As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is be...As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.展开更多
In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology o...In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.展开更多
The random delays in a networked control system (NCS) degrade control performance and can even destabilize the control system.To deal with this problem,the time-stamped predictive functional control (PFC) algorithm is...The random delays in a networked control system (NCS) degrade control performance and can even destabilize the control system.To deal with this problem,the time-stamped predictive functional control (PFC) algorithm is proposed,which generalizes the standard PFC algorithm to networked control systems with random delays.The algorithm uses the time-stamp method to estimate the control delay,predicts the future outputs based on a discrete time delay state space model,and drives the control law that applies to an NCS from the idea of a PFC algorithm.A networked control system was constructed based on TrueTime simulator,with which the time-stamped PFC algorithm was compared with the standard PFC algorithm.The response curves show that the proposed algorithm has better control performance.展开更多
With the vigorous development of the Internet of Things and 5G technology, such as machine-to-machine and device-todevice, all kinds of data transmission including environmental monitoring and equipment control streng...With the vigorous development of the Internet of Things and 5G technology, such as machine-to-machine and device-todevice, all kinds of data transmission including environmental monitoring and equipment control strengthens the key role of wireless sensor networks in the large-scale wireless communication system. However, especially in the complex industrial wireless applications, the low utilization efficiency of the limited wireless radio resource enhances the coexistence problem between heterogeneous networks. In this paper, from the severe mutual interference point of view, a mathematical model regarding cumulative interferences in the industrial wireless sensor networks is described. Then, from the perspective of mutual interference avoidance, an adaptive power control scheme is proposed in order to handle the normal communication needs on both the primary link and the secondary link. At last, nonlinear programming is taken to solve the corresponding optimization problem. Some typical analyses are given to verify the effectiveness of the proposed scheme on optimizing the tradeoff between the system throughput and energy consumption. Especially, the energy-efficiency of the novel scheme for Industrial Internet of Things is also analysed. Results show that the proposed power control is efficient. The throughput could be enhanced and the energy consumption could be reduced with the guarantee of mutual interference avoidance.展开更多
Information-Centric Networking(ICN) has recently emerged as a result of the increased demand to access contents regardless of their location in the network services. This new approach facilitates content distribution ...Information-Centric Networking(ICN) has recently emerged as a result of the increased demand to access contents regardless of their location in the network services. This new approach facilitates content distribution as a service of the network with lower delay and higher security in comparison with the current IP network. Applying ICN in current IP infrastructure leads to major complexities. One approach to deploy ICN with less complexity is to integrate ICN with Software Defined Networking(SDN). The SDN controller manages the content distribution, caching, and routing based on the users' requests. In this paper, we extend these context by addressing the ICN topology management problem over the SDN network to achieve an improved user experience as well as network performance. In particular, a centralized controller is designed to construct and manage the ICN overlay. Experimental results indicate that this adopted topology management strategy achieves high performance, in terms of low failure in interest satisfaction and reduced download time compared to a plain ICN.展开更多
To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the att...To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.展开更多
The information centric network(ICN)has been widely discussed in current researches.The ICN interoperation with a traditional IP network and caching methods are one of the research topics of interest.For economic reas...The information centric network(ICN)has been widely discussed in current researches.The ICN interoperation with a traditional IP network and caching methods are one of the research topics of interest.For economic reasons,the capability of applying the ICN to internet service providers(ISPs)with various traditional IP protocols already implemented,especially IGP,MPLS,VRF,and TE,does not require any change on the IP network infrastructure.The biggest concern of ISPs is related to their customers’contents delivery speed.In this paper,we consider ICN caching locations in ISP by using the concept of locator/ID separation protocol(LISP)for interoperation between a traditional IP address and name-based ICN.To be more specific,we propose a new procedure to determine caching locations in the ICN by using the cuckoo search algorithm(CSA)for finding the best caching locations of information chunks.Moreover,we create the smart control plane(SCP)scheme which is an intelligent controlling,managing,and mapping system.Its function is similar to the software defined network concept.We show how the proposed SCP system works in both synthetic small network and real-world big network.Finally,we show and evaluate the performance of our algorithm comparison with the simple search method using the shortest path first algorithm.展开更多
Several excellent works have been done on the industrial Internet;however,some problems are still ahead,such as reliable security,heterogeneous compatibility,and system efficiency.Information-Centric Networking(ICN),a...Several excellent works have been done on the industrial Internet;however,some problems are still ahead,such as reliable security,heterogeneous compatibility,and system efficiency.Information-Centric Networking(ICN),an emerging paradigm for the future Internet,is expected to address the challenges of the industrial Internet to some extent.An integrated architecture for industrial network and identity resolution in the industrial Internet is proposed in this paper.A framework is also designed for the ICN-based industrial Network And Named Data Networking(NDN)based factory extranet with Software-Defined Networking(SDN).Moreover,an identity resolution architecture in the industrial Internet is proposed based on ICN paradigms with separate resolution nodes or with merging resolution and routing.展开更多
A Wireless Networked Control System using 802.11b is used to model fault-tolerance at the controller level of an industrial workcell. The fault-tolerance study in this paper presents the cascading of two independent w...A Wireless Networked Control System using 802.11b is used to model fault-tolerance at the controller level of an industrial workcell. The fault-tolerance study in this paper presents the cascading of two independent workcells where each controller must be able to handle the load of both cells in case of failure of the other one. The intercommunication is completely wireless between the cells and this feature is investigated. The model incorporates unmodified 802.11b and 802.11g for communication. Sensors send sampled data to both controllers and the controllers to exchange a watchdog. The fault-free and faulty models are both simulated using OPNET Network Modeler. External interference on the critical intercommunication link is also investigated. Results of simulations are presented based on a 95% confidence analysis, guaranteeing correct system performance.展开更多
The industrial Internet of Things(IIoT)is a new indus-trial idea that combines the latest information and communica-tion technologies with the industrial economy.In this paper,a cloud control structure is designed for...The industrial Internet of Things(IIoT)is a new indus-trial idea that combines the latest information and communica-tion technologies with the industrial economy.In this paper,a cloud control structure is designed for IIoT in cloud-edge envi-ronment with three modes of 5G.For 5G based IIoT,the time sensitive network(TSN)service is introduced in transmission network.A 5G logical TSN bridge is designed to transport TSN streams over 5G framework to achieve end-to-end configuration.For a transmission control protocol(TCP)model with nonlinear disturbance,time delay and uncertainties,a robust adaptive fuzzy sliding mode controller(AFSMC)is given with control rule parameters.IIoT workflows are made up of a series of subtasks that are linked by the dependencies between sensor datasets and task flows.IIoT workflow scheduling is a non-deterministic polynomial(NP)-hard problem in cloud-edge environment.An adaptive and non-local-convergent particle swarm optimization(ANCPSO)is designed with nonlinear inertia weight to avoid falling into local optimum,which can reduce the makespan and cost dramatically.Simulation and experiments demonstrate that ANCPSO has better performances than other classical algo-rithms.展开更多
针对工业控制网络(Industrial Control Network, ICN)远程接入场景下未经授权访问、拒绝服务攻击、欺骗攻击以及信息披露等安全问题,通过STRIDE威胁建模方法对该场景下的潜在威胁进行分析,提出一种基于动态贝叶斯博弈的接入检测框架。...针对工业控制网络(Industrial Control Network, ICN)远程接入场景下未经授权访问、拒绝服务攻击、欺骗攻击以及信息披露等安全问题,通过STRIDE威胁建模方法对该场景下的潜在威胁进行分析,提出一种基于动态贝叶斯博弈的接入检测框架。该方法能够将试图接入ICN的非法、恶意请求筛选出来并阻断,同时利用持续进行的多轮博弈迭代以及SDN灵活动态的特性对策略参数进行实时调整,以防止相同恶意接入源的再次访问。仿真实验结果表明,随着博弈轮数的增加,相比于现有的两类恶意接入防御方法,该框架的检测准确性提升了3%以上,假阳性比例下降了1.2%以上,检测效率提升了14.7%以上,且具有较好的鲁棒性。展开更多
In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control sy...In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control systems.In industrial control systems,an anomaly component may affect the neighboring components;therefore,the connective relationship can help us to detect anomalies effectively.In this paper,we propose a centrality-aware graph convolution network(CAGCN)for anomaly detection in industrial control systems.Unlike the traditional graph convolution network(GCN)model,we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems.Our experiments show that compared with GCN,our CAGCN has a better ability to utilize this relationship between components in industrial control systems.The performances of the model are evaluated on the Secure Water Treatment(SWaT)dataset and the Water Distribution(WADI)dataset,the two most common industrial control systems datasets in the field of industrial anomaly detection.The experimental results show that our CAGCN achieves better results on precision,recall,and F1 score than the state-of-the-art methods.展开更多
Control -net网络是一个开放的、高速的、确定性的工业局域网,用于传输对时间有苛刻要求的信息,为对等通信提供实时控制和报文传送。可实现PC机、控制器、操作界面设备、I/O模块等不同设备间的联网通信。网络成功地应用在多种工业自动...Control -net网络是一个开放的、高速的、确定性的工业局域网,用于传输对时间有苛刻要求的信息,为对等通信提供实时控制和报文传送。可实现PC机、控制器、操作界面设备、I/O模块等不同设备间的联网通信。网络成功地应用在多种工业自动控制系统上。展开更多
基金Scientific Research Project of Liaoning Province Education Department,Code:LJKQZ20222457&LJKMZ20220781Liaoning Province Nature Fund Project,Code:No.2022-MS-291.
文摘As industrialization and informatization becomemore deeply intertwined,industrial control networks have entered an era of intelligence.The connection between industrial control networks and the external internet is becoming increasingly close,which leads to frequent security accidents.This paper proposes a model for the industrial control network.It includes a malware containment strategy that integrates intrusion detection,quarantine,and monitoring.Basedonthismodel,the role of keynodes in the spreadofmalware is studied,a comparisonexperiment is conducted to validate the impact of the containment strategy.In addition,the dynamic behavior of the model is analyzed,the basic reproduction number is computed,and the disease-free and endemic equilibrium of the model is also obtained by the basic reproduction number.Moreover,through simulation experiments,the effectiveness of the containment strategy is validated,the influence of the relevant parameters is analyzed,and the containment strategy is optimized.In otherwords,selective immunity to key nodes can effectively suppress the spread ofmalware andmaintain the stability of industrial control systems.The earlier the immunization of key nodes,the better.Once the time exceeds the threshold,immunizing key nodes is almost ineffective.The analysis provides a better way to contain the malware in the industrial control network.
基金supported by National Nature Science Foundation of China (Grant No.61471182)Postgraduate Research&Practice Innovation Program of Jiangsu Province (Grant No.KYCX20_2993)Jiangsu postgraduate research innovation project (SJCX18_0784)。
文摘In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.
文摘The random delays in a networked control system (NCS) degrade control performance and can even destabilize the control system.To deal with this problem,the time-stamped predictive functional control (PFC) algorithm is proposed,which generalizes the standard PFC algorithm to networked control systems with random delays.The algorithm uses the time-stamp method to estimate the control delay,predicts the future outputs based on a discrete time delay state space model,and drives the control law that applies to an NCS from the idea of a PFC algorithm.A networked control system was constructed based on TrueTime simulator,with which the time-stamped PFC algorithm was compared with the standard PFC algorithm.The response curves show that the proposed algorithm has better control performance.
基金partially supported by the Fundamental Research Funds for the Central Universities under Grant No.2015JBM001the National Key Basic Research Program of China under Grant No. 2013CB329101
文摘With the vigorous development of the Internet of Things and 5G technology, such as machine-to-machine and device-todevice, all kinds of data transmission including environmental monitoring and equipment control strengthens the key role of wireless sensor networks in the large-scale wireless communication system. However, especially in the complex industrial wireless applications, the low utilization efficiency of the limited wireless radio resource enhances the coexistence problem between heterogeneous networks. In this paper, from the severe mutual interference point of view, a mathematical model regarding cumulative interferences in the industrial wireless sensor networks is described. Then, from the perspective of mutual interference avoidance, an adaptive power control scheme is proposed in order to handle the normal communication needs on both the primary link and the secondary link. At last, nonlinear programming is taken to solve the corresponding optimization problem. Some typical analyses are given to verify the effectiveness of the proposed scheme on optimizing the tradeoff between the system throughput and energy consumption. Especially, the energy-efficiency of the novel scheme for Industrial Internet of Things is also analysed. Results show that the proposed power control is efficient. The throughput could be enhanced and the energy consumption could be reduced with the guarantee of mutual interference avoidance.
文摘Information-Centric Networking(ICN) has recently emerged as a result of the increased demand to access contents regardless of their location in the network services. This new approach facilitates content distribution as a service of the network with lower delay and higher security in comparison with the current IP network. Applying ICN in current IP infrastructure leads to major complexities. One approach to deploy ICN with less complexity is to integrate ICN with Software Defined Networking(SDN). The SDN controller manages the content distribution, caching, and routing based on the users' requests. In this paper, we extend these context by addressing the ICN topology management problem over the SDN network to achieve an improved user experience as well as network performance. In particular, a centralized controller is designed to construct and manage the ICN overlay. Experimental results indicate that this adopted topology management strategy achieves high performance, in terms of low failure in interest satisfaction and reduced download time compared to a plain ICN.
基金funded in part by the National Key R&D Program of China(Grant No.2022YFB3102901)the National Natural Science Foundation of China(Grant Nos.61976064,61871140,62272119,62072130)the Guangdong Province Key Research and Development Plan(Grant No.2019B010137004).
文摘To identify industrial control equipment is often a key step in network mapping,categorizing network resources,and attack defense.For example,if vulnerable equipment or devices can be discovered in advance and the attack path canbe cut off,security threats canbe effectively avoided and the stable operationof the Internet canbe ensured.The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability.This paper proposes an industrial control device identification method based on PCA-Adaboost,which integrates rule matching and machine learning.We first build a rule base from network data collection and then use single andmulti-protocol rule-matchingmethods to identify the type of industrial control devices.Finally,we utilize PCA-Adaboost to identify unlabeled data.The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognitionmethod and the device recognition accuracy rate reaches 99%.The evaluation effect of the test data set is significantly enhanced.
文摘The information centric network(ICN)has been widely discussed in current researches.The ICN interoperation with a traditional IP network and caching methods are one of the research topics of interest.For economic reasons,the capability of applying the ICN to internet service providers(ISPs)with various traditional IP protocols already implemented,especially IGP,MPLS,VRF,and TE,does not require any change on the IP network infrastructure.The biggest concern of ISPs is related to their customers’contents delivery speed.In this paper,we consider ICN caching locations in ISP by using the concept of locator/ID separation protocol(LISP)for interoperation between a traditional IP address and name-based ICN.To be more specific,we propose a new procedure to determine caching locations in the ICN by using the cuckoo search algorithm(CSA)for finding the best caching locations of information chunks.Moreover,we create the smart control plane(SCP)scheme which is an intelligent controlling,managing,and mapping system.Its function is similar to the software defined network concept.We show how the proposed SCP system works in both synthetic small network and real-world big network.Finally,we show and evaluate the performance of our algorithm comparison with the simple search method using the shortest path first algorithm.
基金supported in part by National Key Research&Development Project(Grant No.2019YFB1804400)the MIIT of China 2019(Innovative Identification and Resolution System for Industrial Internet of Things).
文摘Several excellent works have been done on the industrial Internet;however,some problems are still ahead,such as reliable security,heterogeneous compatibility,and system efficiency.Information-Centric Networking(ICN),an emerging paradigm for the future Internet,is expected to address the challenges of the industrial Internet to some extent.An integrated architecture for industrial network and identity resolution in the industrial Internet is proposed in this paper.A framework is also designed for the ICN-based industrial Network And Named Data Networking(NDN)based factory extranet with Software-Defined Networking(SDN).Moreover,an identity resolution architecture in the industrial Internet is proposed based on ICN paradigms with separate resolution nodes or with merging resolution and routing.
文摘A Wireless Networked Control System using 802.11b is used to model fault-tolerance at the controller level of an industrial workcell. The fault-tolerance study in this paper presents the cascading of two independent workcells where each controller must be able to handle the load of both cells in case of failure of the other one. The intercommunication is completely wireless between the cells and this feature is investigated. The model incorporates unmodified 802.11b and 802.11g for communication. Sensors send sampled data to both controllers and the controllers to exchange a watchdog. The fault-free and faulty models are both simulated using OPNET Network Modeler. External interference on the critical intercommunication link is also investigated. Results of simulations are presented based on a 95% confidence analysis, guaranteeing correct system performance.
文摘The industrial Internet of Things(IIoT)is a new indus-trial idea that combines the latest information and communica-tion technologies with the industrial economy.In this paper,a cloud control structure is designed for IIoT in cloud-edge envi-ronment with three modes of 5G.For 5G based IIoT,the time sensitive network(TSN)service is introduced in transmission network.A 5G logical TSN bridge is designed to transport TSN streams over 5G framework to achieve end-to-end configuration.For a transmission control protocol(TCP)model with nonlinear disturbance,time delay and uncertainties,a robust adaptive fuzzy sliding mode controller(AFSMC)is given with control rule parameters.IIoT workflows are made up of a series of subtasks that are linked by the dependencies between sensor datasets and task flows.IIoT workflow scheduling is a non-deterministic polynomial(NP)-hard problem in cloud-edge environment.An adaptive and non-local-convergent particle swarm optimization(ANCPSO)is designed with nonlinear inertia weight to avoid falling into local optimum,which can reduce the makespan and cost dramatically.Simulation and experiments demonstrate that ANCPSO has better performances than other classical algo-rithms.
文摘针对工业控制网络(Industrial Control Network, ICN)远程接入场景下未经授权访问、拒绝服务攻击、欺骗攻击以及信息披露等安全问题,通过STRIDE威胁建模方法对该场景下的潜在威胁进行分析,提出一种基于动态贝叶斯博弈的接入检测框架。该方法能够将试图接入ICN的非法、恶意请求筛选出来并阻断,同时利用持续进行的多轮博弈迭代以及SDN灵活动态的特性对策略参数进行实时调整,以防止相同恶意接入源的再次访问。仿真实验结果表明,随着博弈轮数的增加,相比于现有的两类恶意接入防御方法,该框架的检测准确性提升了3%以上,假阳性比例下降了1.2%以上,检测效率提升了14.7%以上,且具有较好的鲁棒性。
基金supported by the Chinese Academy of Sciences through the Strategic Priority Research Program under Grant No.XDC02020400.
文摘In industrial control systems,the utilization of deep learning based methods achieves improvements for anomaly detection.However,most current methods ignore the association of inner components in industrial control systems.In industrial control systems,an anomaly component may affect the neighboring components;therefore,the connective relationship can help us to detect anomalies effectively.In this paper,we propose a centrality-aware graph convolution network(CAGCN)for anomaly detection in industrial control systems.Unlike the traditional graph convolution network(GCN)model,we utilize the concept of centrality to enhance the ability of graph convolution networks to deal with the inner relationship in industrial control systems.Our experiments show that compared with GCN,our CAGCN has a better ability to utilize this relationship between components in industrial control systems.The performances of the model are evaluated on the Secure Water Treatment(SWaT)dataset and the Water Distribution(WADI)dataset,the two most common industrial control systems datasets in the field of industrial anomaly detection.The experimental results show that our CAGCN achieves better results on precision,recall,and F1 score than the state-of-the-art methods.
