Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine

The process control-oriented threat,which can exploit OT(Operational Technology)vulnerabilities to forcibly insert abnormal control commands or status information,has become one of the most devastating cyber attacks in industrial automation control.To effectively detect this threat,this paper proposes one functional pattern-related anomaly detection approach,which skillfully collaborates the BinSeg(Binary Segmentation)algorithm with FSM(Finite State Machine)to identify anomalies between measuring data and control data.By detecting the change points of measuring data,the BinSeg algorithm is introduced to generate some initial sequence segments,which can be further classified and merged into different functional patterns due to their backward difference means and lengths.After analyzing the pattern association according to the Bayesian network,one functional state transition model based on FSM,which accurately describes the whole control and monitoring process,is constructed as one feasible detection engine.Finally,we use the typical SWaT(Secure Water Treatment)dataset to evaluate the proposed approach,and the experimental results show that:for one thing,compared with other change-point detection approaches,the BinSeg algorithm can be more suitable for the optimal sequence segmentation of measuring data due to its highest detection accuracy and least consuming time;for another,the proposed approach exhibits relatively excellent detection ability,because the average detection precision,recall rate and F1-score to identify 10 different attacks can reach 0.872,0.982 and 0.896,respectively.

Event-Based Anomaly Detection for Non-Public Industrial Communication Protocols in SDN-Based Control Systems

As the main communication mediums in industrial control networks,industrial communication protocols are always vulnerable to extreme exploitations,and it is very difficult to take protective measures due to their serious privacy.Based on the SDN(Software Defined Network)technology,this paper proposes a novel event-based anomaly detection approach to identify misbehaviors using non-public industrial communication protocols,and this approach can be installed in SDN switches as a security software appliance in SDN-based control systems.Furthermore,aiming at the unknown protocol specification and message format,this approach first restructures the industrial communication sessions and merges the payloads from industrial communication packets.After that,the feature selection and event sequence extraction can be carried out by using the N-gram model and K-means algorithm.Based on the obtained event sequences,this approach finally trains an event-based HMM(Hidden Markov Model)to identify aberrant industrial communication behaviors.Experimental results clearly show that the proposed approach has obvious advantages of classification accuracy and detection efficiency.

Characteristic Insights on Industrial Cyber Security and Popular Defense Mechanisms

Due to the deep integration of information technology and operational technology,networked control systems are experiencing an increasing risk of international cyber attacks.In practice,industrial cyber security is a significant topic because current networked control systems are supporting various critical infrastructures to offer vital utility services.By comparing with traditional IT systems,this paper first analyzes the uncontrollable cyber threats and classified attack characteristics,and elaborates the intrinsic vulnerabilities in current networked control systems and novel security challenges in future Industrial Internet.After that,in order to overcome partial vulnerabilities,this paper presents a few representative security mechanisms which have been successfully applied in today’s industrial control systems,and these mechanisms originally improve traditional IT defense technologies from the perspective of industrial availability.Finally,several popular security viewpoints,adequately covering the needs of industrial network structures and service characteristics,are proposed to combine with burgeoning industrial information technologies.We target to provide some helpful security guidelines for both academia and industry,and hope that our insights can further promote in-depth development of industrial cyber security.

Compared Insights on Machine-Learning Anomaly Detection for Process Control Feature

Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.

Structural characteristics of the basement and the prospective of favorable oil and gas blocks in the Tacheng basin

The Tacheng basin has been identified as a Carboniferous basement with a central uplift, sur- rounded by orogenic belts. This identification was based on the comprehensive analysis of field outcrops, regional magnetic and gravimetric data, skeleton seismic profiles, magnetotelluric profiles and drilling data. Here, we present gravimetric and magnetic data analyses of the basement structures of the Tacheng basin and its base formation. We also provide a magnetotelluric profile analysis of the structural features and tectonic framework of basin-mountain patterns. We use local geology, drilling data, and other comprehensive information to document the tectonic framework of the basement of the basin. Small-scale nappe structures are found in the northern basin, whereas stronger and more pronounced thrusting structures are found to the south and east of the basin. The basin is divided into four first-order tectonic units： a central uplift, a northern depression, a southeastern depression and a western depression. In addition, the Emin sag is suggested as a possible reservoir for oil and gas.

State-Based Control Feature Extraction for Effective Anomaly Detection in Process Industries

In process industries,the characteristics of industrial activities focus on the integrality and continuity of production process,which can contribute to excavating the appropriate features for industrial anomaly detection.From this perspective,this paper proposes a novel state-based control feature extraction approach,which regards the finite control operations as different states.Furthermore,the procedure of state transition can adequately express the change of successive control operations,and the statistical information between different states can be used to calculate the feature values.Additionally,OCSVM(One Class Support Vector Machine)and BPNN(BP Neural Network),which are optimized by PSO(Particle Swarm Optimization)and GA(Genetic Algorithm)respectively,are introduced as alternative detection engines to match with our feature extraction approach.All experimental results clearly show that the proposed feature extraction approach can effectively coordinate with the optimized classification algorithms,and the optimized GA-BPNN classifier is suggested as a more applicable detection engine by comparing its average detection accuracies with the ones of PSO-OCSVM classifier.

Reservoir Quality and Diagenesis of the Permian Lucaogou Formation Tight Carbonates in Jimsar Sag, Junggar Basin, West China

The Lower Permian Lucaogou Formation in the Jimsar sag, Junggar Basin is a typical tight-oil reservoir in China. For effective exploration and production, the formation of a high-quality reservoir must be thoroughly studied. In this work, the tight-oil reservoir was examined using a variety of methods, including core and thin-section observations, XRD, SEM, CL and fluid inclusion and isotope testing. The tight-oil reservoirs were primarily deposited in saline lake environments, which are dominated by variable admixture of dolomite, quartz, feldspar, tuff, calcite and pyrite. Nine main lithofacies were identified：（1） siliceous mudstone,（2） dolomitic siliceous mudstone,（3） dolomitic mudstone,（4） intraclast packstone/grainstone,（5） ooid grainstone,（6） bioclast grainstone,（7） dolomitic siltstone,（8） mixed siliclastic and intraclast grainstone and（9） brecciated dolomitic mudstone. The pore types are classified into four categories： primary intergranular, moldic, intercrystalline and fracture pores. The properties of tight-oil reservoirs are quite poor, with low porosity（ave. 7.85%） and permeability（ave. 0.110 mD） and a small pore-throat radius（ave. 0.086 μm）. The tight-oil reservoirs are dominated by the aggradation of a repetitive meter-scale sedimentary facies succession that records distinct lacustrine expansions and contractions. These tight carbonates have also undergone significant diagenetic alterations, such as dolomitization, dissolution, neomorphism and fracture created intercrystalline and moldic pores, vug and fractures; chemical and mechanical compaction and carbonate cementation have decreased the reservoir quality. Variations in reservoir quality in the Jimusar sag are due to a combination of lithofacies type, high-frequency cyclic depositional architecture, dissolution intensity, dolomitization and tectonic related deformation. This integrated study has helped in understanding the reservoir heterogeneity and hydrocarbon potential of the Jimusar fine-grained rocks.

Synthesis of the tetracyclic core of chlorospermines

Chlorospermines A and B are biologically interesting acridone natural products and recently isolated from Glycosmis chlorosperma.We report here a convergent approach to construct the tetracyclic core of the natural products.The two fragments are assembled together through Sonogashira coupling,and a cis-triene intermediate was prepared by using hydrosilylation/desilylation.A 6p-electrocyclization/aromatization sequence served as the key step of the synthesis,which formed the tetrasubstituted arene motif in one pot.

Predicting the Incident Cases of Emerging Infectious Disease Using a Bayesian Probability Model--China,February 2020

What is already known about this topic?The exact number of incident cases of emerging infectious diseases on a daily basis is of great importance to the disease control and prevention,but it is not directly available from the current surveillance system in time.What is added by this report?In this study,a Bayesian statistical method was proposed to estimate the posterior parameters of the gamma probability distribution of the lag time between the onset date and the reporting time based on the surveillance data.And then the posterior parameters and corresponding cumulative gamma probability distribution were used to predict the actual number of new incident cases and the number of unreported cases per day.The proposed method was used for predicting COVID-19 incident cases from February 5 to February 26,2020.The final results show that Bayesian probability model predictions based on data reported by February 28,2020 are very close to those actually reported a month later.What are the implications for public health practice?This research provides a Bayesian statistical approach for early estimation of the actual number of cases of incidence based on surveillance data,which is of great value in the prevention and control practice of epidemics.