Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly de...Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.展开更多
The COVID-19 pandemic affected the operational risk of organizations,requiring its management through Internal Control Systems(ICS).The tourism sector in Portugal,one of the largest and most competitive,was also one o...The COVID-19 pandemic affected the operational risk of organizations,requiring its management through Internal Control Systems(ICS).The tourism sector in Portugal,one of the largest and most competitive,was also one of the most affected by the pandemic,which emerged in March 2020.The main purpose of this paper is to analyse the perception of tourism managers about the relationship between the existence of internal control and risk mitigation in their companies.We present a quantitative study carried out by questionnaire,sent to 830 managers from tourism companies in the region of Porto,Portugal.Most participants consider crucial the implementation of ICS and a competitive advantage in the current pandemic context.They also consider that the implementation of ICS is not accessible to all companies,but its absence does not necessarily make them more fragile.The study also concludes that besides internal control,the role of the Portuguese Government was crucial to overcome the difficulties caused by the pandemic and to ensure companies’recovery.Financial support from the government allows companies to invest in procedures to overcome the pandemic situation,such as strengthening cleanliness measures,focusing on new technologies,and creating products and/or services more attractive to consumers.This study contributes to the perception of tourism managers about internal control,highlight the need to implement risk analysis routines to manage risks that may threaten the company activities,and highlight the government’s role in business recovery.展开更多
Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards...The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards,like ISO 62443,to ensure the quality of the device.However,some industrial proprietary communication protocols can be customized and have complicated structures,the fuzzing system cannot quickly generate test data that adapt to various protocols.It also struggles to define the mutation field without having prior knowledge of the protocols.Therefore,we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory)to learn the features of a protocol and generates mutated test data automatically.We also use the responses of testing and adjust the weight strategies to further test the device under testing(DUT)to find more data that cause unusual connection status.We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers.Furthermore,in a real case,we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response.In summary,ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication.Not only improves the quality of ICS but also improves safety.展开更多
A numerical investigation on jet interaction in supersonic laminar flow with a compres- sion ramp is performed utilizing the AUSMDV scheme and a parallel solver. Several parameters dominating the interference flowfiel...A numerical investigation on jet interaction in supersonic laminar flow with a compres- sion ramp is performed utilizing the AUSMDV scheme and a parallel solver. Several parameters dominating the interference flowfield are studied after defining the relative increment of normal force and the jet amplification factor as the evaluation criterion of jet control performance. The computational results show that most features of the interaction flowfield between the transverse jet and the ramp are similar to those between a jet and a flat plate, except that the flow structures are more complicated and the low-pressure region behind the jet is less extensive. The relative force increment and the jet amplification factor both increase with the distance between the jet and the ramp shortening till quintuple jet diameters. Inconspicuous difference is observed between the jet-before-ramp and jet-on-ramp cases. The variation of the injection angle changes the extent of the separation region, the plateau pressure, and the peak pressure near the jet. In the present computational conditions, 120 is indicated relatively optimal among all the injection angles studied. For cold gas simulations, although little influence of the jet temperature on the pressure distribution near the jet is observed under the computation model and the flow parameters studied, reducing jet temperature somehow benefits the improvement of the normal force and the jet efficiency. When the pressure ratio of jet to freestream is fixed, the relative force increment varies little when increasing the freestream Mach number, while the jet amplification factor increases.展开更多
Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN...Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.展开更多
基金supported by the National Natural Science Foundation of China(No.62076042,No.62102049)the Key Research and Development Project of Sichuan Province(No.2021YFSY0012,No.2020YFG0307,No.2021YFG0332)+3 种基金the Science and Technology Innovation Project of Sichuan(No.2020017)the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX)the Innovation Team of Quantum Security Communication of Sichuan Province(No.17TD0009)the Academic and Technical Leaders Training Funding Support Projects of Sichuan Province(No.2016120080102643).
文摘Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.
文摘The COVID-19 pandemic affected the operational risk of organizations,requiring its management through Internal Control Systems(ICS).The tourism sector in Portugal,one of the largest and most competitive,was also one of the most affected by the pandemic,which emerged in March 2020.The main purpose of this paper is to analyse the perception of tourism managers about the relationship between the existence of internal control and risk mitigation in their companies.We present a quantitative study carried out by questionnaire,sent to 830 managers from tourism companies in the region of Porto,Portugal.Most participants consider crucial the implementation of ICS and a competitive advantage in the current pandemic context.They also consider that the implementation of ICS is not accessible to all companies,but its absence does not necessarily make them more fragile.The study also concludes that besides internal control,the role of the Portuguese Government was crucial to overcome the difficulties caused by the pandemic and to ensure companies’recovery.Financial support from the government allows companies to invest in procedures to overcome the pandemic situation,such as strengthening cleanliness measures,focusing on new technologies,and creating products and/or services more attractive to consumers.This study contributes to the perception of tourism managers about internal control,highlight the need to implement risk analysis routines to manage risks that may threaten the company activities,and highlight the government’s role in business recovery.
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
文摘The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets.And ICS(Industrial control system)is currently facing huge security threats and requires security standards,like ISO 62443,to ensure the quality of the device.However,some industrial proprietary communication protocols can be customized and have complicated structures,the fuzzing system cannot quickly generate test data that adapt to various protocols.It also struggles to define the mutation field without having prior knowledge of the protocols.Therefore,we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory)to learn the features of a protocol and generates mutated test data automatically.We also use the responses of testing and adjust the weight strategies to further test the device under testing(DUT)to find more data that cause unusual connection status.We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers.Furthermore,in a real case,we experimented with the DLMS/COSEM for a smart meter and found that the test data can cause a unusual response.In summary,ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication.Not only improves the quality of ICS but also improves safety.
文摘A numerical investigation on jet interaction in supersonic laminar flow with a compres- sion ramp is performed utilizing the AUSMDV scheme and a parallel solver. Several parameters dominating the interference flowfield are studied after defining the relative increment of normal force and the jet amplification factor as the evaluation criterion of jet control performance. The computational results show that most features of the interaction flowfield between the transverse jet and the ramp are similar to those between a jet and a flat plate, except that the flow structures are more complicated and the low-pressure region behind the jet is less extensive. The relative force increment and the jet amplification factor both increase with the distance between the jet and the ramp shortening till quintuple jet diameters. Inconspicuous difference is observed between the jet-before-ramp and jet-on-ramp cases. The variation of the injection angle changes the extent of the separation region, the plateau pressure, and the peak pressure near the jet. In the present computational conditions, 120 is indicated relatively optimal among all the injection angles studied. For cold gas simulations, although little influence of the jet temperature on the pressure distribution near the jet is observed under the computation model and the flow parameters studied, reducing jet temperature somehow benefits the improvement of the normal force and the jet efficiency. When the pressure ratio of jet to freestream is fixed, the relative force increment varies little when increasing the freestream Mach number, while the jet amplification factor increases.
基金supported in part by 2018 industrial Internet innovation and development project“Construction of Industrial Internet Security Standard System and Test and Verification Environment”in part by the National Industrial Internet Security Public Service Platform+2 种基金in part by the Fundamental Research Funds for the Central Universities(Nos.FRF-BD-19-012A and FRFTP-19-005A3)in part by the National Natural Science Foundation of China(Nos.81961138010,U1736117,and U1836106)in part by the Technological Innovation Foundation of Shunde Graduate School,University of Science and Technology Beijing(No.BK19BF006)。
文摘Industrial Control Systems(ICSs)are the lifeline of a country.Therefore,the anomaly detection of ICS traffic is an important endeavor.This paper proposes a model based on a deep residual Convolution Neural Network(CNN)to prevent gradient explosion or gradient disappearance and guarantee accuracy.The developed methodology addresses two limitations:most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train.The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks.One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN.Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training.The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training.Thus,the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.