摘要
工业控制(工控)系统是国家工业制造与民用基础设施的“大脑”,近年来安全风险日益突出,已成为网络安全中的重点防护目标。针对工控安全数据分散、威胁感知滞后的问题,设计了多源数据驱动的工控安全态势感知系统Argus,提出了工控安全感知链,研发了无状态极速设备扫描、威胁情报精准提取、可疑攻击行为检测等工控安全态势自主感知技术,实现了多通道、立体式工控安全监测与态势感知。实验结果显示,相比传统工控安全态势感知方法,Argus系统的感知精度提升超过10%,效率提升两个数量级,并可前摄性地预警、缓解潜在安全风险。
Industrial control system(ICS)is the brain of national industrial manufacturing and civil infrastructure.However,the security risks associated with ICS have become increasingly prominent,making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically,the paper presented a multi-source data-driven ICS security situational awareness system named Argus,which incorporated an awareness chain for ICS security.Furthermore,the paper developed autonomous situational awareness technologies for ICS security,such as stateless high-speed device scanning,precise threat intelligence extraction,and suspicious attack behavior detection,to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that,compared with conventional ICS situational awareness methods,the perception accuracy of the Argus system has improved by over 10%,with efficiency improvements by two orders of magnitude.Additionally,Argus allows for proactive warning and mitigation of potential security risks.
作者
朱天晨
赵军
李博
李建欣
ZHU Tianchen;ZHAO Jun;LI Bo;LI Jianxin(School of Computer Science and Engineering,Beihang University,Beijing 100191,China;Beijing Advanced Innovation Center for Big Data and Brain Computing,Beijing 100191,China;School of Information Science and Engineering,Shandong Normal University,Jinan 250358,China;Zhongguancun Laboratory,Beijing 100191,China)
出处
《大数据》
2023年第4期98-115,共18页
Big Data Research
基金
国家自然科学基金资助项目(No.U20B2053)。
关键词
工业控制系统
多源数据融合
态势感知
威胁情报
industrial control system
multi-source data fusion
situation awareness
threat intelligence
