With the advent of the Industrial Internet of Things (IIoT) era, industrial control systems have become more efficient to operate; however, it has caused the increase of risks of security accidents in field devices because the boundaries between each layer disappear and connection with the outside increase. ICS (Industrial Control System) has been suffered from advanced attacks such as APT (Advanced Persistent Threat) using zero-day vulnerabilities. To cope with the advanced attacks, it is necessary to apply vulnerability analysis and intrusion detection systems; however, since most industrial facilities are still operating without security considerations, security incidents are expected to continue.
In this thesis, we propose a comprehensive security framework composed of proactive and reactive technologies for IIoT security to respond to attacks toward ICS. The proposed framework consists of two protocol vulnerability analysis methods and two abnormal behavior detection methods that can be applied to various environments using general ICS characteristics.
In the case of the protocol vulnerability analysis technique, we propose a black box-based vulnerability analysis technique that can be performed for all protocol stacks. We verified the effectiveness of the proposed techniques through experiments with ICS communication protocols.
In the case of anomaly detection techniques, we proposed two deep learning-based anomaly detection techniques that minimize the data analysis process so that it can be used even in small-scale factories and in various domains. We verified the effectiveness of these two techniques experimentally.