论文部分内容阅读
针对防火墙粗粒度过滤Modbus/TCP导致工控系统存在安全威胁的问题,研究基于Modbus功能码的细粒度过滤算法。基于Modbus TCP协议功能码的特征,对其功能码字段进行解析,实现基于白名单规则的细粒度过滤算发。然而,大量匹配规则的存储管理对数据过滤过程的查询效率有决定性的影响,结合对规则集进行分类管理提高匹配效率。通过构建有效的数据存储结构及对白名单规则的组织与配置,实现了Modbus TCP协议的细粒度过滤,更大程度的提高了Modbus TCP通信的安全性,且保证了通信过程的实时性。通过实验分析,提出的方法可以深度安全的过滤Modbus协议,提高Modbus通信的安全性。
Aiming at the problem of security threats caused by the filtering of Modbus / TCP by coarse-grained firewall, a fine-grained filtering algorithm based on Modbus function code is studied. Based on the features of the Modbus TCP protocol function code, the function code fields are parsed to achieve the fine-grained filtering algorithm based on the white list rule. However, the storage management of a large number of matching rules has a decisive influence on the query efficiency of the data filtering process, and improves the matching efficiency by combining the classification management of rule sets. By constructing an effective data storage structure and organizing and configuring the whitelist rules, the fine-grained filtering of the Modbus TCP protocol is realized, which improves the security of the Modbus TCP communication to a greater degree and ensures the real-time performance of the communication. Through experimental analysis, the proposed method can filter Modbus protocol deeply and safely, and improve the security of Modbus communication.