The process control-oriented threat,which can exploit OT(Operational Technology)vulnerabilities to forcibly insert abnormal control commands or status information,has become one of the most devastating cyber attacks i...The process control-oriented threat,which can exploit OT(Operational Technology)vulnerabilities to forcibly insert abnormal control commands or status information,has become one of the most devastating cyber attacks in industrial automation control.To effectively detect this threat,this paper proposes one functional pattern-related anomaly detection approach,which skillfully collaborates the BinSeg(Binary Segmentation)algorithm with FSM(Finite State Machine)to identify anomalies between measuring data and control data.By detecting the change points of measuring data,the BinSeg algorithm is introduced to generate some initial sequence segments,which can be further classified and merged into different functional patterns due to their backward difference means and lengths.After analyzing the pattern association according to the Bayesian network,one functional state transition model based on FSM,which accurately describes the whole control and monitoring process,is constructed as one feasible detection engine.Finally,we use the typical SWaT(Secure Water Treatment)dataset to evaluate the proposed approach,and the experimental results show that:for one thing,compared with other change-point detection approaches,the BinSeg algorithm can be more suitable for the optimal sequence segmentation of measuring data due to its highest detection accuracy and least consuming time;for another,the proposed approach exhibits relatively excellent detection ability,because the average detection precision,recall rate and F1-score to identify 10 different attacks can reach 0.872,0.982 and 0.896,respectively.展开更多
As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their seri...As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their serious privacy.Based on the SDN(Software Defined Network)technology,this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols,and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems.Furthermore,aiming at the unknown protocol specification and message format,this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets.After that,the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm.Based on the obtained event sequences,this approach finally trains an event-based HMM(Hidden Markov Model)to identify aberrant industrial communication behaviors.Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.展开更多
Due to the deep integration of information technology and operational technology,networked control systems are experiencing an increasing risk of international cyber attacks.In practice,industrial cyber security is a ...Due to the deep integration of information technology and operational technology,networked control systems are experiencing an increasing risk of international cyber attacks.In practice,industrial cyber security is a significant topic because current networked control systems are supporting various critical infrastructures to offer vital utility services.By comparing with traditional IT systems,this paper first analyzes the uncontrollable cyber threats and classified attack characteristics,and elaborates the intrinsic vulnerabilities in current networked control systems and novel security challenges in future Industrial Internet.After that,in order to overcome partial vulnerabilities,this paper presents a few representative security mechanisms which have been successfully applied in today’s industrial control systems,and these mechanisms originally improve traditional IT defense technologies from the perspective of industrial availability.Finally,several popular security viewpoints,adequately covering the needs of industrial network structures and service characteristics,are proposed to combine with burgeoning industrial information technologies.We target to provide some helpful security guidelines for both academia and industry,and hope that our insights can further promote in-depth development of industrial cyber security.展开更多
Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to succes...Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.展开更多
The Tacheng basin has been identified as a Carboniferous basement with a central uplift, sur- rounded by orogenic belts. This identification was based on the comprehensive analysis of field outcrops, regional magnetic...The Tacheng basin has been identified as a Carboniferous basement with a central uplift, sur- rounded by orogenic belts. This identification was based on the comprehensive analysis of field outcrops, regional magnetic and gravimetric data, skeleton seismic profiles, magnetotelluric profiles and drilling data. Here, we present gravimetric and magnetic data analyses of the basement structures of the Tacheng basin and its base formation. We also provide a magnetotelluric profile analysis of the structural features and tectonic framework of basin-mountain patterns. We use local geology, drilling data, and other comprehensive information to document the tectonic framework of the basement of the basin. Small-scale nappe structures are found in the northern basin, whereas stronger and more pronounced thrusting structures are found to the south and east of the basin. The basin is divided into four first-order tectonic units: a central uplift, a northern depression, a southeastern depression and a western depression. In addition, the Emin sag is suggested as a possible reservoir for oil and gas.展开更多
In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detec...In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detection.From this perspective,this paper proposes a novel state-based control feature extraction approach,which regards the finite control operations as different states.Furthermore,the procedure of state transition can adequately express the change of successive control operations,and the statistical information between different states can be used to calculate the feature values.Additionally,OCSVM(One Class Support Vector Machine)and BPNN(BP Neural Network),which are optimized by PSO(Particle Swarm Optimization)and GA(Genetic Algorithm)respectively,are introduced as alternative detection engines to match with our feature extraction approach.All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms,and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSO-OCSVM classifier.展开更多
The Lower Permian Lucaogou Formation in the Jimsar sag, Junggar Basin is a typical tight-oil reservoir in China. For effective exploration and production, the formation of a high-quality reservoir must be thoroughly s...The Lower Permian Lucaogou Formation in the Jimsar sag, Junggar Basin is a typical tight-oil reservoir in China. For effective exploration and production, the formation of a high-quality reservoir must be thoroughly studied. In this work, the tight-oil reservoir was examined using a variety of methods, including core and thin-section observations, XRD, SEM, CL and fluid inclusion and isotope testing. The tight-oil reservoirs were primarily deposited in saline lake environments, which are dominated by variable admixture of dolomite, quartz, feldspar, tuff, calcite and pyrite. Nine main lithofacies were identified:(1) siliceous mudstone,(2) dolomitic siliceous mudstone,(3) dolomitic mudstone,(4) intraclast packstone/grainstone,(5) ooid grainstone,(6) bioclast grainstone,(7) dolomitic siltstone,(8) mixed siliclastic and intraclast grainstone and(9) brecciated dolomitic mudstone. The pore types are classified into four categories: primary intergranular, moldic, intercrystalline and fracture pores. The properties of tight-oil reservoirs are quite poor, with low porosity(ave. 7.85%) and permeability(ave. 0.110 mD) and a small pore-throat radius(ave. 0.086 μm). The tight-oil reservoirs are dominated by the aggradation of a repetitive meter-scale sedimentary facies succession that records distinct lacustrine expansions and contractions. These tight carbonates have also undergone significant diagenetic alterations, such as dolomitization, dissolution, neomorphism and fracture created intercrystalline and moldic pores, vug and fractures; chemical and mechanical compaction and carbonate cementation have decreased the reservoir quality. Variations in reservoir quality in the Jimusar sag are due to a combination of lithofacies type, high-frequency cyclic depositional architecture, dissolution intensity, dolomitization and tectonic related deformation. This integrated study has helped in understanding the reservoir heterogeneity and hydrocarbon potential of the Jimusar fine-grained rocks.展开更多
Chlorospermines A and B are biologically interesting acridone natural products and recently isolated from Glycosmis chlorosperma.We report here a convergent approach to construct the tetracyclic core of the natural pr...Chlorospermines A and B are biologically interesting acridone natural products and recently isolated from Glycosmis chlorosperma.We report here a convergent approach to construct the tetracyclic core of the natural products.The two fragments are assembled together through Sonogashira coupling,and a cis-triene intermediate was prepared by using hydrosilylation/desilylation.A 6p-electrocyclization/aromatization sequence served as the key step of the synthesis,which formed the tetrasubstituted arene motif in one pot.展开更多
What is already known about this topic?The exact number of incident cases of emerging infectious diseases on a daily basis is of great importance to the disease control and prevention,but it is not directly available ...What is already known about this topic?The exact number of incident cases of emerging infectious diseases on a daily basis is of great importance to the disease control and prevention,but it is not directly available from the current surveillance system in time.What is added by this report?In this study,a Bayesian statistical method was proposed to estimate the posterior parameters of the gamma probability distribution of the lag time between the onset date and the reporting time based on the surveillance data.And then the posterior parameters and corresponding cumulative gamma probability distribution were used to predict the actual number of new incident cases and the number of unreported cases per day.The proposed method was used for predicting COVID-19 incident cases from February 5 to February 26,2020.The final results show that Bayesian probability model predictions based on data reported by February 28,2020 are very close to those actually reported a month later.What are the implications for public health practice?This research provides a Bayesian statistical approach for early estimation of the actual number of cases of incidence based on surveillance data,which is of great value in the prevention and control practice of epidemics.展开更多
基金supported by the Hainan Provincial Natural Science Foundation of China(Grant No.620RC562)the Liaoning Provincial Natural Science Foundation:Industrial Internet Identification Data Association Analysis Based on Machine Online Learning(Grant No.2022-KF-12-11)the Scientific Research Project of Educational Department of Liaoning Province(Grant No.LJKZ0082).
文摘The process control-oriented threat,which can exploit OT(Operational Technology)vulnerabilities to forcibly insert abnormal control commands or status information,has become one of the most devastating cyber attacks in industrial automation control.To effectively detect this threat,this paper proposes one functional pattern-related anomaly detection approach,which skillfully collaborates the BinSeg(Binary Segmentation)algorithm with FSM(Finite State Machine)to identify anomalies between measuring data and control data.By detecting the change points of measuring data,the BinSeg algorithm is introduced to generate some initial sequence segments,which can be further classified and merged into different functional patterns due to their backward difference means and lengths.After analyzing the pattern association according to the Bayesian network,one functional state transition model based on FSM,which accurately describes the whole control and monitoring process,is constructed as one feasible detection engine.Finally,we use the typical SWaT(Secure Water Treatment)dataset to evaluate the proposed approach,and the experimental results show that:for one thing,compared with other change-point detection approaches,the BinSeg algorithm can be more suitable for the optimal sequence segmentation of measuring data due to its highest detection accuracy and least consuming time;for another,the proposed approach exhibits relatively excellent detection ability,because the average detection precision,recall rate and F1-score to identify 10 different attacks can reach 0.872,0.982 and 0.896,respectively.
基金This work is supported by the Hainan Provincial Natural Science Foundation of China(618QN219)the National Natural Science Foundation of China(Grant No.61501447)the General Project of Scientific Research of Liaoning Provincial Department of Education(LYB201616).
文摘As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their serious privacy.Based on the SDN(Software Defined Network)technology,this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols,and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems.Furthermore,aiming at the unknown protocol specification and message format,this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets.After that,the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm.Based on the obtained event sequences,this approach finally trains an event-based HMM(Hidden Markov Model)to identify aberrant industrial communication behaviors.Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.
基金This work was supported by the National Key R&D Program under Grant No.2018YFA0701604the Natural Science Foundation of Liaoning Province under Grant No.2019-MS-149.
文摘Due to the deep integration of information technology and operational technology,networked control systems are experiencing an increasing risk of international cyber attacks.In practice,industrial cyber security is a significant topic because current networked control systems are supporting various critical infrastructures to offer vital utility services.By comparing with traditional IT systems,this paper first analyzes the uncontrollable cyber threats and classified attack characteristics,and elaborates the intrinsic vulnerabilities in current networked control systems and novel security challenges in future Industrial Internet.After that,in order to overcome partial vulnerabilities,this paper presents a few representative security mechanisms which have been successfully applied in today’s industrial control systems,and these mechanisms originally improve traditional IT defense technologies from the perspective of industrial availability.Finally,several popular security viewpoints,adequately covering the needs of industrial network structures and service characteristics,are proposed to combine with burgeoning industrial information technologies.We target to provide some helpful security guidelines for both academia and industry,and hope that our insights can further promote in-depth development of industrial cyber security.
基金This work is supported by the Scientific Research Project of Educational Department of Liaoning Province(Grant No.LJKZ0082)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(Grant No.QCXM201910)+2 种基金the National Natural Science Foundation of China(Grant Nos.61802092 and 92067110)the Hainan Provincial Natural Science Foundation of China(Grant No.620RC562)2020 Industrial Internet Innovation and Development Project-Industrial Internet Identification Data Interaction Middleware and Resource Pool Service Platform Project,Ministry of Industry and Information Technology of the People’s Republic of China.
文摘Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.
文摘The Tacheng basin has been identified as a Carboniferous basement with a central uplift, sur- rounded by orogenic belts. This identification was based on the comprehensive analysis of field outcrops, regional magnetic and gravimetric data, skeleton seismic profiles, magnetotelluric profiles and drilling data. Here, we present gravimetric and magnetic data analyses of the basement structures of the Tacheng basin and its base formation. We also provide a magnetotelluric profile analysis of the structural features and tectonic framework of basin-mountain patterns. We use local geology, drilling data, and other comprehensive information to document the tectonic framework of the basement of the basin. Small-scale nappe structures are found in the northern basin, whereas stronger and more pronounced thrusting structures are found to the south and east of the basin. The basin is divided into four first-order tectonic units: a central uplift, a northern depression, a southeastern depression and a western depression. In addition, the Emin sag is suggested as a possible reservoir for oil and gas.
基金This work is supported by the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(Grant No.QCXM201910)the Natural Science Foundation of Liaoning Province(Grant No.2019-MS-149),the Social Science Planning Foundation of Liaoning Province(Grant No.L18AGL007)+1 种基金the National Natural Science Foundation of China(Grant Nos.61802092,51704138 and 61501447)the Scientific Research Setup Fund of Hainan University(Grant No.KYQD(ZR)1837).
文摘In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detection.From this perspective,this paper proposes a novel state-based control feature extraction approach,which regards the finite control operations as different states.Furthermore,the procedure of state transition can adequately express the change of successive control operations,and the statistical information between different states can be used to calculate the feature values.Additionally,OCSVM(One Class Support Vector Machine)and BPNN(BP Neural Network),which are optimized by PSO(Particle Swarm Optimization)and GA(Genetic Algorithm)respectively,are introduced as alternative detection engines to match with our feature extraction approach.All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms,and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSO-OCSVM classifier.
基金supported by the National Basic Research Program of China (No. 2014CB239002)the Joint Funds of the Shandong Science Foundation (No. ZR2016DL05)
文摘The Lower Permian Lucaogou Formation in the Jimsar sag, Junggar Basin is a typical tight-oil reservoir in China. For effective exploration and production, the formation of a high-quality reservoir must be thoroughly studied. In this work, the tight-oil reservoir was examined using a variety of methods, including core and thin-section observations, XRD, SEM, CL and fluid inclusion and isotope testing. The tight-oil reservoirs were primarily deposited in saline lake environments, which are dominated by variable admixture of dolomite, quartz, feldspar, tuff, calcite and pyrite. Nine main lithofacies were identified:(1) siliceous mudstone,(2) dolomitic siliceous mudstone,(3) dolomitic mudstone,(4) intraclast packstone/grainstone,(5) ooid grainstone,(6) bioclast grainstone,(7) dolomitic siltstone,(8) mixed siliclastic and intraclast grainstone and(9) brecciated dolomitic mudstone. The pore types are classified into four categories: primary intergranular, moldic, intercrystalline and fracture pores. The properties of tight-oil reservoirs are quite poor, with low porosity(ave. 7.85%) and permeability(ave. 0.110 mD) and a small pore-throat radius(ave. 0.086 μm). The tight-oil reservoirs are dominated by the aggradation of a repetitive meter-scale sedimentary facies succession that records distinct lacustrine expansions and contractions. These tight carbonates have also undergone significant diagenetic alterations, such as dolomitization, dissolution, neomorphism and fracture created intercrystalline and moldic pores, vug and fractures; chemical and mechanical compaction and carbonate cementation have decreased the reservoir quality. Variations in reservoir quality in the Jimusar sag are due to a combination of lithofacies type, high-frequency cyclic depositional architecture, dissolution intensity, dolomitization and tectonic related deformation. This integrated study has helped in understanding the reservoir heterogeneity and hydrocarbon potential of the Jimusar fine-grained rocks.
基金Ministry of Science & Technology (No.2013CB836900)National Natural Science Foundation of China (Nos.21290180,21172235 and 21222202)China Postdoctoral Science Foundation (No.2014M561537,M.Y.)
文摘Chlorospermines A and B are biologically interesting acridone natural products and recently isolated from Glycosmis chlorosperma.We report here a convergent approach to construct the tetracyclic core of the natural products.The two fragments are assembled together through Sonogashira coupling,and a cis-triene intermediate was prepared by using hydrosilylation/desilylation.A 6p-electrocyclization/aromatization sequence served as the key step of the synthesis,which formed the tetrasubstituted arene motif in one pot.
基金supported by grants from the Key Joint Project for Data Center of the National Natural Science Foundation of China and Guangdong Provincial Government(U1611264)The National Major Scientific and Technological Special Project for HIV/AIDS and Hepatitis B prevention(2013ZX10004218-006,2017ZX10303401-005,2018ZX10201002)the National Key Research and Development Program of China(2016YFC1200703).
文摘What is already known about this topic?The exact number of incident cases of emerging infectious diseases on a daily basis is of great importance to the disease control and prevention,but it is not directly available from the current surveillance system in time.What is added by this report?In this study,a Bayesian statistical method was proposed to estimate the posterior parameters of the gamma probability distribution of the lag time between the onset date and the reporting time based on the surveillance data.And then the posterior parameters and corresponding cumulative gamma probability distribution were used to predict the actual number of new incident cases and the number of unreported cases per day.The proposed method was used for predicting COVID-19 incident cases from February 5 to February 26,2020.The final results show that Bayesian probability model predictions based on data reported by February 28,2020 are very close to those actually reported a month later.What are the implications for public health practice?This research provides a Bayesian statistical approach for early estimation of the actual number of cases of incidence based on surveillance data,which is of great value in the prevention and control practice of epidemics.