Intrusion Detection System for wide Automation Network Based on the Ethernet Compatible Communication Protocols

摘要

This paper is focused on the description of importance, design, and implementation of the Intrusion Detection Systems for a new automation system based on the Ethernet communication protocol. Newly developed and designed automation networks for complex factory control are composed from several types of automation communication links with different communication protocols, but most of the factory middle layer and top layer communication networks are based on Ethernet communication protocol. Wide use of Ethernet communication protocol not only in IT, but also in automation field, brings not only advantages of easy implementation and interoperability between different automation communication networks, but also brings risks and vulnerabilities, well known form IT. Therefore security incidents are becoming more serious and more common not only in computer networks, but also in automation networks. Actual trends in automation networks are among others wide automation networks covering several manufacture divisions or remote controlling of automation networks through the Internet. Necessity of a remote connection to the automation networks covers all security vulnerabilities and risks, which originate from the Internet. Analogically with IT, an automation network can be secured by the conventional way through firewalls and VPN tunnels, but automation networks have several specific requirements on the QoS, against the IT networks. For this reason a new automation firewall device was defined, designed and tested. The new automation firewall includes messaging system for logging all events and alerts originates form automation network. IDMEF (Intrusion Detection Message Exchange Format) is used, as a basis for automation firewall messaging system