The Effect of Key Nodes on theMalware Dynamics in the Industrial Control Network

As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.

Critical Relation Path Aggregation-Based Industrial Control Component Exploitable Vulnerability Reasoning

With the growing discovery of exposed vulnerabilities in the Industrial Control Components(ICCs),identification of the exploitable ones is urgent for Industrial Control System(ICS)administrators to proactively forecast potential threats.However,it is not a trivial task due to the complexity of the multi-source heterogeneous data and the lack of automatic analysis methods.To address these challenges,we propose an exploitability reasoning method based on the ICC-Vulnerability Knowledge Graph(KG)in which relation paths contain abundant potential evidence to support the reasoning.The reasoning task in this work refers to determining whether a specific relation is valid between an attacker entity and a possible exploitable vulnerability entity with the help of a collective of the critical paths.The proposed method consists of three primary building blocks:KG construction,relation path representation,and query relation reasoning.A security-oriented ontology combines exploit modeling,which provides a guideline for the integration of the scattered knowledge while constructing the KG.We emphasize the role of the aggregation of the attention mechanism in representation learning and ultimate reasoning.In order to acquire a high-quality representation,the entity and relation embeddings take advantage of their local structure and related semantics.Some critical paths are assigned corresponding attentive weights and then they are aggregated for the determination of the query relation validity.In particular,similarity calculation is introduced into a critical path selection algorithm,which improves search and reasoning performance.Meanwhile,the proposed algorithm avoids redundant paths between the given pairs of entities.Experimental results show that the proposed method outperforms the state-of-the-art ones in the aspects of embedding quality and query relation reasoning accuracy.

Programmable Logic Controller Block Monitoring System for Memory Attack Defense in Industrial Control Systems

Cyberattacks targeting industrial control systems(ICS)are becoming more sophisticated and advanced than in the past.A programmable logic controller(PLC),a core component of ICS,controls and monitors sensors and actuators in the field.However,PLC has memory attack threats such as program injection and manipulation,which has long been a major target for attackers,and it is important to detect these attacks for ICS security.To detect PLC memory attacks,a security system is required to acquire and monitor PLC memory directly.In addition,the performance impact of the security system on the PLC makes it difficult to apply to the ICS.To address these challenges,this paper proposes a system to detect PLC memory attacks by continuously acquiring and monitoring PLC memory.The proposed system detects PLC memory attacks by acquiring the program blocks and block information directly from the same layer as the PLC and then comparing them in bytes with previous data.Experiments with Siemens S7-300 and S7-400 PLC were conducted to evaluate the PLC memory detection performance and performance impact on PLC.The experimental results demonstrate that the proposed system detects all malicious organization block(OB)injection and data block(DB)manipulation,and the increment of PLC cycle time,the impact on PLC performance,was less than 1 ms.The proposed system detects PLC memory attacks with a simpler detection method than earlier studies.Furthermore,the proposed system can be applied to ICS with a small performance impact on PLC.

ICS中虚假数据注入攻击研究

工业控制系统(Industrial Control System,ICS)的安全保障能力与其关乎国计民生的重要地位,具有极不协调的反差。为了揭示ICS潜在的攻击结构和方法,使得ICS防御策略研究更具实用性和针对性,将虚假数据注入(False Data Injection,FDI)攻击研究面向ICS,建立一种隐蔽的FDI攻击模型,可以在不影响ICS正常通信情况下注入虚假数据篡改监控变量。遵循该攻击模型,在煤制甲醇仿真工厂进行了验证实验,证明威胁切实存在,且难以察觉;同时,分析了威胁的严重性并讨论了防御措施。

Information Security Evaluation of Industrial Control Systems Using Probabilistic Linguistic MCDM Method

Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.

面向ICS不平衡数据的重叠区混合采样方法

工业控制系统异常检测面临着数据不平衡问题,其中,不平衡数据存在的类重叠现象加剧了分类器的检测难度。基于数据类别平衡或数据重叠检测的应对策略较常被采用,但这些策略方法存在着模型稳定性差或重叠识别率低等问题。对此,提出了一种面向重叠区域的混合采样方法:OverlapRHS。该方法利用支持向量数据描述分别在多数类和少数类样本上构建重叠检测模型,并通过将合成少数类与邻域清洗进行组合,对重叠数据区域内的样本施以混合采样。最后该方法与4种经典分类器结合,在4个公开的不平衡数据集上进行了测试,并与其他4种处理不平衡问题的采样方法进行了比较。实验结果表明,所提方法能够有效检测出不平衡数据集中的重叠数据,并通过高效且针对性强的数据混合采样改善了分类器的训练效果,提高了分类器对不平衡数据的异常检测性能,展现了较之于其他采样方法在不平衡数据处理上的显著优势。

基于多分类器集成的ICS入侵检测算法

工业控制系统(industrial control system,ICS)入侵检测模型近年来愈加复杂,参数优化愈加困难,传统单分类器模型表现出明显的局限性。针对该问题,提出一种基于多分类器集成的ICS入侵检测算法,借鉴“分而治之”的思路将高维复杂入侵检测问题分解为多个简单子问题,使用单分类器模型对每个子问题进行分析并获取最优分类,最后采用改进Bagging完成各个分类器结果的融合。同时针对样本不均衡问题,在预处理阶段提出改进的少数样本合成技术(improved synthetic minority over-sampling technique,ImSMOTE)构建平衡数据集。采用密西西比州立大学(Mississippi State University,MSU)的天然气管道测试平台SCADA系统记录的真实数据开展实验,结果表明所提方法能够获得较高的入侵检测准确率,同时少数类别的误检率明显降低,能够有效提升ICS系统的安全性和可靠性。

面向ICS的CGAN-DEEPFOREST入侵检测

随着工业化与信息化的深度融合,工业控制系统(ICS)的安全问题广受关注,ICS领域出现了许多入侵检测模型.但是,现存模型存在局限性,无法同时解决数据不平衡、分类时间长、小样本检测率低和准确率低的问题.因此,本文提出CGAN-DeepForest入侵检测模型解决上述问题.首先,采用改进的条件生成对抗网络(CGAN)定向扩充数据来改善数据的不平衡性.其次,采用随机森林对平衡后的数据集进行特征提取,降低分类模型训练时间和分类时间.再次,采用深度森林(DeepForest)进行分类,提高小样本检测率和整体准确率,输出分类结果.最后,使用数据集Gas验证模型效果.实验结果表明,本文模型与简单深度森林模型相比准确率整体提升3%,小样本数据NMRI、MFCI、Dos的查全率、查准率、F1分别提高至95%、84%、90%;与随机森林模型相比,准确率整体提高6%,小样本NMRI的查全率提升23%;与深度卷积神经网络相比,准确率接近94%时,模型训练时间和分类时间提高约50%.

Fault Detection for Motor Drive Control System of Industrial Robots Using CNN-LSTM-based Observers

The complex working conditions and nonlinear characteristics of the motor drive control system of industrial robots make it difficult to detect faults.In this paper,a deep learning-based observer,which combines the convolutional neural network(CNN)and the long short-term memory network(LSTM),is employed to approximate the nonlinear driving control system.CNN layers are introduced to extract dynamic features of the data,whereas LSTM layers perform time-sequential prediction of the target system.In terms of application,normal samples are fed into the observer to build an offline prediction model for the target system.The trained CNN-LSTM-based observer is then deployed along with the target system to estimate the system outputs.Online fault detection can be realized by analyzing the residuals.Finally,an application of the proposed fault detection method to a brushless DC motor drive system is given to verify the effectiveness of the proposed scheme.Simulation results indicate the impressive fault detection capability of the presented method for driving control systems of industrial robots.

Whole-Process Pollution Control for Cost-Effective and Cleaner Chemical Production A Case Study of the Tungsten Industry in China

In this research,a methodology named whole-process pollution control(WPPC)is demonstrated that improves the effectiveness of process optimization.This methodology considers waste/emission treatment as a step of the whole production process with respect to the minimization of cost and environmental impact for the whole process.The following procedures are introduced in a WPPC process optimization:①a material and energy flow investigation and optimization based on a systematic understanding of the distribution and physiochemical properties of potential pollutants;②a process optimization to increase the utilization efficiency of different elements and minimize pollutant emissions;and③an evaluation to reveal the effectiveness of the optimization strategies.The production of ammonium paratungstate was chosen for the case study.Two factors of the different optimization schemes-namely the cost-effectiveness factor and the environmental impact indicator-were evaluated and compared.This research demonstrates that by considering the nature of potential pollutants,technological innovations,economic viability,environmental impacts,and regulation requirements,WPPC can efficiently optimize a metal production process.

RRCNN: Request Response-Based Convolutional Neural Network for ICS Network Traffic Anomaly Detection

Nowadays,industrial control system(ICS)has begun to integrate with the Internet.While the Internet has brought convenience to ICS,it has also brought severe security concerns.Traditional ICS network traffic anomaly detection methods rely on statistical features manually extracted using the experience of network security experts.They are not aimed at the original network data,nor can they capture the potential characteristics of network packets.Therefore,the following improvements were made in this study:(1)A dataset that can be used to evaluate anomaly detection algorithms is produced,which provides raw network data.(2)A request response-based convolutional neural network named RRCNN is proposed,which can be used for anomaly detection of ICS network traffic.Instead of using statistical features manually extracted by security experts,this method uses the byte sequences of the original network packets directly,which can extract potential features of the network packets in greater depth.It regards the request packet and response packet in a session as a Request-Response Pair(RRP).The feature of RRP is extracted using a one-dimensional convolutional neural network,and then the RRP is judged to be normal or abnormal based on the extracted feature.Experimental results demonstrate that this model is better than several other machine learning and neural network models,with F1,accuracy,precision,and recall above 99%.

Identifying Industrial Control Equipment Based on Rule Matching and Machine Learning

To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.

Real Time Automation and Ratio Control Using PLC&SCADA in Industry 4.0

Industrial Control Systems(ICS)and SCADA(Supervisory Control and Data Acquisition)systems play a critical role in the management and regulation of critical infrastructure.SCADA systems brings us closer to the real-time application world.All process and equipment control capability is typically provided by a Distributed Control System(DCS)in industries such as power stations,agricultural systems,chemical and water treatment plants.Instead of control through DCS,this paper proposes a SCADA and PLC(Programmable Logic Controller)system to control the ratio control division and the assembly line division inside the chemical plant.A specific design and implementation method for development of SCADA/PLC based real time ratio control and automated assembly line system in a chemical plant is introduced.The assembly line division is further divided into sorting stage,filling stage and the auxiliary stage,which includes the capping unit,labelling unit and then the storage.In the ratio control division,we have defined the levels inside the mixer and ratio of the raw materials through human machine interface(HMI)panel.The ratio of raw materials is kept constant on the basis of flow rates of wild stream and manipulated stream.There is a flexibility in defining new levels and the ratios of the raw materials inside the mixer.But here we taken the predefined levels(low,medium,high)and ratios(3:4,2:1,2:5).Control valves are used for regulating the flow of the compositions.In the assembly line division,the containers are sorted on the basis of size and type of material used i.e.,big sized metallic containers and small sized non-metallic containers by inductive and capacitive proximity sensors.All the processes are facilitated with laser beam type or reflective type sensors on the conveyor system.Building a highly stable and dependable PLC/SCADA system instead of Distributed Control System is required to achieve automatic management and control of chemical industry processes to reduce waste manpower and physical resources,as well as to improve worker safety.

GRU-based Buzzer Ensemble for Abnormal Detection in Industrial Control Systems

Recently,Industrial Control Systems(ICSs)have been changing from a closed environment to an open environment because of the expansion of digital transformation,smart factories,and Industrial Internet of Things(IIoT).Since security accidents that occur in ICSs can cause national confusion and human casualties,research on detecting abnormalities by using normal operation data learning is being actively conducted.The single technique proposed by existing studies does not detect abnormalities well or provide satisfactory results.In this paper,we propose a GRU-based Buzzer Ensemble for AbnormalDetection(GBE-AD)model for detecting anomalies in industrial control systems to ensure rapid response and process availability.The newly proposed ensemble model of the buzzer method resolves False Negatives(FNs)by complementing the limited range that can be detected in a single model because of the internal models composing GBE-AD.Because the internal models remain suppressed for False Positives(FPs),GBE-AD provides better generalization.In addition,we generated mean prediction error data in GBE-AD and inferred abnormal processes using soft and hard clustering.We confirmed that the detection model’s Time-series Aware Precision(TaP)suppressed FPs at 97.67%.The final performance was 94.04%in an experiment using anHIL-basedAugmented ICS(HAI)Security Dataset(ver.21.03)among public datasets.

An Intelligent Approach for Intrusion Detection in Industrial Control System

Supervisory control and data acquisition(SCADA)systems are computer systems that gather and analyze real-time data,distributed control systems are specially designed automated control system that consists of geographically distributed control elements,and other smaller control systems such as programmable logic controllers are industrial solid-state computers that monitor inputs and outputs and make logic-based decisions.In recent years,there has been a lot of focus on the security of industrial control systems.Due to the advancement in information technologies,the risk of cyberattacks on industrial control system has been drastically increased.Because they are so inextricably tied to human life,any damage to them might have devastating consequences.To provide an efficient solution to such problems,this paper proposes a new approach to intrusion detection.First,the important features in the dataset are determined by the difference between the distribution of unlabeled and positive data which is deployed for the learning process.Then,a prior estimation of the class is proposed based on a support vector machine.Simulation results show that the proposed approach has better anomaly detection performance than existing algorithms.

Haze Control by Industrialization:A Win-win Mode of Ecological Civilization and Economic Development

Haze control is a difficult and arduous battle,and it is a major decision concerning the people's livelihood and national ecological civilization construction.Taking Heilongjiang Province as an example,this paper introduced a new idea for haze control.Haze in Heilongjiang Province was mainly resulted from straw burning.Market-oriented,large-scale,and industrialized haze control relying on science and technology is new opportunity and challenge for realizing ecological civilization and revitalizing the economy of Heilongjiang Province.

Impact of environmental regulations on the efficient control of industrial pollution in China

The continuous progress of industrialization is a fundamental cause of China’s increasingly severe environmental pollution problem.Improving the efficiency of industrial pollution control is an inevitable choice to effectively decrease pollution emissions,thus winning the battle of pollution prevention and control.In this paper,we used the stochastic frontier analysis(SFA)model to measure the provincial efficiency of industrial pollution control based on the input and output data of industrial pollution control of 29 administrative provinces in China from 2000 to 2017.On this basis,a spatial econometric model was used to explore the influence of environmental regulation intensity on the efficiency of industrial pollution control.In addition,the spatial spillover effect of pollution reduction was thoroughly examined.The results show that:(1)The efficiency of industrial pollution control in China has improved year by year,but the overall efficiency is still low,with the average value increasing from 0.165 in 2000 to 0.309 in 2017.Furthermore,there is significant regional heterogeneity with the highest efficiency level in the east and lowest efficiency level in the west.(2)By increasing the financial and material input,the efficiency of industrial pollution control has increased.However,the increase of human input has not been so helpful.(3)The global Moran’s I index is significantly greater than zero,indicating a strong spatial correlation and agglomeration in the efficiency of industrial pollution control,which is reflected in high-high agglomeration in the eastern region and low-low agglomeration in the western region.(4)Stringent environmental regulation has a positive effect on improving the efficiency of industrial pollution control.It also imposes a positive spatial spillover effect,indicating a strategic interaction and coordination of regional pollution control.In line with this,related proposals have been made to optimize the investment structure for environmental pollution control,establish a flow mechanism for the factor market,and strengthen the environmental responsibility awareness of state-owned enterprises.On this basis,we expect to provide a policy for improving the efficiency of industrial pollution control and promoting regional joint pollution control in China.

Data Driven Vibration Control:A Review

With the ongoing advancements in sensor networks and data acquisition technologies across various systems like manufacturing,aviation,and healthcare,the data driven vibration control(DDVC)has attracted broad interests from both the industrial and academic communities.Input shaping(IS),as a simple and effective feedforward method,is greatly demanded in DDVC methods.It convolves the desired input command with impulse sequence without requiring parametric dynamics and the closed-loop system structure,thereby suppressing the residual vibration separately.Based on a thorough investigation into the state-of-the-art DDVC methods,this survey has made the following efforts:1)Introducing the IS theory and typical input shapers;2)Categorizing recent progress of DDVC methods;3)Summarizing commonly adopted metrics for DDVC;and 4)Discussing the engineering applications and future trends of DDVC.By doing so,this study provides a systematic and comprehensive overview of existing DDVC methods from designing to optimizing perspectives,aiming at promoting future research regarding this emerging and vital issue.

Cloud control for IIoT in a cloud-edge environment

The industrial Internet of Things(IIoT)is a new indus-trial idea that combines the latest information and communica-tion technologies with the industrial economy.In this paper,a cloud control structure is designed for IIoT in cloud-edge envi-ronment with three modes of 5G.For 5G based IIoT,the time sensitive network(TSN)service is introduced in transmission network.A 5G logical TSN bridge is designed to transport TSN streams over 5G framework to achieve end-to-end configuration.For a transmission control protocol(TCP)model with nonlinear disturbance,time delay and uncertainties,a robust adaptive fuzzy sliding mode controller(AFSMC)is given with control rule parameters.IIoT workflows are made up of a series of subtasks that are linked by the dependencies between sensor datasets and task flows.IIoT workflow scheduling is a non-deterministic polynomial(NP)-hard problem in cloud-edge environment.An adaptive and non-local-convergent particle swarm optimization(ANCPSO)is designed with nonlinear inertia weight to avoid falling into local optimum,which can reduce the makespan and cost dramatically.Simulation and experiments demonstrate that ANCPSO has better performances than other classical algo-rithms.

Improving the Construction Industry Quality Using the Seven Basic Quality Control Tools

The organizations used quality tools to develop their processes and gain satisfaction from the customers. The main objective of this study is to develop levels of quality in the construction industry through the use of the seven basic quality control tools. Such tools are extremely crucial tools which are used worldwide in the industries for continual improvement. The seven basic quality tools are Check Sheet, Histogram, Pareto Chart, Fishbone Diagram, Control Chart, Flowchart and Scatter Diagram. They were implemented in various steps of the process in order to define the problems, measure its impacts, find out its root causes and solve these problems to ensure the production of non-defective items. The study shows how the seven basic tools of quality are very useful and effective in identifying and removal of defects from the manufacturing process. These tools are helpful in every stage of the defect removal process. This study was conducted on Cleopatra Group Company. This company succeeded to serve the public and private projects in the Egyptian construction sectors.