Multi-Mode Attack Detection and Evaluation of Abnormal States for Industrial Control Network
-
摘要: 面向工控网的攻击策略多种多样,其最终目的是导致系统进入临界状态或危险状态,因此,基于设备状态异常的攻击检测方式相较于其他检测方法更为可靠.然而,状态异常检测中存在攻击结束时刻难以准确界定的问题,构建攻击策略及系统异常状态描述模型,基于此,提出基于状态转移概率图的异常检测方案,实验结果表明该方案能够有效检测多种攻击方式.另外,针对语义攻击对系统状态影响的定量评估难题,提出基于异常特征和损害程度指标融合分析的攻击影响定量评估方法,实现系统所处不同阶段时状态的定量评估与分析.该项工作对于识别攻击意图有重要的理论价值和现实意义.Abstract: The ultimate intentions of various attack strategies leads the control system to a critical states or dangerous states for industrial control network. As a consequence, the attack detection method based on abnormal device status exceeds any other methods in terms of reliability. Oriented to the difficulty of accurately determining the ending of attack, this paper established the attack strategies model and the abnormal status description model, and then constructed corresponding datasets under a variety of attack strategies, proposed time slice partitioning algorithm based on inflection point fusion and state feature clustering algorithm, finally constructed an anomaly detection scheme based on state transition probability graph. Experimental results indicate that this scheme can effectively detect a variety of attack strategies. In addition, the research on the quantitative evaluation of semantic attack impacting on system states is relatively weaker than any other attack pattern, such as data injection attack, denial of service attack, and man-in the middle attack. In response to the above phenomenon, with results of anomaly detection as the cornerstone, this paper proposed the scheme of quantitative evaluation of attack impact on system states, according to the fusion analysis of abnormal features and threat degree indicators, for the state changes of the system at different stages. This work has important theoretical valuation and practical significance for identifying attack intention.
-
-
期刊类型引用(10)
1. 崔玉礼,黄丽君. 基于图卷积神经网络的WSN零动态攻击检测方法. 太原学院学报(自然科学版). 2025(01): 78-84 . 
百度学术
2. 何戡,陈金喆,宗学军,齐济,孙永超. 基于油气集输半实物仿真平台的工控网络安全测试研究. 化工自动化及仪表. 2024(02): 274-283 . 百度学术
3. 李卫峰,冯光辉. 基于动态特征选择的恶意网络行为检测仿真. 计算机仿真. 2024(02): 410-414 . 百度学术
4. 马佳利,郭渊博,方晨,陈庆礼,张琦. 基于数字孪生的工业互联网安全检测与响应研究. 通信学报. 2024(06): 87-100 . 百度学术
5. 李一鑫. 面向工业网络场景的基于1DLA-CNN和DCNN-IDS算法的网络安全检测模型研究. 自动化与仪器仪表. 2024(07): 138-142 . 百度学术
6. 过珺. 基于优先级诊断树的工控网络入侵数据关联挖掘方法. 齐齐哈尔大学学报(自然科学版). 2024(04): 11-16 . 百度学术
7. 王泽鹏 ,马超 ,张壮壮 ,吴黎兵 ,石小川 . 动态决策驱动的工控网络数据要素威胁检测方法. 计算机研究与发展. 2024(10): 2404-2416 . 本站查看
8. 刘奇旭,陈艳辉,尼杰硕,罗成,柳彩云,曹雅琴,谭儒,冯云,张越. 基于机器学习的工业互联网入侵检测综述. 计算机研究与发展. 2022(05): 994-1014 . 本站查看
9. 赵明明,司红星,刘潮. 基于数据挖掘与关联分析的工控设备异常运行状态自动化检测方法分析. 信息安全与通信保密. 2022(04): 2-10 . 百度学术
10. 刘广睿,张伟哲,李欣洁. 基于边缘样本的智能网络入侵检测系统数据污染防御方法. 计算机研究与发展. 2022(10): 2348-2361 . 本站查看
其他类型引用(4)
计量
- 文章访问数:
- HTML全文浏览量: 0
- PDF下载量:
- 被引次数: 14
下载:
