The Effect of Key Nodes on theMalware Dynamics in the Industrial Control Network

As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.

Critical Relation Path Aggregation-Based Industrial Control Component Exploitable Vulnerability Reasoning

With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecast potential threats.However,it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods.To address these challenges,we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph(KG)in which relation paths contain abundant potential evidence to support the reasoning.The reasoning task in this work refers to determining whether a specific relation is valid between an attacker entity and a possible exploitable vulnerability entity with the help of a collective of the critical paths.The proposed method consists of three primary building blocks:KG construction,relation path representation,and query relation reasoning.A security-oriented ontology combines exploit modeling,which provides a guideline for the integration of the scattered knowledge while constructing the KG.We emphasize the role of the aggregation of the attention mechanism in representation learning and ultimate reasoning.In order to acquire a high-quality representation,the entity and relation embeddings take advantage of their local structure and related semantics.Some critical paths are assigned corresponding attentive weights and then they are aggregated for the determination of the query relation validity.In particular,similarity calculation is introduced into a critical path selection algorithm,which improves search and reasoning performance.Meanwhile,the proposed algorithm avoids redundant paths between the given pairs of entities.Experimental results show that the proposed method outperforms the state-of-the-art ones in the aspects of embedding quality and query relation reasoning accuracy.

Programmable Logic Controller Block Monitoring System for Memory Attack Defense in Industrial Control Systems

Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.

Information Security Evaluation of Industrial Control Systems Using Probabilistic Linguistic MCDM Method

Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.

Fault Detection for Motor Drive Control System of Industrial Robots Using CNN-LSTM-based Observers

The complex working conditions and nonlinear characteristics of the motor drive control system of industrial robots make it difficult to detect faults.In this paper,a deep learning-based observer,which combines the convolutional neural network(CNN)and the long short-term memory network(LSTM),is employed to approximate the nonlinear driving control system.CNN layers are introduced to extract dynamic features of the data,whereas LSTM layers perform time-sequential prediction of the target system.In terms of application,normal samples are fed into the observer to build an offline prediction model for the target system.The trained CNN-LSTM-based observer is then deployed along with the target system to estimate the system outputs.Online fault detection can be realized by analyzing the residuals.Finally,an application of the proposed fault detection method to a brushless DC motor drive system is given to verify the effectiveness of the proposed scheme.Simulation results indicate the impressive fault detection capability of the presented method for driving control systems of industrial robots.

Identifying Industrial Control Equipment Based on Rule Matching and Machine Learning

To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.

GRU-based Buzzer Ensemble for Abnormal Detection in Industrial Control Systems

Recently,Industrial Control Systems(ICSs)have been changing from a closed environment to an open environment because of the expansion of digital transformation,smart factories,and Industrial Internet of Things(IIoT).Since security accidents that occur in ICSs can cause national confusion and human casualties,research on detecting abnormalities by using normal operation data learning is being actively conducted.The single technique proposed by existing studies does not detect abnormalities well or provide satisfactory results.In this paper,we propose a GRU-based Buzzer Ensemble for AbnormalDetection(GBE-AD)model for detecting anomalies in industrial control systems to ensure rapid response and process availability.The newly proposed ensemble model of the buzzer method resolves False Negatives(FNs)by complementing the limited range that can be detected in a single model because of the internal models composing GBE-AD.Because the internal models remain suppressed for False Positives(FPs),GBE-AD provides better generalization.In addition,we generated mean prediction error data in GBE-AD and inferred abnormal processes using soft and hard clustering.We confirmed that the detection model’s Time-series Aware Precision(TaP)suppressed FPs at 97.67%.The final performance was 94.04%in an experiment using anHIL-basedAugmented ICS(HAI)Security Dataset(ver.21.03)among public datasets.

An Intelligent Approach for Intrusion Detection in Industrial Control System

Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographically distributed control elements,and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions.In recent years,there has been a lot of focus on the security of industrial control systems.Due to the advancement in information technologies,the risk of cyberattacks on industrial control system has been drastically increased.Because they are so inextricably tied to human life,any damage to them might have devastating consequences.To provide an efficient solution to such problems,this paper proposes a new approach to intrusion detection.First,the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process.Then,a prior estimation of the class is proposed based on a support vector machine.Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms.

ICS中虚假数据注入攻击研究

工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差。为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻击研究面向ICS,建立一种隐蔽的FDI攻击模型,可以在不影响ICS正常通信情况下注入虚假数据篡改监控变量。遵循该攻击模型,在煤制甲醇仿真工厂进行了验证实验,证明威胁切实存在,且难以察觉;同时,分析了威胁的严重性并讨论了防御措施。

Haze Control by Industrialization:A Win-win Mode of Ecological Civilization and Economic Development

Haze control is a difficult and arduous battle,and it is a major decision concerning the people's livelihood and national ecological civilization construction.Taking Heilongjiang Province as an example,this paper introduced a new idea for haze control.Haze in Heilongjiang Province was mainly resulted from straw burning.Market-oriented,large-scale,and industrialized haze control relying on science and technology is new opportunity and challenge for realizing ecological civilization and revitalizing the economy of Heilongjiang Province.

Impact of environmental regulations on the efficient control of industrial pollution in China

The continuous progress of industrialization is a fundamental cause of China’s increasingly severe environmental pollution problem.Improving the efficiency of industrial pollution control is an inevitable choice to effectively decrease pollution emissions,thus winning the battle of pollution prevention and control.In this paper,we used the stochastic frontier analysis(SFA)model to measure the provincial efficiency of industrial pollution control based on the input and output data of industrial pollution control of 29 administrative provinces in China from 2000 to 2017.On this basis,a spatial econometric model was used to explore the influence of environmental regulation intensity on the efficiency of industrial pollution control.In addition,the spatial spillover effect of pollution reduction was thoroughly examined.The results show that:(1)The efficiency of industrial pollution control in China has improved year by year,but the overall efficiency is still low,with the average value increasing from 0.165 in 2000 to 0.309 in 2017.Furthermore,there is significant regional heterogeneity with the highest efficiency level in the east and lowest efficiency level in the west.(2)By increasing the financial and material input,the efficiency of industrial pollution control has increased.However,the increase of human input has not been so helpful.(3)The global Moran’s I index is significantly greater than zero,indicating a strong spatial correlation and agglomeration in the efficiency of industrial pollution control,which is reflected in high-high agglomeration in the eastern region and low-low agglomeration in the western region.(4)Stringent environmental regulation has a positive effect on improving the efficiency of industrial pollution control.It also imposes a positive spatial spillover effect,indicating a strategic interaction and coordination of regional pollution control.In line with this,related proposals have been made to optimize the investment structure for environmental pollution control,establish a flow mechanism for the factor market,and strengthen the environmental responsibility awareness of state-owned enterprises.On this basis,we expect to provide a policy for improving the efficiency of industrial pollution control and promoting regional joint pollution control in China.

Energy Efficiency Improvement of an Industrial Crystallization Process Using Linearizing Control

This paper illustrates the benefits of a multivariable linearizing control approach applied to an industrial crystallization process. This relevant approach is declined according to two different strategies: first, a setpoint tracking is proposed for the couple crystal mass/concentration, whereas a second way consists in tracking of crystal content and concentration. The controlled variables, unavailable online, are issued from an observer developed in previous works. The performance of these strategies, which application to cane sugar crystallization constitutes a real novelty, are compared with experimental data issued from a PID-controlled industrial plant. The results reveal a significant improvement of energy efficiency, leading to an economy of more than 10% of energy.

Efficient Methodology for Design of Industrial Blast Resistant Electrical Substations and Control Buildings

This paper describes economical strategies to design blast resistant electrical substations and control buildings that are commonly used at industrial plants.Limited literature addressed design aspects for this class of buildings.Furthermore,little guidelines are available in practice to regulate this type of steel construction.The first part of the paper overviews the architectural and structural layouts of electrical buildings.Blast resistance requirements for occupied control buildings are also discussed.Simplified multiple degrees of freedom(MDOF)dynamic model is also illustrated that can be utilized for analysis of the blast resistant buildings.The economical aspects and cost savings resulting in using mobile blast resistant buildings are discussed.The article also highlights the engineering challenges that are encountered in design of mobile electrical facilities.The transportation procedure and design requirements are briefly described.Guidelines are proposed to calculate the center of mass of the building combined with interior equipment.The proposed design concept for electrical and control buildings is cost effective and can be implemented in industry to reduce projects cost.

Corrosion in Control Systems Decrease the Lifetime of the Electronic Devices of the Industrial Plants of Mexicali,BC,Mexico

The principal factor to determine the economical value of the products manufactured in the electronics industry is due to the productive yielding. This is important for the cost of the articles fabricated in this type of industrial plants installed in Mexicali city, where around 80% of companies are, and which fabricate electronic devices and systems, or have industrial electronic systems and machines to their manufacturing process. Mexicalicity is located in theBaja CaliforniaStateof the northwest ofMexico, which is a border city with Calexico in theCaliforniaStateof the United States of America (USA). The region located in Mexicali, is a desert area. Geothermal plant is located in this area, which is an important industry and supplies electricity to this city and its valleys and some cities on southwest of United States for daily activities. This company emits hydrogen sulfide (H2S) as a main air pollutant that reacts with oxygen in the atmosphere, generating sulfur oxides (SOX). This chemical is dispersed to the city of Mexicali in which industrial plants are located with electronic control systems, and penetrates to indoor rooms. Those cause the corrosion process. The presence of corrosion leads to the deterioration of electrical connectors, the connections of electronic systems and the decreasing of the lifetime of these control systems. Other air pollutants that are considered as chemical agents which cause damage to materials used in the electronics industry, are the sulfurs and nitrogen oxides (NOX), emitted from the traffic vehicle and some industries. This causes the low productive yielding of electrical and electronic devices and systems used in the companies of this city, and is a major concern to specialized people, managers and owners. To analyze the productive yielding of electronic devices and systems installed in indoor of the electronics industry. For this reason, to know the principal causes of it, a study in three industrial plants, to determine the grade level of deterioration of the electronic control systems (ECS) used in the electronics industry of this city was made. The results showed that at major air pollution concentration detected by specialized methods, the lifetime of the ECS was decreased by the generation of corrosion in their electrical connectors and connections. This was caused for the levels of air pollutants mentioned above, than exceed the air quality standards in some periods of the year, added with the levels upper of relative humidity levels (RH) and temperatures of 85% and 25°C in winter and 80% 35°C in summer, being a main factor of this electrochemical phenomenon.

面向ICS不平衡数据的重叠区混合采样方法

工业控制系统异常检测面临着数据不平衡问题,其中,不平衡数据存在的类重叠现象加剧了分类器的检测难度。基于数据类别平衡或数据重叠检测的应对策略较常被采用,但这些策略方法存在着模型稳定性差或重叠识别率低等问题。对此,提出了一种面向重叠区域的混合采样方法:OverlapRHS。该方法利用支持向量数据描述分别在多数类和少数类样本上构建重叠检测模型,并通过将合成少数类与邻域清洗进行组合,对重叠数据区域内的样本施以混合采样。最后该方法与4种经典分类器结合,在4个公开的不平衡数据集上进行了测试,并与其他4种处理不平衡问题的采样方法进行了比较。实验结果表明,所提方法能够有效检测出不平衡数据集中的重叠数据,并通过高效且针对性强的数据混合采样改善了分类器的训练效果,提高了分类器对不平衡数据的异常检测性能,展现了较之于其他采样方法在不平衡数据处理上的显著优势。

基于多分类器集成的ICS入侵检测算法

工业控制系统(industrial control system,ICS)入侵检测模型近年来愈加复杂,参数优化愈加困难,传统单分类器模型表现出明显的局限性。针对该问题,提出一种基于多分类器集成的ICS入侵检测算法,借鉴“分而治之”的思路将高维复杂入侵检测问题分解为多个简单子问题,使用单分类器模型对每个子问题进行分析并获取最优分类,最后采用改进Bagging完成各个分类器结果的融合。同时针对样本不均衡问题,在预处理阶段提出改进的少数样本合成技术(improved synthetic minority over-sampling technique,ImSMOTE)构建平衡数据集。采用密西西比州立大学(Mississippi State University,MSU)的天然气管道测试平台SCADA系统记录的真实数据开展实验,结果表明所提方法能够获得较高的入侵检测准确率,同时少数类别的误检率明显降低,能够有效提升ICS系统的安全性和可靠性。

面向ICS的CGAN-DEEPFOREST入侵检测

随着工业化与信息化的深度融合,工业控制系统(ICS)的安全问题广受关注,ICS领域出现了许多入侵检测模型.但是,现存模型存在局限性,无法同时解决数据不平衡、分类时间长、小样本检测率低和准确率低的问题.因此,本文提出CGAN-DeepForest入侵检测模型解决上述问题.首先,采用改进的条件生成对抗网络(CGAN)定向扩充数据来改善数据的不平衡性.其次,采用随机森林对平衡后的数据集进行特征提取,降低分类模型训练时间和分类时间.再次,采用深度森林(DeepForest)进行分类,提高小样本检测率和整体准确率,输出分类结果.最后,使用数据集Gas验证模型效果.实验结果表明,本文模型与简单深度森林模型相比准确率整体提升3%,小样本数据NMRI、MFCI、Dos的查全率、查准率、F1分别提高至95%、84%、90%;与随机森林模型相比,准确率整体提高6%,小样本NMRI的查全率提升23%;与深度卷积神经网络相比,准确率接近94%时,模型训练时间和分类时间提高约50%.

Filter-based iterative learning control for linear large-scale industrial processes

In the procedure of the steady-state hierarchical optimization with feedback for large-scale industrial processes, a sequence of set-point changes with different magnitudes is carried out on the optimization layer. To improve the dynamic performance of transient response driven by the set-point changes, a filter-based iterative learning control strategy is proposed. In the proposed updating law, a local-symmetric-integral operator is adopted for eliminating the measurement noise of output information,a set of desired trajectories are specified according to the set-point changes sequence, the current control input is iteratively achieved by utilizing smoothed output error to modify its control input at previous iteration, to which the amplified coefficients related to the different magnitudes of set-point changes are introduced. The convergence of the algorithm is conducted by incorporating frequency-domain technique into time-domain analysis. Numerical simulation demonstrates the effectiveness of the proposed strategy,

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.