Research on Key Technology of Industrial Network Boundary Protection based on Endogenous Security

Industrial network boundary protection equipment faces threats from attackers when protecting the industrial control system network. The similarity and static characteristics caused by large-scale and long-term deployment determine that it could only defend against known attacks but could not deal with unknown APT threats, which leads to the breakthrough of one defense line is equivalent to the breakthrough of all defense lines and may bring challenges to industrial production safety. This paper proposes a mimic defense model of industrial isolation gateway based on endogenous security. With the dynamic scheduling mechanism to transform the attack surface, the gateway selects multiple heterogeneous filter executors to process the same packet simultaneously. By comparing the processing results of each executor, anomaly detection is carried out to realize the dynamic defense of the industrial isolation gateway. The experimental results show that the industrial isolation gateway based on mimic architecture can significantly increase the difficulty of backdoor utilization, such as paralysis, rule tampering, and information theft, and effectively defend the industrial control system from the threats caused by the backdoors and vulnerabilities of the isolation gateway while exerting the normal boundary protection function.