1. 北京航空航天大学计算机学院,北京 100191
2. 北京市大数据与脑机智能高精尖中心(北京航空航天大学),北京 100191
3. 山东师范大学信息科学与工程学院,山东 济南 250358
4. 中关村实验室,北京 100191
[ "朱天晨(1996- ),男,北京航空航天大学计算机学院博士生,主要研究方向为大数据分析与处理、强化学习、序列决策等" ]
[ "赵军(1989- ),男,博士,山东师范大学信息科学与工程学院讲师,主要研究方向为工业控制系统安全、网络威胁情报、图神经网络" ]
[ "李博(1980- ),男,博士,北京航空航天大学计算机学院副研究员,北京市大数据科学与脑机智能高精尖中心高级研究员,主要研究方向为网络安全、工业互联网、大数据安全等" ]
[ "李建欣(1979- ),男,博士,北京航空航天大学计算机学院教授、党委书记,北京市大数据科学与脑机智能高精尖创新中心研究员,主要研究方向为大数据分析与处理、机器学习和可信计算等" ]
网络首发:2023-07,
纸质出版:2023-07-15
移动端阅览
朱天晨, 赵军, 李博, 等. Argus:基于多源数据驱动的工控安全态势感知系统[J]. 大数据, 2023,9(4):98-115.
Tianchen ZHU, Jun ZHAO, Bo LI, et al. Argus: multi-source data-driven industrial control security situational awareness system[J]. Big data research, 2023, 9(4): 98-115.
朱天晨, 赵军, 李博, 等. Argus:基于多源数据驱动的工控安全态势感知系统[J]. 大数据, 2023,9(4):98-115. DOI: 10.11959/j.issn.2096-0271.2023051.
Tianchen ZHU, Jun ZHAO, Bo LI, et al. Argus: multi-source data-driven industrial control security situational awareness system[J]. Big data research, 2023, 9(4): 98-115. DOI: 10.11959/j.issn.2096-0271.2023051.
工业控制(工控)系统是国家工业制造与民用基础设施的“大脑”,近年来安全风险日益突出,已成为网络安全中的重点防护目标。针对工控安全数据分散、威胁感知滞后的问题,设计了多源数据驱动的工控安全态势感知系统Argus,提出了工控安全感知链,研发了无状态极速设备扫描、威胁情报精准提取、可疑攻击行为检测等工控安全态势自主感知技术,实现了多通道、立体式工控安全监测与态势感知。实验结果显示,相比传统工控安全态势感知方法,Argus系统的感知精度提升超过10%,效率提升两个数量级,并可前摄性地预警、缓解潜在安全风险。
Industrial control system (ICS) is the brain of national industrial manufacturing and civil infrastructure.However
the security risks associated with ICS have become increasingly prominent
making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically
the paper presented a multi-source data-driven ICS security situational awareness system named Argus
which incorporated an awareness chain for ICS security.Furthermore
the paper developed autonomous situational awareness technologies for ICS security
such as stateless high-speed device scanning
precise threat intelligence extraction
and suspicious attack behavior detection
to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that
compared with conventional ICS situational awareness methods
the perception accuracy of the Argus system has improved by over 10%
with efficiency improvements by two orders of magnitude.Additionally
Argus allows for proactive warning and mitigation of potential security risks.
BHAMARE D , ZOLANVARI M , ERBAD A , et al . Cybersecurity for industrial control systems:a survey [J ] . Computers& Security , 2020 ,89:101677.
周明 , 吕世超 , 游建舟 , 等 . 工业控制系统安全态势感知技术研究 [J ] . 信息安全学报 , 2022 , 7 ( 2 ): 101 - 119 .
ZHOU M , LYU S C , YOU J Z , et al . A comprehensive survey of security situational aware-ness on industrial control systems [J ] . Journal of Cyber Security , 2022 , 7 ( 2 ): 101 - 119 .
FENG C , LI T T , CHANA D . Multilevel anomaly detection in industrial control systems via package signatures and LSTM networks [C ] // Proceedings of 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . Piscataway:IEEE Press , 2017 : 261 - 272 .
MUNA A L H , MOUSTAFA N , SITNIKOVA E . Identification of malicious activities in industrial Internet of Things based on deep learning models [J ] . Journal of Information Security and Applications , 2018 , 41 : 1 - 11 .
CHANG C P , HSU W C , LIAO I E . Anomaly detection for industrial control systems using K-means and convolutional autoencoder [C ] // Proceedings of 2019 International Conference on Software,Telecommunications and Computer Networks (SoftCOM) . Piscataway:IEEE Press , 2019 : 1 - 6 .
DEMERTZIS K , ILIADIS L , BOUGOUDIS I . Gryphon:a semi-supervised anomaly detection system based on one-class evolving spiking neural network [J ] . Neural Computing and Applications , 2020 , 32 ( 9 ): 4303 - 4314 .
PRIYANGA S , KRITHIVASAN K , PRAVINRAJ S , et al . Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraphbased convolution neural network (EPCAHG-CNN) [J ] . IEEE Transactions on Industry Applications , 2020 , 56 ( 4 ): 4394 - 4404 .
DOSHI K , YILMAZ Y , ULUDAG S . Timely detection and mitigation of stealthy DDoS attacks via IoT networks [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 5 ): 2164 - 2176 .
KHAN I A , KESHK M , PI D C , et al . Enhancing IIoT networks protection:a robust security model for attack detection in Internet industrial control systems [J ] . Ad Hoc Networks , 2022 ,134:102930.
ISO . Electrical and electronic components and general system aspects:ISO/TC 22/SC 32 [S ] . 2021 .
SCHLETTE D , CASELLI M , PERNUL G . A comparative study on cyber threat intelligence:the security incident response perspective [J ] . IEEE Communications Surveys & Tutorials , 2021 , 23 ( 4 ): 2525 - 2556 .
OASIS . Cyber threat intelligence (CTI):TC.STIX 2.0 [S ] . 2018 .
HUANG Z , XU W , YU K . Bidirectional LSTM-CRF models for sequence tagging [J ] . arXiv preprint , 2015 ,arXiv:1508 .01991.
ZHENG S C , HAO Y X , LU D Y , et al . Joint entity and relation extraction based on a hybrid neural network [J ] . Neurocomputing , 2017 , 257 : 59 - 66 .
ZHAO J , LIU X D , YAN Q B , et al . Multi-attributed heterogeneous graph convolutional network for bot detection [J ] . Information Sciences , 2020 , 537 : 380 - 393 .
SUN Y Z , HAN J W , YAN X F , et al . Pathsim:meta path-based top-k similarity search in heterogeneous information networks [J ] . Proceedings of the VLDB Endowment , 2011 , 4 ( 11 ): 992 - 1003 .
LYON G F . Nmap network scanning:the official Nmap project guide to network discovery and security scanning [M ] . Sunnyvale : Insecure , 2009 .
GARCÍA S , GRILL M , STIBOREK J , et al . An empirical comparison of botnet detection methods [J ] . Computers &Security , 2014 , 45 : 100 - 123 .
HEARST M A , DUMAIS S T , OSUNA E , et al . Support vector machines [J ] . IEEE Intelligent Systems and Their Applications , 1998 , 13 ( 4 ): 18 - 28 .
DAYA A A , SALAHUDDIN M A , LIMAM N , et al . A graph-based machine learning approach for bot detection [C ] // Proceedings of 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) . Piscataway:IEEE Press , 2019 : 144 - 152 .
CHOWDHURY S , KHANZADEH M , AKULA R , et al . Botnet detection using graph-based feature clustering [J ] . Journal of Big Data , 2017 , 4 ( 1 ): 1 - 23 .
KIPF T N , WELLING M . Semi-supervised classification with graph convolutional networks [J ] . arXiv preprint , 2016 ,arXiv:1609.02907.
WANG X , JI H Y , SHI C , et al . Heterogeneous graph attention network [C ] // Proceedings of WWW’19:The World Wide Web Conference . New York:ACM Press , 2019 : 2022 - 2032 .
0
浏览量
464
下载量
0
CSCD
关联资源
相关文章
相关作者
相关机构
京公网安备11010802024621