Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation inform...Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.展开更多
Recently,Industrial Control Systems(ICSs)have been changing from a closed environment to an open environment because of the expansion of digital transformation,smart factories,and Industrial Internet of Things(IIoT).S...Recently,Industrial Control Systems(ICSs)have been changing from a closed environment to an open environment because of the expansion of digital transformation,smart factories,and Industrial Internet of Things(IIoT).Since security accidents that occur in ICSs can cause national confusion and human casualties,research on detecting abnormalities by using normal operation data learning is being actively conducted.The single technique proposed by existing studies does not detect abnormalities well or provide satisfactory results.In this paper,we propose a GRU-based Buzzer Ensemble for AbnormalDetection(GBE-AD)model for detecting anomalies in industrial control systems to ensure rapid response and process availability.The newly proposed ensemble model of the buzzer method resolves False Negatives(FNs)by complementing the limited range that can be detected in a single model because of the internal models composing GBE-AD.Because the internal models remain suppressed for False Positives(FPs),GBE-AD provides better generalization.In addition,we generated mean prediction error data in GBE-AD and inferred abnormal processes using soft and hard clustering.We confirmed that the detection model’s Time-series Aware Precision(TaP)suppressed FPs at 97.67%.The final performance was 94.04%in an experiment using anHIL-basedAugmented ICS(HAI)Security Dataset(ver.21.03)among public datasets.展开更多
Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographi...Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographically distributed control elements,and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions.In recent years,there has been a lot of focus on the security of industrial control systems.Due to the advancement in information technologies,the risk of cyberattacks on industrial control system has been drastically increased.Because they are so inextricably tied to human life,any damage to them might have devastating consequences.To provide an efficient solution to such problems,this paper proposes a new approach to intrusion detection.First,the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process.Then,a prior estimation of the class is proposed based on a support vector machine.Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms.展开更多
Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuat...Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.展开更多
Programmable Logic Controllers(PLC),core of industrial control systems,is widely used in industrial control systems.The security of PLC is the key to the security of industrial control systems.Nowadays,a large number ...Programmable Logic Controllers(PLC),core of industrial control systems,is widely used in industrial control systems.The security of PLC is the key to the security of industrial control systems.Nowadays,a large number of industrial control systems are connected to the Internet which exposes the PLC equipment to the Internet,and thus raising security concerns.First of all,we introduce the basic principle of PLC in this paper.Then we analyze the PLC code security,firmware security,network security,virus vulnerability and Modbus communication protocol by reviewing the previous related work.Finally,we make a summary of the current security protection methods.展开更多
As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is be...As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.展开更多
Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN...Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.展开更多
Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.T...Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.Towards this end,a class of anomaly detectors,created using data-centric approaches,are gaining attention.Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS.The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design.Despite the advantages,there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants.In this work,we enumerate and discuss such challenges.Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecas...With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecast potential threats.However,it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods.To address these challenges,we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph(KG)in which relation paths contain abundant potential evidence to support the reasoning.The reasoning task in this work refers to determining whether a specific relation is valid between an attacker entity and a possible exploitable vulnerability entity with the help of a collective of the critical paths.The proposed method consists of three primary building blocks:KG construction,relation path representation,and query relation reasoning.A security-oriented ontology combines exploit modeling,which provides a guideline for the integration of the scattered knowledge while constructing the KG.We emphasize the role of the aggregation of the attention mechanism in representation learning and ultimate reasoning.In order to acquire a high-quality representation,the entity and relation embeddings take advantage of their local structure and related semantics.Some critical paths are assigned corresponding attentive weights and then they are aggregated for the determination of the query relation validity.In particular,similarity calculation is introduced into a critical path selection algorithm,which improves search and reasoning performance.Meanwhile,the proposed algorithm avoids redundant paths between the given pairs of entities.Experimental results show that the proposed method outperforms the state-of-the-art ones in the aspects of embedding quality and query relation reasoning accuracy.展开更多
To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the att...To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.展开更多
In this paper, rough set theory is introduced into the interface multi-agent system (MAS) for industrial supervisory system. Taking advantages of rough set in data mining, a cooperation model for MAS is built. Rules...In this paper, rough set theory is introduced into the interface multi-agent system (MAS) for industrial supervisory system. Taking advantages of rough set in data mining, a cooperation model for MAS is built. Rules for avoiding cooperation conflict are deduced. An optimization algorithm is used to enhance security and real time attributes of the system. An application based on the proposed algorithm and rules are given.展开更多
The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diver...The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.展开更多
This paper discusses a strategy for estimating Hammerstein nonlinear systems in the presence of measurement noises for industrial control by applying filtering and recursive approaches.The proposed Hammerstein nonline...This paper discusses a strategy for estimating Hammerstein nonlinear systems in the presence of measurement noises for industrial control by applying filtering and recursive approaches.The proposed Hammerstein nonlinear systems are made up of a neural fuzzy network(NFN)and a linear state`-space model.The estimation of parameters for Hammerstein systems can be achieved by employing hybrid signals,which consist of step signals and random signals.First,based on the characteristic that step signals do not excite static nonlinear systems,that is,the intermediate variable of the Hammerstein system is a step signal with different amplitudes from the input,the unknown intermediate variables can be replaced by inputs,solving the problem of unmeasurable intermediate variable information.In the presence of step signals,the parameters of the state-space model are estimated using the recursive extended least squares(RELS)algorithm.Moreover,to effectively deal with the interference of measurement noises,a data filtering technique is introduced,and the filtering-based RELS is formulated for estimating the NFN by employing random signals.Finally,according to the structure of the Hammerstein system,the control system is designed by eliminating the nonlinear block so that the generated system is approximately equivalent to a linear system,and it can then be easily controlled by applying a linear controller.The effectiveness and feasibility of the developed identification and control strategy are demonstrated using two industrial simulation cases.展开更多
In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control sy...In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control systems.In industrial control systems,an anomaly component may affect the neighboring components;therefore,the connective relationship can help us to detect anomalies effectively.In this paper,we propose a centrality-aware graph convolution network(CAGCN)for anomaly detection in industrial control systems.Unlike the traditional graph convolution network(GCN)model,we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems.Our experiments show that compared with GCN,our CAGCN has a better ability to utilize this relationship between components in industrial control systems.The performances of the model are evaluated on the Secure Water Treatment(SWaT)dataset and the Water Distribution(WADI)dataset,the two most common industrial control systems datasets in the field of industrial anomaly detection.The experimental results show that our CAGCN achieves better results on precision,recall,and F1 score than the state-of-the-art methods.展开更多
The continuous progress of industrialization is a fundamental cause of China’s increasingly severe environmental pollution problem.Improving the efficiency of industrial pollution control is an inevitable choice to e...The continuous progress of industrialization is a fundamental cause of China’s increasingly severe environmental pollution problem.Improving the efficiency of industrial pollution control is an inevitable choice to effectively decrease pollution emissions,thus winning the battle of pollution prevention and control.In this paper,we used the stochastic frontier analysis(SFA)model to measure the provincial efficiency of industrial pollution control based on the input and output data of industrial pollution control of 29 administrative provinces in China from 2000 to 2017.On this basis,a spatial econometric model was used to explore the influence of environmental regulation intensity on the efficiency of industrial pollution control.In addition,the spatial spillover effect of pollution reduction was thoroughly examined.The results show that:(1)The efficiency of industrial pollution control in China has improved year by year,but the overall efficiency is still low,with the average value increasing from 0.165 in 2000 to 0.309 in 2017.Furthermore,there is significant regional heterogeneity with the highest efficiency level in the east and lowest efficiency level in the west.(2)By increasing the financial and material input,the efficiency of industrial pollution control has increased.However,the increase of human input has not been so helpful.(3)The global Moran’s I index is significantly greater than zero,indicating a strong spatial correlation and agglomeration in the efficiency of industrial pollution control,which is reflected in high-high agglomeration in the eastern region and low-low agglomeration in the western region.(4)Stringent environmental regulation has a positive effect on improving the efficiency of industrial pollution control.It also imposes a positive spatial spillover effect,indicating a strategic interaction and coordination of regional pollution control.In line with this,related proposals have been made to optimize the investment structure for environmental pollution control,establish a flow mechanism for the factor market,and strengthen the environmental responsibility awareness of state-owned enterprises.On this basis,we expect to provide a policy for improving the efficiency of industrial pollution control and promoting regional joint pollution control in China.展开更多
In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology o...In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.展开更多
In the next three to five years, China’s light industry will upgrade major product quality generally to world level. This will be done by strengthening quality control and supervision and the improvement in technolog...In the next three to five years, China’s light industry will upgrade major product quality generally to world level. This will be done by strengthening quality control and supervision and the improvement in technology. The campaign was announced by Yu Zhen, president of the China National Council of Light Industry at the beginning of this year.展开更多
This paper presents a fuzzy tuning system for real-time industrial PID (proportional-integral-derivative) controllers. The algorithm set the proportional gain, integral time and derivative time of a classical PID st...This paper presents a fuzzy tuning system for real-time industrial PID (proportional-integral-derivative) controllers. The algorithm set the proportional gain, integral time and derivative time of a classical PID structure according to the set point, error and error derivative of the process, respectively. The tuning of the PID controller is based on a fuzzy inference machine. The set of rules of the fuzzy inference machine was obtained by experts engineering. The system is tested in an austempering process but can be applied in any industrial plant. Besides, an analysis between the response of the process with a PID controller and the system of fuzzy auto-tuning for P1D proposed was made.展开更多
文摘Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.
基金supported by Institute of Information&communications Technology Planning&Evaluation(IITP)grant funded by Korea government Ministry of Science,ICT(MSIT)(No.2019-0-01343,convergence security core talent training business).
文摘Recently,Industrial Control Systems(ICSs)have been changing from a closed environment to an open environment because of the expansion of digital transformation,smart factories,and Industrial Internet of Things(IIoT).Since security accidents that occur in ICSs can cause national confusion and human casualties,research on detecting abnormalities by using normal operation data learning is being actively conducted.The single technique proposed by existing studies does not detect abnormalities well or provide satisfactory results.In this paper,we propose a GRU-based Buzzer Ensemble for AbnormalDetection(GBE-AD)model for detecting anomalies in industrial control systems to ensure rapid response and process availability.The newly proposed ensemble model of the buzzer method resolves False Negatives(FNs)by complementing the limited range that can be detected in a single model because of the internal models composing GBE-AD.Because the internal models remain suppressed for False Positives(FPs),GBE-AD provides better generalization.In addition,we generated mean prediction error data in GBE-AD and inferred abnormal processes using soft and hard clustering.We confirmed that the detection model’s Time-series Aware Precision(TaP)suppressed FPs at 97.67%.The final performance was 94.04%in an experiment using anHIL-basedAugmented ICS(HAI)Security Dataset(ver.21.03)among public datasets.
基金funded by the Research Deanship at the University of Ha’il-Saudi Arabia through Project Number RG-20146。
文摘Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographically distributed control elements,and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions.In recent years,there has been a lot of focus on the security of industrial control systems.Due to the advancement in information technologies,the risk of cyberattacks on industrial control system has been drastically increased.Because they are so inextricably tied to human life,any damage to them might have devastating consequences.To provide an efficient solution to such problems,this paper proposes a new approach to intrusion detection.First,the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process.Then,a prior estimation of the class is proposed based on a support vector machine.Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms.
基金supported by the Korea WESTERN POWER(KOWEPO)(2022-Commissioned Research-11,Development of Cyberattack Detection Technology for New and Renewable Energy Control System Using AI(Artificial Intelligence),50%)the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%).
文摘Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.
基金This work is funded by the National Key Research and Development Plan(Grant No.2018YFB0803504)the National Natural Science Foundation of China(Nos.61702223,61702220,61871140,U1636215)the Opening Project of Shanghai Trusted Industrial Control Platform.
文摘Programmable Logic Controllers(PLC),core of industrial control systems,is widely used in industrial control systems.The security of PLC is the key to the security of industrial control systems.Nowadays,a large number of industrial control systems are connected to the Internet which exposes the PLC equipment to the Internet,and thus raising security concerns.First of all,we introduce the basic principle of PLC in this paper.Then we analyze the PLC code security,firmware security,network security,virus vulnerability and Modbus communication protocol by reviewing the previous related work.Finally,we make a summary of the current security protection methods.
基金Scientific Research Project of Liaoning Province Education Department,Code:LJKQZ20222457&LJKMZ20220781Liaoning Province Nature Fund Project,Code:No.2022-MS-291.
文摘As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.
基金supported in part by 2018 industrial Internet innovation and development project“Construction of Industrial Internet Security Standard System and Test and Verification Environment”in part by the National Industrial Internet Security Public Service Platform+2 种基金in part by the Fundamental Research Funds for the Central Universities(Nos.FRF-BD-19-012A and FRFTP-19-005A3)in part by the National Natural Science Foundation of China(Nos.81961138010,U1736117,and U1836106)in part by the Technological Innovation Foundation of Shunde Graduate School,University of Science and Technology Beijing(No.BK19BF006)。
文摘Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.
基金the National Research Foundation(NRF),Prime Minister’s Office,Singapore,under its National Cybersecurity R&D Programme(Award No.NRF2016NCR-NCR002-023 and NRF2018NCR-NSOE005-0001)administered by the National Cybersecurity R&D Directorate.
文摘Gradual increase in the number of successful attacks against Industrial Control Systems(ICS)has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies.Towards this end,a class of anomaly detectors,created using data-centric approaches,are gaining attention.Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS.The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design.Despite the advantages,there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants.In this work,we enumerate and discuss such challenges.Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
基金Our work is supported by the National Key R&D Program of China(2021YFB2012400).
文摘With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecast potential threats.However,it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods.To address these challenges,we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph(KG)in which relation paths contain abundant potential evidence to support the reasoning.The reasoning task in this work refers to determining whether a specific relation is valid between an attacker entity and a possible exploitable vulnerability entity with the help of a collective of the critical paths.The proposed method consists of three primary building blocks:KG construction,relation path representation,and query relation reasoning.A security-oriented ontology combines exploit modeling,which provides a guideline for the integration of the scattered knowledge while constructing the KG.We emphasize the role of the aggregation of the attention mechanism in representation learning and ultimate reasoning.In order to acquire a high-quality representation,the entity and relation embeddings take advantage of their local structure and related semantics.Some critical paths are assigned corresponding attentive weights and then they are aggregated for the determination of the query relation validity.In particular,similarity calculation is introduced into a critical path selection algorithm,which improves search and reasoning performance.Meanwhile,the proposed algorithm avoids redundant paths between the given pairs of entities.Experimental results show that the proposed method outperforms the state-of-the-art ones in the aspects of embedding quality and query relation reasoning accuracy.
基金funded in part by the National Key R&D Program of China(Grant No.2022YFB3102901)the National Natural Science Foundation of China(Grant Nos.61976064,61871140,62272119,62072130)the Guangdong Province Key Research and Development Plan(Grant No.2019B010137004).
文摘To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.
基金Project supported by Science Foundation of Shanghai MunicipalCommission of Science and Technology (Grant Nos .025111052 ,04JC14038)
文摘In this paper, rough set theory is introduced into the interface multi-agent system (MAS) for industrial supervisory system. Taking advantages of rough set in data mining, a cooperation model for MAS is built. Rules for avoiding cooperation conflict are deduced. An optimization algorithm is used to enhance security and real time attributes of the system. An application based on the proposed algorithm and rules are given.
文摘The evolution of the Internet of Things(IoT)has empowered modern industries with the capability to implement large-scale IoT ecosystems,such as the Industrial Internet of Things(IIoT).The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational andfinancial harm to organizations.To preserve the confidentiality,integrity,and availability of IIoT networks,an anomaly-based intrusion detection system(IDS)can be used to provide secure,reliable,and efficient IIoT ecosystems.In this paper,we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks.The proposed anomaly-based IDS is divided into three phases:pre-processing,feature selection,and classification.In the pre-processing phase,data cleaning and nor-malization are performed.In the feature selection phase,the candidates’feature vectors are computed using two feature reduction techniques,minimum redun-dancy maximum relevance and neighborhood components analysis.For thefinal step,the modeling phase,the following classifiers are used to perform the classi-fication:support vector machine,decision tree,k-nearest neighbors,and linear discriminant analysis.The proposed work uses a new data-driven IIoT data set called X-IIoTID.The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%,a sensitivity rate of 99.59%,a specificity rate of 99.58%,and a low false positive rate of 0.4%.
基金Project supported by the National Natural Science Foundation of China(No.62003151)the Changzhou Science and Technology Bureau,China(No.CJ20220065)+1 种基金the Qinglan Project of Jiangsu Province,China(No.2022[29])the Zhongwu Youth Innovative Talents Support Program of Jiangsu University of Technology,China(No.202102003)。
文摘This paper discusses a strategy for estimating Hammerstein nonlinear systems in the presence of measurement noises for industrial control by applying filtering and recursive approaches.The proposed Hammerstein nonlinear systems are made up of a neural fuzzy network(NFN)and a linear state`-space model.The estimation of parameters for Hammerstein systems can be achieved by employing hybrid signals,which consist of step signals and random signals.First,based on the characteristic that step signals do not excite static nonlinear systems,that is,the intermediate variable of the Hammerstein system is a step signal with different amplitudes from the input,the unknown intermediate variables can be replaced by inputs,solving the problem of unmeasurable intermediate variable information.In the presence of step signals,the parameters of the state-space model are estimated using the recursive extended least squares(RELS)algorithm.Moreover,to effectively deal with the interference of measurement noises,a data filtering technique is introduced,and the filtering-based RELS is formulated for estimating the NFN by employing random signals.Finally,according to the structure of the Hammerstein system,the control system is designed by eliminating the nonlinear block so that the generated system is approximately equivalent to a linear system,and it can then be easily controlled by applying a linear controller.The effectiveness and feasibility of the developed identification and control strategy are demonstrated using two industrial simulation cases.
基金supported by the Chinese Academy of Sciences through the Strategic Priority Research Program under Grant No.XDC02020400.
文摘In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control systems.In industrial control systems,an anomaly component may affect the neighboring components;therefore,the connective relationship can help us to detect anomalies effectively.In this paper,we propose a centrality-aware graph convolution network(CAGCN)for anomaly detection in industrial control systems.Unlike the traditional graph convolution network(GCN)model,we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems.Our experiments show that compared with GCN,our CAGCN has a better ability to utilize this relationship between components in industrial control systems.The performances of the model are evaluated on the Secure Water Treatment(SWaT)dataset and the Water Distribution(WADI)dataset,the two most common industrial control systems datasets in the field of industrial anomaly detection.The experimental results show that our CAGCN achieves better results on precision,recall,and F1 score than the state-of-the-art methods.
基金National Natural Science Foundation of China:The enhancing potential and realizing paths of China’s industrial total factor productivity:A perspective of energy price distortion correction[Grants number.71774122]China Postdoctoral Science Foundation:Research on the Emission Reduction Effect Evaluation and Mechanism of China’s Low-Carbon City Pilot Policies[Grants number.2019M662721].
文摘The continuous progress of industrialization is a fundamental cause of China’s increasingly severe environmental pollution problem.Improving the efficiency of industrial pollution control is an inevitable choice to effectively decrease pollution emissions,thus winning the battle of pollution prevention and control.In this paper,we used the stochastic frontier analysis(SFA)model to measure the provincial efficiency of industrial pollution control based on the input and output data of industrial pollution control of 29 administrative provinces in China from 2000 to 2017.On this basis,a spatial econometric model was used to explore the influence of environmental regulation intensity on the efficiency of industrial pollution control.In addition,the spatial spillover effect of pollution reduction was thoroughly examined.The results show that:(1)The efficiency of industrial pollution control in China has improved year by year,but the overall efficiency is still low,with the average value increasing from 0.165 in 2000 to 0.309 in 2017.Furthermore,there is significant regional heterogeneity with the highest efficiency level in the east and lowest efficiency level in the west.(2)By increasing the financial and material input,the efficiency of industrial pollution control has increased.However,the increase of human input has not been so helpful.(3)The global Moran’s I index is significantly greater than zero,indicating a strong spatial correlation and agglomeration in the efficiency of industrial pollution control,which is reflected in high-high agglomeration in the eastern region and low-low agglomeration in the western region.(4)Stringent environmental regulation has a positive effect on improving the efficiency of industrial pollution control.It also imposes a positive spatial spillover effect,indicating a strategic interaction and coordination of regional pollution control.In line with this,related proposals have been made to optimize the investment structure for environmental pollution control,establish a flow mechanism for the factor market,and strengthen the environmental responsibility awareness of state-owned enterprises.On this basis,we expect to provide a policy for improving the efficiency of industrial pollution control and promoting regional joint pollution control in China.
基金supported by National Nature Science Foundation of China (Grant No.61471182)Postgraduate Research&Practice Innovation Program of Jiangsu Province (Grant No.KYCX20_2993)Jiangsu postgraduate research innovation project (SJCX18_0784)。
文摘In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.
文摘In the next three to five years, China’s light industry will upgrade major product quality generally to world level. This will be done by strengthening quality control and supervision and the improvement in technology. The campaign was announced by Yu Zhen, president of the China National Council of Light Industry at the beginning of this year.
文摘This paper presents a fuzzy tuning system for real-time industrial PID (proportional-integral-derivative) controllers. The algorithm set the proportional gain, integral time and derivative time of a classical PID structure according to the set point, error and error derivative of the process, respectively. The tuning of the PID controller is based on a fuzzy inference machine. The set of rules of the fuzzy inference machine was obtained by experts engineering. The system is tested in an austempering process but can be applied in any industrial plant. Besides, an analysis between the response of the process with a PID controller and the system of fuzzy auto-tuning for P1D proposed was made.