A consideration of white list creating algorithm for industrial network protocols at network switch

In a control system, a network is often constructed because a central monitoring room monitors the status of control devices and sensors arranged in a wide area. Information from control devices and sensors is transmitted to the central monitoring room using a specific communication protocol. Therefore, many sensors and control devices can be accessed from outside by connecting to a system in the central monitoring room or via a computer in the central monitoring room. Attackers can take over control systems and gather information without the risk of physical intrusion. In order to avoid such vulnerabilities, it is necessary to introduce a defense method into the system, but it is difficult to introduce a system used in the information system due to the characteristics of the control system. We will examine the defense method considering the characteristics of the control system. In this paper, we focus on communications performed between control devices and sensors, and consider a white listing protection method that defines communications that are transferred by network switches. In particular, an object of the present invention is to protect against an attack due to connection of an unauthorized device and an attack for performing unauthorized communication from an authorized devices. In addition, in generating a white list, we discuss functions necessary to reduce the generation cost and management cost.