本文選題：工業(yè)異構(gòu)網(wǎng) + 路由　； 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)通信技術(shù)的發(fā)展,工業(yè)生產(chǎn)過(guò)程逐漸實(shí)現(xiàn)數(shù)字化和智能化,自動(dòng)化程度越來(lái)越高。工業(yè)控制系統(tǒng)最開始采用集中控制的計(jì)算機(jī)網(wǎng)絡(luò)結(jié)構(gòu),之后進(jìn)行技術(shù)改進(jìn),改用了分布式的計(jì)算機(jī)控制(DCS),現(xiàn)在采用的是現(xiàn)場(chǎng)總線技術(shù)(FSC),并逐漸實(shí)現(xiàn)了與以太網(wǎng)互連的智能化以太網(wǎng)端遠(yuǎn)程控制的嵌入式異構(gòu)網(wǎng)絡(luò)。CAN總線作為一種實(shí)現(xiàn)簡(jiǎn)單、傳輸速率快、高效且安全性優(yōu)良的總線網(wǎng)絡(luò)得到很多工業(yè)網(wǎng)絡(luò)的親睞,以太網(wǎng)和CAN總線互連的嵌入式異構(gòu)網(wǎng)絡(luò)成為近年來(lái)以太網(wǎng)與工業(yè)控制網(wǎng)融合的研究熱點(diǎn)。但是工業(yè)總線外連給安全性良好的CAN總線帶來(lái)了新的安全威脅,以太網(wǎng)端的路由攻擊造成的網(wǎng)絡(luò)癱瘓會(huì)直接影響工業(yè)總線網(wǎng)絡(luò)的運(yùn)行。本課題針對(duì)以太網(wǎng)和CAN總線互連的工業(yè)異構(gòu)網(wǎng)絡(luò)路由安全進(jìn)行研究,并提出了針對(duì)常見路由ARP攻擊和DDOS攻擊的異構(gòu)網(wǎng)絡(luò)防護(hù)措施。 針對(duì)工業(yè)異構(gòu)網(wǎng)絡(luò),本文首先探索了工業(yè)控制網(wǎng)絡(luò)的主要現(xiàn)場(chǎng)總線技術(shù)以及CAN總線的技術(shù)協(xié)議,分析了以太網(wǎng)與工業(yè)控制網(wǎng)互連的必要性及網(wǎng)絡(luò)技術(shù),并對(duì)以太網(wǎng)和CAN總線互連網(wǎng)絡(luò)的發(fā)展現(xiàn)狀進(jìn)行了剖析。其次,本文分析了工業(yè)異構(gòu)網(wǎng)絡(luò)面臨的安全威脅,重點(diǎn)討論了常見的ARP攻擊和DDOS攻擊的原理和常見防護(hù)方法。然后,本文針對(duì)以上兩種攻擊方式提出了數(shù)據(jù)加密和協(xié)議改進(jìn)兩種防護(hù)措施,研究了適合工業(yè)控制數(shù)據(jù)的加密技術(shù),并對(duì)協(xié)議改進(jìn)方案進(jìn)行了深入的技術(shù)分析。最后,本文對(duì)兩種攻擊方式及提出的協(xié)議改進(jìn)方法進(jìn)行了仿真驗(yàn)證,仿真結(jié)果表明提出的防御措施確實(shí)可以起到一定的有效防護(hù)作用。 本文通過(guò)對(duì)工業(yè)異構(gòu)網(wǎng)絡(luò)路由安全及其防護(hù)措施的研究,為工業(yè)異構(gòu)網(wǎng)絡(luò)的安全技術(shù)研究提供了一個(gè)可借鑒的方案,同時(shí)對(duì)加密技術(shù)進(jìn)行了研究分析,希望能引起更多人對(duì)工業(yè)異構(gòu)網(wǎng)絡(luò)安全的關(guān)注。
[Abstract]:With the development of computer and network communication technology, the industrial production process is becoming more and more digital and intelligent. The industrial control system initially adopted the centralized control computer network structure, and then carried on the technical improvement, Using distributed computer control (DCS), FSC (Field bus Technology) is used now, and the embedded heterogeneous network .CAN-bus, which is remotely controlled by intelligent Ethernet terminal interconnecting with Ethernet, is realized as a kind of simple realization and fast transmission rate. The bus network with high efficiency and good security has been favored by many industrial networks. The embedded heterogeneous network with Ethernet and can bus interconnection has become the research hotspot of the integration of Ethernet and industrial control network in recent years. However, the external connection of industrial bus brings a new security threat to the safe can bus. The network paralysis caused by the route attack on the Ethernet side will directly affect the operation of the industrial bus network. In this paper, the routing security of industrial heterogeneous network with Ethernet and can bus interconnection is studied, and the protection measures of heterogeneous network against common route ARP attacks and DDOS attacks are put forward. Aiming at the industrial heterogeneous network, this paper first explores the main fieldbus technology of the industrial control network and the technical protocol of can bus, and analyzes the necessity and network technology of the interconnection between Ethernet and the industrial control network. The development status of Ethernet and can bus interconnection network is analyzed. Secondly, this paper analyzes the security threats faced by industrial heterogeneous networks, and discusses the principles and common protection methods of common ARP attacks and DDOS attacks. Then, this paper puts forward two kinds of protection measures, data encryption and protocol improvement, studies the encryption technology suitable for industrial control data, and makes a deep technical analysis of the protocol improvement scheme. Finally, the two attack methods and the proposed protocol improvement methods are simulated and verified. The simulation results show that the proposed defense measures can play an effective role in defense. Based on the research of route security and protection measures of industrial heterogeneous network, this paper provides a reference scheme for the research of industrial heterogeneous network security technology, and analyzes the encryption technology at the same time. It is hoped that more people will pay more attention to the security of industrial heterogeneous networks.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉貴松,晏華,章毅;基于ARP協(xié)議的局域網(wǎng)訪問(wèn)控制[J];電子科技大學(xué)學(xué)報(bào);2005年02期

2 楊靜;;通過(guò)自助雙向綁定方案實(shí)現(xiàn)ARP攻擊防御的研究[J];電腦知識(shí)與技術(shù);2010年35期

3 高建強(qiáng);;基于PROFIBUS總線的中央空調(diào)控制系統(tǒng)[J];電氣時(shí)代;2011年01期

4 李強(qiáng);;現(xiàn)場(chǎng)總線簡(jiǎn)介及總線電纜的設(shè)計(jì)[J];電線電纜;2009年01期

5 朱政紅;王月娥;;工業(yè)以太網(wǎng)在控制領(lǐng)域中的實(shí)時(shí)性技術(shù)[J];低壓電器;2010年07期

6 楊庚;王江濤;程宏兵;容淳銘;;基于身份加密的無(wú)線傳感器網(wǎng)絡(luò)密鑰分配方法[J];電子學(xué)報(bào);2007年01期

7 張立眾;;工業(yè)以太網(wǎng)實(shí)時(shí)性的解決方案[J];光通信技術(shù);2010年01期

8 張楨;牛玉剛;;DCS與現(xiàn)場(chǎng)總線綜述[J];電氣自動(dòng)化;2013年01期

9 田敏;高安邦;;“LonWorks”現(xiàn)場(chǎng)總線技術(shù)的新發(fā)展[J];哈爾濱理工大學(xué)學(xué)報(bào);2010年01期

10 高程希;吳成東;張?jiān)浦?商博;孟婷婷;;基于TCP/IP協(xié)議的遠(yuǎn)程圖像/數(shù)據(jù)傳輸研究[J];機(jī)電工程;2011年09期

，

本文編號(hào)：2100737