Cyber Security System with FPGA-based Network Intrusion Detector for Nuclear Power Plant

As the general-purpose network technologies were introduced into the factory automation network, the importance of a high performance network intrusion detection system (NIDS) has rapidly increased. In this paper, we proposed a cyber security system that can be used in control networks that require high levels of reliability, such as nuclear power plants. The proposed system consists of DACS(Detection on Attacking Control System), DACS management program(DMP) to centrally manage multiple DACS, and central monitoring system(CMS) to store system logs. The packet detection function of DACS is handled by a real-time packet detector implemented in FPGA that handles a 7-tuple whitelist; MAC address, IP address, protocol, and TCP/UDP port number of the source and destination network nodes. This paper showed the usefulness of the proposed system by presenting an example of applying the proposed system to the nuclear power plant safety system. However, it was shown that the proposed system is not limited to nuclear power plants, but can be applied to control networks in various fields.