Argus：基于多源数据驱动的工控安全态势感知系统

朱天晨; 赵军; 李博; 李建欣

doi:10.11959/j.issn.2096-0271.2023051

您当前的位置：

首页 >

文章列表页 >

Argus：基于多源数据驱动的工控安全态势感知系统

专题：跨域数据管理 | 更新时间：2024-06-03

- Argus：基于多源数据驱动的工控安全态势感知系统
- Argus: multi-source data-driven industrial control security situational awareness system
- 大数据 2023年9卷第4期页码：98-115
- 作者机构：
  
  1. 北京航空航天大学计算机学院，北京 100191
  2. 北京市大数据与脑机智能高精尖中心（北京航空航天大学），北京 100191
  3. 山东师范大学信息科学与工程学院，山东济南 250358
  4. 中关村实验室，北京 100191
- 作者简介：
  
  [ "朱天晨（1996- ），男，北京航空航天大学计算机学院博士生，主要研究方向为大数据分析与处理、强化学习、序列决策等" ]
  [ "赵军（1989- ），男，博士，山东师范大学信息科学与工程学院讲师，主要研究方向为工业控制系统安全、网络威胁情报、图神经网络" ]
  [ "李博（1980- ），男，博士，北京航空航天大学计算机学院副研究员，北京市大数据科学与脑机智能高精尖中心高级研究员，主要研究方向为网络安全、工业互联网、大数据安全等" ]
  [ "李建欣（1979- ），男，博士，北京航空航天大学计算机学院教授、党委书记，北京市大数据科学与脑机智能高精尖创新中心研究员，主要研究方向为大数据分析与处理、机器学习和可信计算等" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(U20B2053)
- DOI：10.11959/j.issn.2096-0271.2023051
  中图分类号： TP311
- 网络首发：2023-07，
  
  纸质出版：2023-07-15
- 稿件说明：
移动端阅览
朱天晨, 赵军, 李博, 等. Argus：基于多源数据驱动的工控安全态势感知系统[J]. 大数据, 2023,9(4):98-115.

Tianchen ZHU, Jun ZHAO, Bo LI, et al. Argus: multi-source data-driven industrial control security situational awareness system[J]. Big data research, 2023, 9(4): 98-115.
朱天晨, 赵军, 李博, 等. Argus：基于多源数据驱动的工控安全态势感知系统[J]. 大数据, 2023,9(4):98-115. DOI： 10.11959/j.issn.2096-0271.2023051.

Tianchen ZHU, Jun ZHAO, Bo LI, et al. Argus: multi-source data-driven industrial control security situational awareness system[J]. Big data research, 2023, 9(4): 98-115. DOI： 10.11959/j.issn.2096-0271.2023051.

摘要

工业控制（工控）系统是国家工业制造与民用基础设施的“大脑”，近年来安全风险日益突出，已成为网络安全中的重点防护目标。针对工控安全数据分散、威胁感知滞后的问题，设计了多源数据驱动的工控安全态势感知系统Argus，提出了工控安全感知链，研发了无状态极速设备扫描、威胁情报精准提取、可疑攻击行为检测等工控安全态势自主感知技术，实现了多通道、立体式工控安全监测与态势感知。实验结果显示，相比传统工控安全态势感知方法，Argus系统的感知精度提升超过10%，效率提升两个数量级，并可前摄性地预警、缓解潜在安全风险。

Abstract

Industrial control system (ICS) is the brain of national industrial manufacturing and civil infrastructure.However

the security risks associated with ICS have become increasingly prominent

making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically

the paper presented a multi-source data-driven ICS security situational awareness system named Argus

which incorporated an awareness chain for ICS security.Furthermore

the paper developed autonomous situational awareness technologies for ICS security

such as stateless high-speed device scanning

precise threat intelligence extraction

and suspicious attack behavior detection

to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that

compared with conventional ICS situational awareness methods

the perception accuracy of the Argus system has improved by over 10%

with efficiency improvements by two orders of magnitude.Additionally

Argus allows for proactive warning and mitigation of potential security risks.

关键词

Keywords

references

BHAMARE D , ZOLANVARI M , ERBAD A , et al . Cybersecurity for industrial control systems:a survey [J ] . Computers＆ Security , 2020 ,89:101677.

周明 , 吕世超 , 游建舟 , 等 . 工业控制系统安全态势感知技术研究 [J ] . 信息安全学报 , 2022 , 7 ( 2 ): 101 - 119 .

ZHOU M , LYU S C , YOU J Z , et al . A comprehensive survey of security situational aware-ness on industrial control systems [J ] . Journal of Cyber Security , 2022 , 7 ( 2 ): 101 - 119 .

FENG C , LI T T , CHANA D . Multilevel anomaly detection in industrial control systems via package signatures and LSTM networks [C ] // Proceedings of 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . Piscataway:IEEE Press , 2017 : 261 - 272 .

MUNA A L H , MOUSTAFA N , SITNIKOVA E . Identification of malicious activities in industrial Internet of Things based on deep learning models [J ] . Journal of Information Security and Applications , 2018 , 41 : 1 - 11 .

CHANG C P , HSU W C , LIAO I E . Anomaly detection for industrial control systems using K-means and convolutional autoencoder [C ] // Proceedings of 2019 International Conference on Software,Telecommunications and Computer Networks (SoftCOM) . Piscataway:IEEE Press , 2019 : 1 - 6 .

DEMERTZIS K , ILIADIS L , BOUGOUDIS I . Gryphon:a semi-supervised anomaly detection system based on one-class evolving spiking neural network [J ] . Neural Computing and Applications , 2020 , 32 ( 9 ): 4303 - 4314 .

PRIYANGA S , KRITHIVASAN K , PRAVINRAJ S , et al . Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraphbased convolution neural network (EPCAHG-CNN) [J ] . IEEE Transactions on Industry Applications , 2020 , 56 ( 4 ): 4394 - 4404 .

DOSHI K , YILMAZ Y , ULUDAG S . Timely detection and mitigation of stealthy DDoS attacks via IoT networks [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 5 ): 2164 - 2176 .

KHAN I A , KESHK M , PI D C , et al . Enhancing IIoT networks protection:a robust security model for attack detection in Internet industrial control systems [J ] . Ad Hoc Networks , 2022 ,134:102930.

ISO . Electrical and electronic components and general system aspects:ISO/TC 22/SC 32 [S ] . 2021 .

SCHLETTE D , CASELLI M , PERNUL G . A comparative study on cyber threat intelligence:the security incident response perspective [J ] . IEEE Communications Surveys ＆ Tutorials , 2021 , 23 ( 4 ): 2525 - 2556 .

OASIS . Cyber threat intelligence (CTI):TC.STIX 2.0 [S ] . 2018 .

HUANG Z , XU W , YU K . Bidirectional LSTM-CRF models for sequence tagging [J ] . arXiv preprint , 2015 ,arXiv:1508 .01991.

ZHENG S C , HAO Y X , LU D Y , et al . Joint entity and relation extraction based on a hybrid neural network [J ] . Neurocomputing , 2017 , 257 : 59 - 66 .

ZHAO J , LIU X D , YAN Q B , et al . Multi-attributed heterogeneous graph convolutional network for bot detection [J ] . Information Sciences , 2020 , 537 : 380 - 393 .

SUN Y Z , HAN J W , YAN X F , et al . Pathsim:meta path-based top-k similarity search in heterogeneous information networks [J ] . Proceedings of the VLDB Endowment , 2011 , 4 ( 11 ): 992 - 1003 .

LYON G F . Nmap network scanning:the official Nmap project guide to network discovery and security scanning [M ] . Sunnyvale : Insecure , 2009 .

GARCÍA S , GRILL M , STIBOREK J , et al . An empirical comparison of botnet detection methods [J ] . Computers ＆Security , 2014 , 45 : 100 - 123 .

HEARST M A , DUMAIS S T , OSUNA E , et al . Support vector machines [J ] . IEEE Intelligent Systems and Their Applications , 1998 , 13 ( 4 ): 18 - 28 .

DAYA A A , SALAHUDDIN M A , LIMAM N , et al . A graph-based machine learning approach for bot detection [C ] // Proceedings of 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) . Piscataway:IEEE Press , 2019 : 144 - 152 .

CHOWDHURY S , KHANZADEH M , AKULA R , et al . Botnet detection using graph-based feature clustering [J ] . Journal of Big Data , 2017 , 4 ( 1 ): 1 - 23 .

KIPF T N , WELLING M . Semi-supervised classification with graph convolutional networks [J ] . arXiv preprint , 2016 ,arXiv:1609.02907.

WANG X , JI H Y , SHI C , et al . Heterogeneous graph attention network [C ] // Proceedings of WWW’19:The World Wide Web Conference . New York:ACM Press , 2019 : 2022 - 2032 .

浏览量

464

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向高质量企业征信数据集的治理体系构建与实践