izpis_h1_title_alt

Primerjava orodij za kibernetsko varnost sistemov v operativni tehnologiji
ID Zupančič, Tea (Author), ID Kos, Andrej (Mentor) More about this mentor... This link opens in a new window, ID Ceferin, Peter (Comentor)

.pdfPDF - Presentation file, Download (2,83 MB)
MD5: 4EAC3DCD45B4DBFB98103C3C4F6D1E75

Abstract
V magistrskem delu je predstavljena rešitev za zagotavljanje kibernetske varnosti v okolju operativne tehnologije (OT). Dolgo časa so bili sistemi operativne tehnologije ločeni od zunanjih sistemov. Z avtomatizacijo industrije je bilo treba sisteme operativne tehnologije integrirati s sistemi informacijske tehnologije (IT). Programska oprema in protokoli v operativni tehnologiji so zastareli in ustvarjeni so bili brez varnostnih mehanizmov. Z integracijo operativne tehnologije z zunanjimi sistemi je le-ta podvržena novim kibernetskim napadom. Menjava opreme je predraga, posodobitve so zaradi morebitnih stranskih učinkov nezaželjene, sisteme pa moramo zavarovati, saj operativna tehnologija sestavlja industrijsko in kritično infrastrukturo. Novejša zlonamerna programska oprema zaobide tradicionalne mehanizme kibernetske zaščite, zato moramo sisteme OT zaščititi drugače kot do sedaj. V magistrskem delu smo testirali in primerjali orodja za kibernetsko varnost v operativni tehnologiji, in sicer Wireshark, Nozomi, Radiflow in Snort. Trenutno je najboljša rešitev uporaba sistema za preprečevanje vdorov in vzporedno še uporaba sistema za zaznavanje anomalij z vgrajenim strojnim učenjem ter globokim pregledovanjem paketkov. Omenjena rešitev v praksi deluje, ker je promet v operativni tehnologiji periodičen in nešifriran. Enaka rešitev v domeni IT ne bi delovala, saj je tam promet neperiodičen in šifriran, tako izgradnja natančnega modela normalnega obnašanja omrežnega prometa in globoko pregledovanje paketkov nista mogoča. Ideja sistema za zaznavanje anomalij je, da odkrije zlonamerno programsko opremo, ko je le-ta še v fazi učenja delovanja omrežja in dolgo pred izvedbo napada.

Language:Slovenian
Keywords:operativna tehnologija, kibernetska varnost, Nozomi, Radiflow, Snort, sistem za zaznavanje anomalij
Work type:Master's thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2023
PID:20.500.12556/RUL-144976 This link opens in a new window
COBISS.SI-ID:148219139 This link opens in a new window
Publication date in RUL:27.03.2023
Views:583
Downloads:121
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Comparison of cybersecurity tools for operational technology systems
Abstract:
The master's thesis presents a solution for ensuring cybersecurity in operational technology (OT) environment. For a long time, operational technology systems were isolated from outside systems. With the automation of industry, operational technology systems had to be integrated with information technology systems (IT). The software and protocols in the operational technology are outdated and were created without security mechanisms. By integrating operational technology with outside systems, it becomes subject to new cyber attacks. Replacing the equipment is too expensive, updates are unwanted due to potential side effects and the systems must be secured, because operational technology makes up industrial and critical infrastructure. Newer malware bypasses traditional cybersecurity mechanisms, so OT systems need to be protected differently than before. In the master's thesis, we tested and compared cybersecurity tools in operational technology, namely Wireshark, Nozomi, Radiflow and Snort. Currently, the best solution is to use an intrusion prevention system and, in parallel, an anomaly detection system with built-in machine learning and deep packet inspection. This solution works in practice because operational technology traffic is mostly periodic and unencrypted. The same solution wouldn't work in the IT domain as the network traffic there is aperiodic and unencrypted, therefore it's not possible to build an accurate model of normal network behaviour and to perform deep packet inspection. The idea of using an anomaly detection system is to detect malware while it's in the network learning phase and long before it executes an attack.

Keywords:Operational Technology, Cybersecurity, Nozomi, Radiflow, Snort, Anomaly Detection System

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back