEEE 13th international symposium on autonomous decentralized system(ISADS), pp.156-162. Mar. 2017.
  16. Jean-Marie Flaus, John Georgakis, "Review of machine learning based intrusion detection approaches for industrial control systems", Computer & Electronics Security Applications Rendez-vous(C&ESAR) Conference, Nov. 2018.
  17. Zhou C, Huang S, Xiong N, et al (2015) Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation. IEEE Trans Syst Man, Cybern Syst 45:1345-1360 . https://doi.org/10.1109/TSMC.2015.2415763
  18. Keliris A, Salehghaffari H, Cairl B et al (2016) Machine Learning-based Defense Against Process-Aware Attacks on Industrial Control Systems. 2016 IEEE International Test Conference (ITC)
  19. He Y, Mendis GJ, Wei J, Real-time Detection of False Data Injection Attacks in Smart Grids: A Deep Learning-Based Intelligent Mechanism. IEEE Trans Smart Grid 3053:1-12, 2016.
  20. Caselli M, Zambon E, Kargl F (2016) Sequence-aware Intrusion Detection in Industrial Control Systems Sequence-aware Intrusion Detection in Industrial Control Systems CPSS 2015 - Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, Part of ASIACCS 2015. 13-24.
  21. Shitharth S, Prince Winston D, An enhanced optimization based algorithm for intrusion detection in SCADA network. Comput Secur 70:16-26, 2017. https://doi.org/10.1016/j.cose.2017.04.012
  22. Yang H, Chen T, Guo X, et al, Research on intrusion detection of industrial control system based on OPSO-BPNN algorithm. Proc 2017 IEEE 2nd Inf Technol Networking, Electron Autom Control Conf ITNEC, Jan. 2018.
  23. Ullah I, Mahmoud QH, A hybrid model for anomaly-based intrusion detection in SCADA networks, Proc. 2017 IEEE Int Conf Big Data, Jan. 2017.
  24. Alves T, Das R, Morris T, Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers. IEEE Embedded Systems Letters, 10:3., 2018.
  25. Moshe Kravchik and Asaf Shabtai, "Detecting cyber attacks in industrial control systems using convolutional neural networks", Proc. the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pages 72-83. ACM, 2018.
  26. Hadziosmanovic D, Sommer R, Zambon E, et al. Through the eye of the PLC: semantic security monitoring for industrial processes. Proc. 30th annual computer security applications conference, pp.126-135. 2014.
  27. Lin H, Slagell A, Kalbarczyk Z, et al. Semantic security analysis of scada networks to detect malicious control commands in power grids. In: Proceedings of the 2013 first ACM workshop on smart energy grid security, pp. 29-34, Nov. 2013.