近年來複雜的工業開發過程技術進步，使得自動化控制理論迅速發展，而自動化技術的水平也大大提升。工業控制系統在工業開發中自成一個網路系統，與外界沒有聯繫，但為了將工業開發更為標準化，原自成網路架構的系統也開始與乙太網路連結，駭客即能以網路的漏洞，進而竊取系統中的資訊，使得工業控制系統的安全性問題也逐漸浮出。本論文使用在工業控制系統上的誘捕系統Conpot所監視收集到的資訊，分析其中SNMP連線的資訊，分類為管理資訊掃描、設備資訊掃描以及其他資訊掃描。

In recent years, the process of industrial development improved from complex to simple. The theory of automatic control also develops rapidly, and the level of automation technology is greatly enhanced. An Industrial control system (ICS) contains supervisory control and data acquisition (SCADA) systems, distributed control systems, and other configurations such as programmable logic controllers (PLC). ICS usually has its own network architecture, which is not connected to Ethernet. In order to be more standardized industrial development, ICS started
to connect to Ethernet. For that, the hacker is able to use vulnerabilities to steal system information. The security problems of ICS gradually show up. In this thesis used a honeypot of ICS, Conpot, to monitor and collection information. Analyze the information which used SNMP connection and classified as management information scanning, device information scanning, and other information scanning.

Acknowledgments iii
摘要iv
Abstract v
List of Figures viii
List of Tables ix
Chapter 1 緒論1
1.1 研究背景. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 研究動機. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 研究目的. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 文獻探討4
2.1 工業控制系統(Industrial Control Systems, ICS) . . . . . . . . . . . . . . . . . 4
2.2 ICS與IT系統. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 ICS存在的風險與攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4 ICS網路監控. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5 ICS的誘捕系統-Conpot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.6 簡單網路管理協定(Simple Network Management Protocol, SNMP) . . . . . . 8
2.6.1 SNMP基本架構. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.6.2 管理訊息庫(Management Information Bases, MIB) . . . . . . . . . . 9
2.6.3 物件識別碼(Object Identifier, OID) . . . . . . . . . . . . . . . . . . . 10
Chapter 3 研究方法12
3.1 研究方法. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.2 系統架構及流程. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3 Conpot、Splunk與OID資料庫. . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 4 實驗步驟與結果15
4.1 樣本收集. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Log資料處理. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 存入SNMP訊息. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.4 OID訊息分類與結果. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 5 貢獻及未來展望21
Bibliography 22

[1] Alvaro A. C´ardenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, and Shankar Sastry. Attacks against process control systems: Risk assessment, detection, and response. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS ’11, pages 355–366, New York, NY, USA, 2011. ACM.
[2] Alvaro A. C´ardenas, Saurabh Amin, and Shankar Sastry. Research challenges for the security of control systems. In Proceedings of the 3rd Conference on Hot Topics in Security, HOTSEC’08, pages 6:1–6:6, Berkeley, CA, USA, 2008. USENIX Association.
[3] M. Cheminod, L. Durante, and A. Valenzano. Review of security issues in industrial networks. Industrial Informatics, IEEE Transactions on, 9(1):277–293, Feb 2013.
[4] J.P. Disso, K. Jones, and S. Bailey. A plausible solution to scada security honeypot systems. In Broadband and Wireless Computing, Communication and Applications
(BWCCA), 2013 Eighth International Conference on, pages 443–448, Oct 2013.
[5] ESET. Stuxnet under the microscope. http://www.eset.com/us/resources/whitepapers/Stuxnet Under the Microscope.pdf.
[6] Paul Ferguson. Towards a more secure industrial control systems security. TREND Security Intelligence Blog, Jan 2012.
[7] D. Hadziosmanovic, D. Bolzoni, S. Etalle, and P. Hartel. Challenges and opportunities in securing industrial control systems. In Complexity in Engineering (COMPENG), 2012, pages 1–6, June 2012.
[8] Splunk Inc. Splunk, 2006.
[9] Infosecurity. Security vulnerabilities in critical infrastructure up 600%. Infosecurity Magazine, Feb 2013.
[10] K. Scarfone K. Stouffer, J. Falco. Guide to industrial control systems(ics) security. NIST Special Publication, 2011.
[11] SungMoon Kwon, HyungUk Yoo, Taeshik Shon, and GunWoong Lee. Scenario-based attack route on industrial control system. In IT Convergence and Security (ICITCS), 2014 International Conference on, pages 1–3, Oct 2014.
[12] Maria B. Line, Ali Zand, Gianluca Stringhini, and Richard Kemmerer. Targeted attacks against industrial control systems: Is the power industry prepared? In Proceedings of the 2Nd Workshop on Smart Energy Grid Security, SEGS ’14, pages 13–22, New York, NY, USA, 2014. ACM.
[13] M. Mantere, I. Uusitalo, M. Sailio, and S. Noponen. Challenges of machine learning based monitoring for industrial control system networks. In Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference on, pages 968–972, March 2012.
[14] ALEKSANDR MATROSOV. Flame, duqu and stuxnet: in-depth code analysis of mssecmgr.ocx. http://www.welivesecurity.com/2012/07/20/flame-in-depth-codeanalysis-of-mssecmgr-ocx/, 2012.
[15] Honeynet Project. Conpot, 2013.
[16] Honeynet Project. Introducing conpot. http://www.honeynet.org/node/1047, 2013.
[17] TWCERT/CC. 惡意程式-duqu簡介. http://www.cert.org.tw/assets/pdf/Duqu.pdf.
[18] TWCERT/CC. 惡意程式-flame簡介.http://www.cert.org.tw/assets/pdf/Flame.pdf.
[19] TWCERT/CC. 惡意程式-stuxnet簡介.http://www.cert.org.tw/assets/pdf/Stuxnet.pdf.
[20] Kyle Wilhoit. Who’s really attacking your ics equipment? Trend Micro Incorporated Research Paper, 2013.