Research on Automatic Identification of Information Assets Based on Industrial Control Network Traffic

Abstract

With the development of science and technology, industrialization and information technology began to cross and merge and the industrial field began to appear a variety of information technology. In the current situation, Industrial Control System (ICS) is the Industrial Control System. This technology has been active in a wide range of different fields. In various projects, about 90% of the state-owned infrastructure relies on Industrial Control System to realize automatic operation. For national key infrastructure projects, ICS has become an indispensable part, and national strategic security is gradually inseparable from ICS. The work environment of ICS is becoming more and more complex. In addition, in the traditional network, people can use digital identification, encryption and other methods to deal with information leakage, network attacks and other security risks, but the embedded system resources in ICS are often limited, which requires a high real-time service. When the system does what it's supposed to do, and at the same time, ICS agrees to security requirements such as encryption algorithms or security protocols, its business continuity will face huge challenges and traditional solutions will be difficult to fit into ICS. In this paper, according to the ARIMA modelling method of industrial control network flow, the flow model of common industrial control network is established. Finally, the Stuxnet attack flow is simulated, and the normal flow is predicted by using ARIMA model of production season to detect whether there is abnormal flow. The experimental results show that this method has good detection effect.