Worm and Agent-based Attack Modeling for Industrial Control Systems

doi:10.3969/j.issn.1006-2475.2023.10.016

Abstract

Abstract: In the field of network security， only by better understanding the attack， can we master the defense technology. This article focuses on the industrial control equipment in the industrial control system that is closest to the industrial production equipment - the programmable logic controller PLC， which is no longer limited to the traditional “host computer-PLC-cascading equipment” attack mode. Through the combination of PLC worm and PLC agent， the attack mode of “PLC-PLC-cascade device” with stronger attack adaptability is realized， and a complete attack chain that can make all PLCs in the Intranet environment be attacked by the PLC exposed to the directly accessible environment is realized. Different attack forms are added to the attack chain and the attack model is finally constructed. By building an experimental environment to conduct simulation experiments， it is proved that the attack model can change the operation state of the industrial control system and pose a threat to the safe operation of the industrial control system. Finally， targeted protection suggestions are given for this attack mode.

Key words: Key words： industrial control system, PLC, worm, proxy mode

CLC Number:

TP309

HAN Dong-song, SHA Le-tian, ZHAO Chuang-ye. Worm and Agent-based Attack Modeling for Industrial Control Systems[J]. Computer and Modernization, 2023, 0(10): 107-114.

References ［30］

［1］	周文. 工业控制网络安全［J］. 信息安全研究， 2022， 8（6）:
	522-523.
［2］	黄燕峰，王丽娟，王少鹏，等. 工业控制系统安全现状及应对策略［J］. 数字技术与应用， 2022，40（3）:231-233.
［3］	唐士杰，袁方，李俊，等. 工业控制系统关键组件安全风险综述［J］. 网络与信息安全学报， 2022，8（3）:1-17.
［4］	BERESFORD D. Siemens simatic S7 PLC exploration［EB/OL］. （2011-07-30）［2022-10-02］. https://media.blackhat.com / bh-us-11/Beresford / BH_US11_Beresford_S7_PLCs_
	Slides.pdf.
［5］	KLICK J， LAU S， MARZIN D， et al. Internet-facing PLCs: A new back orifice［EB/OL］. （2015-08-06）［2022-10-02］. https://www.blackhat.com/docs/us-15/materials/us
	-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-
	wp.pdf.
［6］	SPENNEBERG R， BRUGGEMANN M， SCHWARTKE H. PLC-blaster: A worm living solely in the PLC［EB/OL］. （2016-08-04）［2022-10-02］. https://www.blackhat.com/docs /asia-16 / materials/asia-16-Spenneberg-PLC-laster-
	A-Worm-Living-Solely-In-The-PLC-wp.pdf.
［7］	ABBASI A，HASHEMI M. Ghost in the PLC designing an undetectable programmable logic controller rootkit［EB/OL］. （2016-08-04）［2022-10-02］. https://www.blackhat.com/eu-16/briefings.html#ali-abbasi.
［8］	方栋梁，刘圃卓，秦川，等. 工业控制系统协议安全综述［J］. 计算机研究与发展， 2022，59（5）:978-993.
［9］	张晓娟，曹靖怡，缪思薇，等. 电力工控系统攻击渗透技术综述［J］. 电力信息与通信技术， 2021，19（3）:49-59.
［10］	王忠远，李玉文，王小雨. 西门子S7-200 PLC PPI通信协议读写命令帧格式的数据解析［J］. 无线互联科技，2021，18（21）:1-2.
［11］	PAN X J， WANG Z R， SUN Y B. Review of PLC security issues in industrial control system［J］. Journal of Cyber Security， 2020，2（2）:69-83.
［12］	李妍，张宏宇. 工业控制网络中的良性蠕虫传播模型［J］. 控制工程， 2020，27（7）:1286-1292.
［13］	张帆. PLC蠕虫病毒的实现与防护［J］. 信息与电脑（理论版）， 2019，31（21）:183-185.
［14］	王硕，赵荣彩，颜峻，等. 基于代理服务器的分布式拒绝服务攻击系统设计与实现［J］. 信息工程大学学报，2012，13（3）:365-369.
［15］	尚文利，王天宇，曹忠，等. 工业测控设备内生信息安全技术研究综述［J］. 信息与控制， 2022，51（1）:1-11.
［16］	FUJITA S，HATA K，MOCHIZUKI A，et al. OpenPLC based control system testbed for PLC whitelisting system［J］. Artificial Life and Robotics， 2021，26（1）:149-154.
［17］	王育红，夏安祥，林国庆，等. 抗重放攻击方案在工程中的应用［J］. 网络安全技术与应用， 2021（4）:8-10.
［18］	ZHOU C J， LI X， YANG S H，et al. Risk based scheduling of security tasks in industrial control systems with consideration of safety［J］. IEEE Transactions on Industrial Informatics， 2020，16（5）:3112-3123.
［19］	ZHANG Y P， LI M， ZHANG X M， et al. Defeat magic with magic: A novel ransomware attack method to dynamically generate malicious payloads based on PLC control logic［J］. Applied Sciences，2022，12（17）. DOI: 10.3390/app12178408.
［20］	周明，吕世超，游建舟，等. 工业控制系统安全态势感知技术研究［J］. 信息安全学报， 2022，7（2）:101-119.
［21］	陈瑞滢，陈泽茂，王浩. 基于攻击图的工控网络威胁建模研究［J］. 信息网络安全， 2018（10）:70-77.
［22］	冯晓萌，孙秋野，王冰玉，等. 基于蠕虫传播和FDI的电力信息物理协同攻击策略［J］. 自动化学报， 2022，48（10）:2429-2441.
［23］	辛耀中. 重要工业控制系统网络安全防护体系［J］. 信息安全研究， 2022，8（6）:528-533.
［24］	JIN K， NIU Z J， LIU J P， et al. Research on network security technology of industrial control system［J］. MATEC Web of Conferences， 2022，355. DOI: 10.1051/matecconf/202235503067.
［25］	NARUOKA H， MATSUTA M， MACHII W， et al. ICS honeypot system （CamouflageNet） based on attacker's human factors［J］. Procedia Manufacturing， 2015，3:1074-1081.
［26］	BEDNAREK M，DABROWSKI T. Security of the data transmission in the industrial control system［J］. Bulletin of the Military University of Technology， 2015，64（4）:83-96.
［27］	ASGHAR M R， HU Q W， ZEADALLY S. Cybersecurity in industrial control systems: Issues，technologies，and challenges［J］. Computer Networks， 2019，165. DOI: 10.1016/j.comnet.2019.106946.
［28］	夏春明，刘涛，王华忠，等. 工业控制系统信息安全现状及发展趋势［J］. 信息安全与技术， 2013，4（2）:13-18.
［29］	吕思才，张格，张耀方，等. 一种面向工控系统的PU学习入侵检测方法［J］. 信息安全学报， 2021，6（4）:72-89.
［30］	黄一鸣，赵国新，魏战红，等. 基于特征增强和优化SVM的工控入侵检测［J］. 计算机工程与设计， 2021，42（12）:3373-3379.

[1]	MIAO Si-wei1， YU Wen-hao1， YAO Feng2， GAO Jing3. Security Analysis for PLC Access Control [J]. Computer and Modernization, 2019, 0(09): 41-.
[2]	SU Bai-yan1,2, TANG Min2, NI Jian-jun2. Design of Wireless Control System About Spray Line Based on PLC [J]. Computer and Modernization, 2017, 0(12): 117-121.
[3]	ZHAO Yuan. Design of Intelligent Control System for Greenhouse Environment Based on PLC [J]. Computer and Modernization, 2016, 0(4): 123-126.
[4]	GE Jie-li, LIU Yuan. A WSN Location Algorithm Against Wormhole Attacks [J]. Computer and Modernization, 2015, 0(8): 61-66.
[5]	MENG Shasha. Design and Realization of Irrigation and Fertilization Controlling System Based on PLC [J]. Computer and Modernization, 2015, 0(7): 120-.
[6]	LI Hua-chang. Visual Inspection Based on Intelligent Feedback Coupling PLC [J]. Computer and Modernization, 2015, 0(11): 60-64.
[7]	JIANG Maoren;LIU Guodong;YANG Guowei. Design and Realization of Power Control System Based on PLC and KingView  [J]. Computer and Modernization, 2013, 1(1): 130-133.
[8]	WANG Xiaodong ;XIANG Yang;HU Hanwen;SHI Mingquan. Design of Boomtype Roadheader Remote Wire Control System  [J]. Computer and Modernization, 2013, 1(1): 122-125.
[9]	ZHANG Xiao-hui;YUAN Min. Research and Application of PLC Software Redundancy in Continuous Supply of N₂ [J]. Computer and Modernization, 2012, 198(2): 61-65.
[10]	MENG Sha-sha;WANG Tao-tao. Design of Remote Intelligent Detecting Controlling System Based on PLC [J]. Computer and Modernization, 2012, 208(12): 69-72.
[11]	WU Xue-quan;GAO Mei-feng. Automatic Concrete Batching Control System Based on MCGS and PLC [J]. Computer and Modernization, 2012, 208(12): 33-36.
[12]	CHEN De-nan. Development of Constant Pressure Water Supply Host Computer Control System Based on PLC [J]. Computer and Modernization, 2011, 1(2): 0-102.
[13]	TONG Qiang;YU Jin-ke;;LI Wen-jun. Application of Communication Between PC and PLC in Longdistance Network Measurement and Control System [J]. Computer and Modernization, 2011, 1(11): 105-3.
[14]	CHENG Ji-gang;WANG Xiao-nian;ZHU Jin. Reform of High-rack Storage with Manipulator [J]. Computer and Modernization, 2010, 1(9): 171-174.
[15]	YAN Hua-lin;QIU Yue-quan. Serial Communication Between FX Series of Mitsubishi PLC and Host Computer Based on VB6.0 [J]. Computer and Modernization, 2010, 1(5): 122-124.