Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly de...Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.展开更多
It is a common sense that enterprise is the principal of endogenous innovation, but why many firms do not innovate actively? What kind of difficulty will enterprises suffer in endogenous innovation? What can the gov...It is a common sense that enterprise is the principal of endogenous innovation, but why many firms do not innovate actively? What kind of difficulty will enterprises suffer in endogenous innovation? What can the government do for the endogenous innovation? These questions are very crucial to realize endogenous innovation. This paper tries to answer the questions mentioned above from the perspective of technology evolution. The industrial environment of emerging technology is emphasized for analyzing the endogenous innovation in Chinese enterprises. The process of endogenous innovation in NanShanBridge Co. Ltd (NSBIC), which is an IC design firm, is analyzed as a case. From the case study, we can answer the questions above in certain extent, give some suggestions to the enterprises as a later-comer, and present some advice to government.展开更多
Uniformity of warhead axial charge and influences of different warhead wall thicknesses on measurement results were studied by industrial computed tomography(C T).By comparing the differences of relative density value...Uniformity of warhead axial charge and influences of different warhead wall thicknesses on measurement results were studied by industrial computed tomography(C T).By comparing the differences of relative density values of the same simulation charge sample assembled in simulation bodies with different wall thicknesses,effects of warhead wall thickness on charge CT relative density values were analyzed.The results show that CT value increases by about1%with the increase of each additional1mm of wall thickness under the same simulation charge for the projectile with outer diameter of100mm and internal diameterof90mm.There fore,to detect uniformity along warhead axial(upper,middle and lower sections)charge density within penetration ability range of industrial CT(IC T),the CT values of various parts(upper,middle and lower sections)may be only measured without measuring absolute density of charge.By subtracting changes in the CT values caused by warhead wall thickness variation,the CT values of various parts under the same charge can describe warhead axial charge uniformity.展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards...The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards,like ISO 62443,to ensure the quality of the device.However,some industrial proprietary communication protocols can be customized and have complicated structures,the fuzzing system cannot quickly generate test data that adapt to various protocols.It also struggles to define the mutation field without having prior knowledge of the protocols.Therefore,we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory)to learn the features of a protocol and generates mutated test data automatically.We also use the responses of testing and adjust the weight strategies to further test the device under testing(DUT)to find more data that cause unusual connection status.We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers.Furthermore,in a real case,we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response.In summary,ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication.Not only improves the quality of ICS but also improves safety.展开更多
Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN...Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.展开更多
基金supported by the National Natural Science Foundation of China(No.62076042,No.62102049)the Key Research and Development Project of Sichuan Province(No.2021YFSY0012,No.2020YFG0307,No.2021YFG0332)+3 种基金the Science and Technology Innovation Project of Sichuan(No.2020017)the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX)the Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643).
文摘Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.
文摘It is a common sense that enterprise is the principal of endogenous innovation, but why many firms do not innovate actively? What kind of difficulty will enterprises suffer in endogenous innovation? What can the government do for the endogenous innovation? These questions are very crucial to realize endogenous innovation. This paper tries to answer the questions mentioned above from the perspective of technology evolution. The industrial environment of emerging technology is emphasized for analyzing the endogenous innovation in Chinese enterprises. The process of endogenous innovation in NanShanBridge Co. Ltd (NSBIC), which is an IC design firm, is analyzed as a case. From the case study, we can answer the questions above in certain extent, give some suggestions to the enterprises as a later-comer, and present some advice to government.
文摘Uniformity of warhead axial charge and influences of different warhead wall thicknesses on measurement results were studied by industrial computed tomography(C T).By comparing the differences of relative density values of the same simulation charge sample assembled in simulation bodies with different wall thicknesses,effects of warhead wall thickness on charge CT relative density values were analyzed.The results show that CT value increases by about1%with the increase of each additional1mm of wall thickness under the same simulation charge for the projectile with outer diameter of100mm and internal diameterof90mm.There fore,to detect uniformity along warhead axial(upper,middle and lower sections)charge density within penetration ability range of industrial CT(IC T),the CT values of various parts(upper,middle and lower sections)may be only measured without measuring absolute density of charge.By subtracting changes in the CT values caused by warhead wall thickness variation,the CT values of various parts under the same charge can describe warhead axial charge uniformity.
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
文摘The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards,like ISO 62443,to ensure the quality of the device.However,some industrial proprietary communication protocols can be customized and have complicated structures,the fuzzing system cannot quickly generate test data that adapt to various protocols.It also struggles to define the mutation field without having prior knowledge of the protocols.Therefore,we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory)to learn the features of a protocol and generates mutated test data automatically.We also use the responses of testing and adjust the weight strategies to further test the device under testing(DUT)to find more data that cause unusual connection status.We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers.Furthermore,in a real case,we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response.In summary,ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication.Not only improves the quality of ICS but also improves safety.
基金supported in part by 2018 industrial Internet innovation and development project“Construction of Industrial Internet Security Standard System and Test and Verification Environment”in part by the National Industrial Internet Security Public Service Platform+2 种基金in part by the Fundamental Research Funds for the Central Universities(Nos.FRF-BD-19-012A and FRFTP-19-005A3)in part by the National Natural Science Foundation of China(Nos.81961138010,U1736117,and U1836106)in part by the Technological Innovation Foundation of Shunde Graduate School,University of Science and Technology Beijing(No.BK19BF006)。
文摘Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.