izpis_h1_title_alt

Primerjava orodij za kibernetsko varnost sistemov v operativni tehnologiji
ID Zupančič, Tea (Avtor), ID Kos, Andrej (Mentor) Več o mentorju... Povezava se odpre v novem oknu, ID Ceferin, Peter (Komentor)

.pdfPDF - Predstavitvena datoteka, prenos (2,83 MB)
MD5: 4EAC3DCD45B4DBFB98103C3C4F6D1E75

Izvleček
V magistrskem delu je predstavljena rešitev za zagotavljanje kibernetske varnosti v okolju operativne tehnologije (OT). Dolgo časa so bili sistemi operativne tehnologije ločeni od zunanjih sistemov. Z avtomatizacijo industrije je bilo treba sisteme operativne tehnologije integrirati s sistemi informacijske tehnologije (IT). Programska oprema in protokoli v operativni tehnologiji so zastareli in ustvarjeni so bili brez varnostnih mehanizmov. Z integracijo operativne tehnologije z zunanjimi sistemi je le-ta podvržena novim kibernetskim napadom. Menjava opreme je predraga, posodobitve so zaradi morebitnih stranskih učinkov nezaželjene, sisteme pa moramo zavarovati, saj operativna tehnologija sestavlja industrijsko in kritično infrastrukturo. Novejša zlonamerna programska oprema zaobide tradicionalne mehanizme kibernetske zaščite, zato moramo sisteme OT zaščititi drugače kot do sedaj. V magistrskem delu smo testirali in primerjali orodja za kibernetsko varnost v operativni tehnologiji, in sicer Wireshark, Nozomi, Radiflow in Snort. Trenutno je najboljša rešitev uporaba sistema za preprečevanje vdorov in vzporedno še uporaba sistema za zaznavanje anomalij z vgrajenim strojnim učenjem ter globokim pregledovanjem paketkov. Omenjena rešitev v praksi deluje, ker je promet v operativni tehnologiji periodičen in nešifriran. Enaka rešitev v domeni IT ne bi delovala, saj je tam promet neperiodičen in šifriran, tako izgradnja natančnega modela normalnega obnašanja omrežnega prometa in globoko pregledovanje paketkov nista mogoča. Ideja sistema za zaznavanje anomalij je, da odkrije zlonamerno programsko opremo, ko je le-ta še v fazi učenja delovanja omrežja in dolgo pred izvedbo napada.

Jezik:Slovenski jezik
Ključne besede:operativna tehnologija, kibernetska varnost, Nozomi, Radiflow, Snort, sistem za zaznavanje anomalij
Vrsta gradiva:Magistrsko delo/naloga
Organizacija:FE - Fakulteta za elektrotehniko
Leto izida:2023
PID:20.500.12556/RUL-144976 Povezava se odpre v novem oknu
COBISS.SI-ID:148219139 Povezava se odpre v novem oknu
Datum objave v RUL:27.03.2023
Število ogledov:569
Število prenosov:121
Metapodatki:XML DC-XML DC-RDF
:
Kopiraj citat
Objavi na:Bookmark and Share

Sekundarni jezik

Jezik:Angleški jezik
Naslov:Comparison of cybersecurity tools for operational technology systems
Izvleček:
The master's thesis presents a solution for ensuring cybersecurity in operational technology (OT) environment. For a long time, operational technology systems were isolated from outside systems. With the automation of industry, operational technology systems had to be integrated with information technology systems (IT). The software and protocols in the operational technology are outdated and were created without security mechanisms. By integrating operational technology with outside systems, it becomes subject to new cyber attacks. Replacing the equipment is too expensive, updates are unwanted due to potential side effects and the systems must be secured, because operational technology makes up industrial and critical infrastructure. Newer malware bypasses traditional cybersecurity mechanisms, so OT systems need to be protected differently than before. In the master's thesis, we tested and compared cybersecurity tools in operational technology, namely Wireshark, Nozomi, Radiflow and Snort. Currently, the best solution is to use an intrusion prevention system and, in parallel, an anomaly detection system with built-in machine learning and deep packet inspection. This solution works in practice because operational technology traffic is mostly periodic and unencrypted. The same solution wouldn't work in the IT domain as the network traffic there is aperiodic and unencrypted, therefore it's not possible to build an accurate model of normal network behaviour and to perform deep packet inspection. The idea of using an anomaly detection system is to detect malware while it's in the network learning phase and long before it executes an attack.

Ključne besede:Operational Technology, Cybersecurity, Nozomi, Radiflow, Snort, Anomaly Detection System

Podobna dela

Podobna dela v RUL:
Podobna dela v drugih slovenskih zbirkah:

Nazaj