In order to solve the economic and geographical problems of the existing industrial automation system environment, the Industrial Internet of Things (IIoT) based Industrial Wireless Sensor Network (IWSN) is being introduced. Through the IIoT technology, economical and stable monitoring can be performed. Globally, IIoT usage is increasing every year, and the market size is estimated at $ 573 million in 2016 and the market size is expected to be $ 1,200 million in 2023. The Industrial Internet Consortium (IIC) is an organization in which various industrial control systems and IoT vendors participate in developing IIoT technology. Each year since its establishment in 2014, the IIC has published IIoT demonstration cases and related research. In particular, the IIoT demonstrations have had a great effect on industrial control systems by constructing test beds and conducting tests for various fields, such as energy, healthcare, manufacturing, transportation, and security, which has resulted in the introduction of IIoT systems in various industrial control system fields. In the case of Korea, national institutions such as KEPCO and NSRI are in the process of developing technologies in order to introduce IIoT-based IWSN according to the high demand of the industry.
Unlike IIoT's active business, security research on the IIoT is still insufficient. In particular, there are some problems with the IIoT communication standard itself, so it is not desirable to introduce a commercial product into a national infrastructure where security is important, because even with products certified for the IIoT communication standard, the implementation of security functions may be insecure. In addition, due to IIoT security vulnerabilities are continuously reported, comprehensive security process for IIoT is needed. Therefore, for IIoT security, 1) there is a need for cybersecurity procedures to continuously perform security procedures to acquire and supplement the disclosed vulnerabilities. 2) It is necessary to develop IIoT security communication technology that complements security issues by identifying vulnerabilities by analyzing the security of the IIoT communication standard itself. 2) Even if IIoT security communication technology is used, network anomaly detection technology is needed to respond to advanced cyber attacks using IIoT communication protocol. Building on IIoT security based on the above, it is necessary to improve the security of the industrial control system in which IIoT is introduced and further ensure social safety.
This dissertation proposes a security framework for IIoT, which consists of IIoT cybersecurity guidelines, IIoT device security stack and IIoT network anomaly detection method.
In the IIoT cybersecurity guidelines part, a methodology for developing IIoT cybersecurity guidelines to analyze and cope with new IIoT vulnerabilities and to perform overall IIoT security based on analysis of major cybersecurity standards and guidelines such as NIST Cybersecurity Framework and DoE Cybersecurity Capability Maturity Model.
In the IIoT device security stack part, IIoT communication standard technologies including Zigbee, WirelessHART, and ISA 100 Wireless and related security studies are analyzed and 15 security vulnerabilities are deducted and also describes the security requirements and security design to cope with security issues.
In the IIoT network anomaly detection part, deep learning based anomaly detection technique for IIoT network traffic is proposed. The proposed method is largely divided into a network anomaly detection model and a payload anomaly detection model. The network anomaly detection model performs anomaly detection in data transmission through a network through communication flow, and the payload anomaly detection model performs anomaly detection of transmitted data. The developed abnormal behavior detection engine performs verification through IIoT-specific cyber attack dataset including industrial control system (ICS) malware, ICS vulnerability exploitation as Disabling Assembly (DR) attack and False Data Injection (FDI) attack.