Safety of news of network of automation of numerical control machine tool defends integratedly plan
Time:
Click:501
source:HAOYU CNC Machining
Summary: To solve the information safety after net of couplet of numerical control machine tool to browbeat, put forward safety of news of network of a kind of numerical control to defend integratedly plan. This plan is based on framework of system of numerical control network, give priority to a line with incident lifecycle, use authentic safety to defend technology, autonomy heals academic, shirt-sleeve foundation data and systematic safety defend technology, form safety of network of automation of numerical control machine tool to defend integratedly function. The function of case of the other side, function and the advanced durative minatory example that are based on numerical control system undertake labor, it is better that the result showed the rationality that carries plan is mixed defend the effect. Of this plan build in realizing monitoring of beforehand of system of numerical control network, thing, detect and cure oneself, the information safety of past audit systematization defends. Keyword: Safety of information of; of system of numerical control of; of numerical control machine tool defends; authentic; cures system of numerical control of 0, foreword oneself the open sex after inherent and safe flaw and couplet net, menace enlarges the information safety that makes its are faced with continuously. Numerical control system is numerical control machine tool " cerebrum " , technology of core of system of high-end numerical control is basic by forestall of industrial developed country, numerical control system is put in the safe hidden trouble such as the flaw that cannot accuse, back door. The information safety that is aimed at control system at the same time atttacks incident to happen continuously. Once numerical control system is destroyed, will bring about numerical control machine tool and even whole product line to stop machine, create a company significant loss. So safety of information of machine tool of research numerical control defends theory and technology, have important sense to ensuring industrial infrastructure stability to move. Bed of test of SCADA of country of American energy department plans (NSTB) was released defend control system route chart. European network defends with what ENSIA) of information security bureau makes the directive file that controls a system also was released 2011. Domestic Wang Qi chief puts forward safety of news of network of a kind of CNC Machining to defend plan, equipment of segregation of border of network of deploy CNC Machining and terminal of numerical control system defend equipment, ensure safety of numerical control network. Wang Jian put forward safety of system of network of DNC numerical control to defend framework, deploy firewall filters between office local area network and net of DNC numerical control data, however this plan divulges lack to defend effectively to inside information. Control solution of defence of depth of systematic information safety at establishing course of study to offer industry, use border is kept apart and inbreak detected visit controls a mechanism, devoid systematization defends in coordination. Authentic computation and autonomy are considered as to solve the important method that controls systematic intrinsic safety more. The SCADA system security that Fadul uses authentic calculation intelligent electrified wire netting theoretically defends in. Wu Jiangjiang puts forward a kind to be based on fictitious segregation data to store the system will undertake data is not accredit to defend authoritatively, wei Zhanzhen put forward a kind to be based on but converse and patulous credible data encloses plan. At present the research of authentic network theory and technology basically is in the office network of common information system or numerical control system, had been not applied to whole numerical control system. Zhang Tong correspondence uses at power system be based on the network that cures theory oneself to be able to live sexual theory undertook study, but did not undertake study to model of whole system architecture. Kirsch tolerates through inbreaking the SCADA system that strategy studied to be able to live, but its strategy does not apply to the applied server that has state. The article defends integratedly through building safety of news of network of automation of numerical control machine tool plan, build systematization information safety to defend in coordination technology, organic the information safety that linked to have defends technology, in maintain a system below orderly sex condition, it is better to achieve defend the effect. Framework of system of network of machine tool of 1, numerical control and safe menace to raise level of informatization of numerical control enterprise and integrated automation, implementation canal accuses unifinication, system of contemporary numerical control is increasing the ground and interconnection of intranet sth resembling a net, use a CAD to make (data of CAD) , product runs a system (PDM) raise treatment efficiency and precision. Current agreement (like TCP/IP agreement) , the intelligence such as current operating system changes component part to be used at industrial data switch and processing ceaselessly. Numerical control machine tool and office network even the interconnection each other of Internet is connected bring about numerical control system to be faced with more information safety to browbeat. If the graph is shown 1 times,structure of network of automation of numerical control machine tool and safety browbeat. Graph structure of network of automation of machine tool of 1 numerical control and safe menace pursue 1 in, network of numerical control machine tool passes R S232, string together the interface such as the mouth to exchange system and network of DNC numerical control to be linked together through data, interrelate with OA system then. Two-way arrowhead expressed what safety browbeats to deliver route. From the graph 1 can see, safe menace basically comes from atttack at exterior attack and interior. Exterior attack basically is the flaw that aggressor adopts system of network of target of exterior Internet scanning, find attack place, undertake persistent atttacking (like advanced durative menace) . The data that in-house attack includes ill will is divulged, the virus transmission that carries mobile equipment. Punching bag includes to hold accuse to control a system, interrupt data of industry of quality of product of treatment process, influence, filch to wait. 2, the network of numerical control machine tool that network of automation of numerical control machine tool defends the technology puts forward integratedly defends the technology basically includes systematic framework and core to defend integratedly technology. 2. 1 safety defends architecture is based on a graph the structure of 1, put forward system of network of automation of numerical control machine tool to be changed in coordination, systematization safety defends architecture, if pursue,2 are shown. Graph 2 in safety of network of numerical control system defends the system covers office network safety to defend, network of DNC numerical control and safety of network of equipment of numerical control machine tool defend 3 respects. Defend in office network in, main deploy firewall, inbreak detect, baleful code detects wait for basic preventive measure, at the same time deploy server of authentic network management will filter baleful node, raise network immunity. Be aimed at network of DNC numerical control, on DNC server deploy is calculated authoritatively platform, ensure moving control system is authentic; deploy agreement inbreaks detect the server filters control of disagreement regulation system sheds; to be defeated to read the deploy in writing with data as it is said in DNC number credible data defends the mechanism will prevent be not anticipate visit; is managing control interface deploy data visits monitoring, prevent mobile equipment ill will to inbreak. Defend in the light of spot equipment, basically be in interface control and autonomy of commutative layer deploy manage more implement, avoid the effect that opposite of equipment operational failure produces. Every phase defends all join obtain evidence audit server in order to have when necessary audit. Graph safety of network of 2 numerical control defends architecture defends integratedly in coordination to come true integratedly, all sorts of need is shirt-sleeve defending technology, it is an axis with time, put forward to be based on incident drive to defend plan, incident lifecycle defends demand is mixed defend the technology is shown 3 times like the graph. Graph safety of 3 incident lifecycle defends technical sketch map combines a plan 2 with the graph 3, before safe incident happens, in network of DNC numerical control, use real time monitoring, authentic platform to defend methodological; is in office network, use the method such as authentic network, reliable early-warning. When safe incident happens, be aimed at in-house attack, use active visit control, unusual detect method. Be aimed at exterior attack, use inbreak the method such as defence, baleful code defence. After serious and safe incident happens, to network of numerical control machine tool the autonomy that start heals to restore a mechanism with fault tolerance, obtain evidence in each networks audit determines minatory source and minatory method, use upgrade patch, inbreak the method such as defence prevents incident to happen again. Defend technology, autonomy defends as core more authoritatively technology, shirt-sleeve and basic data and system defend technology, dynamic compose builds the safety of information of numerical control system that is based on incident lifecycle to defend integratedly mechanism. 2. 2 defend authoritatively technology above all, on DNC system server deploy is calculated authoritatively platform. DNC system server is the crucial node of join office network and numerical control machine tool, the instruction that make known to lower levels comes from office network arrives network of numerical control machine tool, upload data of numerical control machine tool and state information to arrive office network. Its run platform authentic sex is crucial. Authentic computation platform with authentic computation module (TPM, trus-ted Platform Module) is core, serve as trustful catenary with password and technology of test and verify, ensure control computation platform is authentic and safe. Authentic computation platform basically is used at beforehand monitoring, attestation is lawful system, ensure platform can accuse. The to equipment layer blame after rejecting safe incident to happen expects control. Next, in arrange of upside of network of DNC numerical control credible data defends mechanism, undertake protective to data of core of numerical control system, if pursue,4 are shown. Graph 4 credible data defend the mechanism is controlling compose of the trends on net bus line to build the communication that is similar to VPN to keep apart an environment to assure data of device control character not by leak. Union is calculated authoritatively and fictitious change a technology, on network of DNC numerical control compose builds fictitious engine system, build sensitive data security to protect region (SPDSecureProtection Do-main) , it is surely through binding sensitive data inside safe region, anticipate according to the protection of data to DNC data the visit requests to have safe test and verify and politic control, prevent what suspect process logarithm occupies to read write operate and pass suspect area, realize data to prevent leak function thereby. Deliver baleful code to detect to suspect process server, check ill will to inbreak behavior. Credible fictitious data defends the mechanism basically is used at beforehand monitoring, safe segregation, inbreak in the thing detect, past audit is checked. The 3rd, in arrange of office network upside authentic network server. Trends moves in, authentic node has certain intelligent sex, its are authentic related to behavior movement, trustful theory solves the effective method with credible action namely, according to node history expression determines authentic value, the node ability that is more than authentic threshold value participates in a service, keep apart baleful node thereby. Authentic network basically is used at detecting in the thing, union inbreaks defence, baleful code defence, provide evidence for audit. Be based on 3 afore-mentioned respects, build numerical control system to defend authoritatively model. Cooperate conventional data to defend defend with the system technology, achieve security of data of numerical control system and systematic security. 2. The data that 3 data and systematic safety defend fundamental data security defends the technology basically includes a tradition keeps apart a technology (if visit control, firewall,wait) , data is prevented divulge technology of technology, data security storage. Deploy of data segregation equipment is in numerical control system is outside interface network, receive net bus line, control network bus line between, defend as the foundation method, use at detecting in beforehand monitoring, thing. Data security defends basically cooperate credible data to defend mechanism, to the data that move, install mobile equipment data to control a function, memory is on mobile equipment. Once receive system or experience to be visited out of order, put through actively server of data visit monitoring, the visit that start controls a mechanism. The sensitive data in DNC data server cooperates information to protect region government implement have safe memory. Systematic moving foundation defends the technology basically includes an agreement to detect, inbreak detect, baleful code detects. Systematic safety defends basically cooperate to defend authoritatively and cure a mechanism oneself. Inbreak in office network and deploy of network of DNC numerical control detect / defense system. Run state to the system real time monitoring, to special industry communication agreement undertakes an analysis, disentomb inbreak clew, use at past audit. Defend authoritatively give rejection progress, by inbreak testing system gives judgement, make defence answer. Collect ill will to atttack evidence at the same time, use at past audit. In attack minatory influence arrives when the usability of numerical control machine tool, the autonomy that start heals fault tolerance restores a mechanism. 2. The 4 principles that cure fault tolerance to cure a mechanism oneself oneself are to be below the circumstance of attack happening, the system is adjusted through accepting risk, feedback, make the system is in healthy work limits inside, realize the immunity to attack thereby. Autonomy is built to manage more on interface of network of numerical control machine tool and commutative system implement. Whether is the change that will judge a system through monitoring a system to run condition and behavior acceptable range, implement corresponding strategy then. Detect numerical control system is unusual moving behavior, monitor the value abstraction that collects, with attribute of function of numerical control system (be like usability) associated, according to numerical control system the tie of each components assesses a value, inference decides whether numerical control system moves inside acceptable range, exceed a certain part / when the threshold value of the network, have a system unusual early-warning. In the meantime, the autonomy that start answers a mechanism more, the goal that according to current system condition need achieves generates defence to restore strategy and inferential evolution mechanism, the circumstance that restrains to violating a system through restoring a mechanism undertakes resumptive, feedback action arrives on moving system. Fault tolerance restores basically is the ability that when ensuring systematic happening disaster, still can continue to provide a service, or be can reinstate regular state be goinged to by attack system quickly. Redundant technology is the basiccest fault tolerance restores a technology, in network of numerical control machine tool right amount deploy is redundant machine tool, in software of office of upside of interface of network of numerical control machine tool and commutative net redundant module. Start self check technology at the same time, find breakdown place, screen or segregation breakdown component. The system is changed and the process information of breakdown fixed position is recorded with the form of the log, memory is in audit server, in order to have when necessary audit. 2. Ordinal confluence goes to the 5 models that defend integratedly minute of pace is narrated to build before mechanism general in lifecycle of incident of numerical control system. Basically will defend the technology blends in beforehand authoritatively in real time monitoring, the; in realizing authentic visit to control; to will cure mechanism confluence to restore to fault tolerance of after the event oneself defends data security technology and authentic mechanism are united in wedlock, confluence of technology of security of; general system goes to the data security in protecting incident cycle detect in the thing, cooperate authentic mechanism, audit obtains evidence after having a thing. 3, safety of numerical control system defends plan analyses integratedly 3. 1 those who defend plan function analyses place to carry plan to be able to be aimed at a few kinds of following attack answer. Baleful code atttacks: Flaw of the hardware that uses system of numerical control network, software, agreement undertakes baleful code is atttacked. In defend integratedly in the system, deploy is mixed in outer net inside code of net ill will detects the mechanism can detect baleful attack, authentic visit monitoring can discover those who carry mobile storage equipment to inbreak, authentic and fictitious the visit that defends region is based on integrality controls demand but block stops baleful code attack, and early-warning or the autonomy that start heals repair. Not accredit visit: Undertake preliminary segregation by safe segregation equipment above all, credible data defends the mechanism undertakes rejection to visit operating, refer audit server. Information divulges: Basically be network news reveals interior, can rely on credible data to keep apart security of environment, sensitive data to protect region, logarithm to defend according to reading written attestation. The basis handles a daily record, have audit. Reject to serve attack: Switching equipment of the systematic server in basically be aimed at network of DNC numerical control, DNC transmission server, interface has charge, make cannot work normally or buffer spills over. Defend integratedly basically detect through the agreement in plan monitoring visits discharge, through authentic computation platform is prevented be not authentic visit request. Once numerical control machine tool appears breakdown, start the redundant mechanism in curing a mechanism oneself, assure usability, use self check mechanism to restore breakdown at the same time. Defend plan cooperates with quality: When facing all sorts of charge, use integratedly defend authoritatively, data and systematic foundation defend, autonomy defends more, defend in coordination numerical control system. (1) defends the time of plan cooperates with. Defend authoritatively use at beforehand monitoring, implementation visits control; to cure a mechanism to be used at fault tolerance of after the event to restore security of; foundation data to defend oneself authoritatively cooperate credible data to defend, in be being used at the thing, active data visit controls safety of; base system to defend cooperate to defend authoritatively, reject a process to undertake inbreaking detecting to defending authoritatively, gather attack evidence, use at past audit. In attack menace arrives when usability of numerical control system, the autonomy that start heals fault tolerance restores a mechanism. (2) defends the space of plan cooperates with. What carry plan to make full use of different resource attribute comes to framework of numerical control network deploy defends technology, network of numerical control machine tool demand of real time sex is high, use authentic and fictitious region to keep apart a mechanism to prevent to be not accredit visit, inbreak those who be aimed at numerical control machine tool defend mechanism deploy is in numerical control network. Once break through all preventive measure, the autonomy that start heals mechanism, keep apart repair damage equipment. In network of DNC numerical control, deploy is authentic platform, inbreak defence monitoring platform, ensure core controls systematic security. In the deploy in office network complex and authentic network, inbreak detect, baleful code detects wait for measure, dependability of sth resembling a net of the purse net outside ensuring. 3. 2 defend plan function analyses a beware of to protect the depth defense program with relatively typical program, basically increased to defend authoritatively module (T) , autonomy heals module (S) , detect with IPS, baleful code the interface mechanism of module (I) , its time is complex degree it is F(t(T)) respectively, f(t(S)) , f(t(I)) , f is time function, beforehand monitoring phase basically is to defend authoritatively of module continuously monitoring, place beware of protects program (the time of P) is complex degree for F(t(P) ) = F(t(T)) = O(n) , n is amount of authentic module deploy. Detect in the thing level includes to defend authoritatively detect, data and system defend detect, autonomy restores more. Authentic network calculative is complex degree for O(N12) , n1 is transmission division check the number, credible data defends the incident of the mechanism is complex degree for O(N) + O(1) , o(1) visits monitoring time for now and then peripheral mobile equipment, autonomy restores to be O(1) more, what data and system defend is complex degree for O(N) , because this matter is medium,detect level F(T(P) ) = F(T(T) ) + F(T(S) ) + F(T(I) ) = O(n12) +2O(n) + 2O(1) . Audit obtains evidence after the time of level is complex degree for O(1) . The space is complex spending basically was to increase authentic management server, autonomy to manage server and server of relevant data storage more, the space is complex degree for 3O(N) . 3. The place such as chief puts forward 3 pairs of more opposite than analysing Yu Wangqi CNC Machining network defends plan (abbreviation king plan) , article place carried plan to increase to defend authoritatively, autonomy heals, and the system defends in coordination module. King plan basically uses treatment network border to keep apart equipment and terminal to defend equipment, cooperate audit and defend the agreement protects numerical control system. Fighting attack side, king plan has better effect in the light of exterior attack, but divulge attack to defend weaker; is in to baleful interior efficiency respect, control of visit of examination of deepness of content of king plan communication, fine granuality, lead plane inbreaks defence needs to mode matchs and be calculated, time is complex spend interpose to be mixed at O(N) between O(N2) , n is computational substance amount. In defend effect respect, the deepness examination of spot equipment can reduce usability, the preventive measure that destroys to integrality did not allude, deal with to safe attack relatively lag. Defend authoritatively to putting forward intelligent electrified wire netting at Fadul plan, article place carries plan more comprehensive. Fadul plan uses the trust management system that is based on credit to alleviate the attack that is aimed at frangibility of establishment of prospective intelligence electrified wire netting, authentic system deploy defends in support of communication of intelligent electrified wire netting in the system. Fighting attack side, fadul plan because the feedback delay time of credit, fight sudden charge ability is weaker. In efficiency respect, credit computation and the network community that trust management needs much territory participate in iteration computation, time is complex degree be close to O(N2) , the space is complex degree for Mn, m is length of hypostatic history vector, n is hypostatic amount. In defend effect respect, the mechanism of baleful attack immunity that is based on credit and communication bandwidth are reasonable allocate a mechanism, the security that makes have better, appropriate usability, but integrality defends defective. Rank of above analysis result is expressed 1 in, the property value that defends the effect uses 3 level expresses: "Actor " , " in " , " poor " , "Poor " express corresponding attribute did not allude or the effect is poorer. Have certain effect, show inadequacy to be slightly " in " . Fight attack effect cent to be 2 condition: Mix authoritatively suspect. Efficiency uses time complex degree express. The watch shows eventuate 1 times to serve as the relative performance of current level with article method, can figure the advantage that gives article place to carry plan. Watch 1 defend plan contrasts 3. 4 example are analysed with advanced durative menace (Advanced Persistent Threat, APT) attack is exemple, the analysis is carried defend integratedly the effectiveness of plan. APT attack sets a variety of new-style attack meanses neatly, permeate for long to the target, attack is carried out in specific hour. The typical APT that is aimed at numerical control system atttacks process cent to be 5 phase. ① gathers information. Use social project, collect is locked up decide specific numerical control machine tool. ② breaks through line of defence. Use server flaw, website to hang software of horse, fishing, mobile client to carry flaw, score office network lead plane, get the limits of authority of fall victim lead plane. ③ establishs fortified point, transverse permeate. Build control server to get systematic limits of authority to the channel of fall victim lead plane, the structure of system of network of transverse exploration office and DNC network and data visit are regular, inbreak more lead plane, and avoid is discovered. ④ atttacks DNC system server. Imitate is normal node, server of join DNC system and DNC transmit a server, exploit server loophole, get systematic code to carry out attributive. ⑤ finishs attack. Revise or defeat convert control data, cause equipment breakdown of numerical control machine tool or stop machine, accompany the backtrack strategy such as trace destroy by melting or burning. Be carried defend integratedly of plan defend main component is 4 phase: ? > show off calls out bulbul of late of Mu of Lu of thirsty of of of Zhan of Qu of T of of dice of reins of of of Zhan of Da of セ of awl danger the authentic network that Zan of spoon of bottle of of Piao of whencing Hu of of Xun of a surname of ⒍ of Suan of Hu of aim of Na of be good at ⑷ is fond of deploy of? of the form in branny order Na can, keep apart suspect lead plane. Refer obtain evidence audit module. The 2nd phase, transverse permeate attack. The osmosis inside office network detects through afore-mentioned inbreaking and authentic network is kept apart. The osmosis that is aimed at network of DNC numerical control uses an agreement to detect, data visit monitoring, credible data defends the mechanism comes unusual data sheds monitoring, block breaks baleful node to be read to information of the data inside numerical control net write and to dominating news intercept and capture, and early-warning. The 3rd phase, atttack DNC system server. In the authentic computation of server upside arrange platform passes integrality attestation, reject baleful node to expect control to the blame of the operating system, certain data distorts, ; of real time early-warning transmits what the related credible data on the server defends mechanism block breaks baleful instruction in DNC, refer baleful code to detect the server detects further defence, undertake obtaining evidence audit. The 4th phase, baleful behavior bypasses authentic platform, have charge to equipment. Start fictitious segregation mechanism, keep apart machine tool of fall victim numerical control, the autonomy of; of control attack limits that start heals mechanism, through without reason barrier redundant machine tool offers service; to start self check technology at the same time continuously, screen or segregation breakdown component, seasonable rehabilitate and audit. Thereby the biggest change the effect that removes APT attack. According to the graph the basic structure of 2 builds imitate environment, deploy defends plan, imitate APT atttacks means, cooperate all sorts of osmosis technology, inbreak network of DNC numerical control 20, be taken in order to read and destroy DNC to control a file to be punching bag. Experimental result shows attack is broken by effective block, block of attack of the first phase breaks probability (the attack number that block breaks is occupied hit a time than general attack) for 40% , the 2nd phase detects probability is 30% , finally 30% be broken by block in the 3rd phase. The place on put together is narrated, what what put forward is integrated it is better to defend plan is had to APT attack defend the effect. The article offerred 4, conclusion safety of system of network of automation of machine tool of a kind of numerical control defends integratedly plan, solved safety of information of numerical control machine tool effectively to defend difficult problem, opposite at before plan is had better in coordination gender and effectiveness. This plan can form whole process to defend, become a system oneself, it is better to have to APT defend the effect. As a result of the intrinsic safety characteristic that defends technology and autonomy heal authoritatively, this plan but deploy is in the numerical control system with different jumbly compose. Origin: China surpasses research center of safety of treasure lab information, chinese peace uses association of war industry technology CNC MillingCNC Machining