Shangqing Cui,Dongqin Feng

DOI: https://doi.org/10.1109/icpeca56706.2023.10076096

2023-01-01

Abstract:With the application of Internet technologies in the industrial field, industrial control systems (ICS) have the possibility of suffering malicious network attacks. Because ICS is widely used in critical infrastructure, designing attack detection algorithms for it can effectively reduce losses. Many papers have built physical models for cyber-attacks against ICS and the corresponding detection algorithms have been proposed. However, the detection performance can be further improved. This paper establishes the simulation attack on the Tennessee Eastman (TE) process and proposes an improved support vector machine (SVM) method to detect integrity attacks. This algorithm uses contribution plots and recursive feature elimination to select features. Compared with the principal component analysis (PCA) feature extraction, the detection accuracy is improved. After adding system dynamics to the algorithm, the time to detect attacks is advanced.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

LIN Junhao,FENG Dongqin

DOI: https://doi.org/10.11959/j.issn.2096−6652.202006

2020-01-01

Abstract:Compared with traditional network security defense methods,industrial system security protection research based on process flow has become an important research direction in the field of industrial security.An improved backward cloud algorithm based on first order absolute central moment (BC-1stM) non-deterministic reverse cloud method was proposed,which was modeled by the time series and the normal state of the process flow.The security protection detection and alarm based on the process attack mode in the industrial system was realized,and Tennessee Eastman chemical process platform was adopted to validate the algorithm.The results show that the model had a high precision in the detection of attack behavior and detection of attack points,and improved the security protection capability of industrial systems.

Wei Liang,Kuan-Ching Li,Jing Long,Xiaoyan Kui,Albert Y. Zomaya

DOI: https://doi.org/10.1109/tii.2019.2946791

IF: 12.3

2020-03-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8, and the FP of detection is decreased by 8.8.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Linfeng Wu,Wei Ruan,Keda Sun,Liang Chen,Liu Yang,Tingting Ye

DOI: https://doi.org/10.1109/ICNSC52481.2021.9702185

2021-01-01

Abstract:At present, the security situation in the industrial internet is becoming more and more serious. Various threats such as network attacks, malicious code and vulnerability utilization are gradually increasing. Consequently, it is urgent to study industrial threat detection methods. In order to tackle typical network attacks, system vulnerabilities and malicious operations, a real-time intelligent industrial threat detection method is proposed by analyzing the network data in the industrial control system. Particularly, artificial intelligence technique, adversarial sample generation technique and deep learning model are used in the method. Besides, the proposed method is achieved in the real network, and the corresponding industrial threat detection platform is developed. The results show that the developed threat detection platform can detect a variety of typical network attacks, system vulnerabilities, malicious code, etc. At the same time, the platform has good throughput and compatibility and is suitable for the actual industrial environment.

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Grzegorz Czeczot,Izabela Rojek,Dariusz Mikołajewski

DOI: https://doi.org/10.3390/electronics13061161

IF: 2.9

2024-03-22

Electronics

Abstract:Industrial Internet of Things (IIoT) technology, as a subset of the Internet of Things (IoT) in the concept of Industry 4.0 and, in the future, 5.0, will face the challenge of streamlining the way huge amounts of data are processed by the modules that collect the data and those that analyse the data. Given the key features of these analytics, such as reducing the cost of building massive data centres and finding the most efficient way to process data flowing from hundreds of nodes simultaneously, intermediary devices are increasingly being used in this process. Fog and edge devices are hardware devices designed to pre-analyse terabytes of data in a stream and decide in realtime which data to send for final analysis, without having to send the data to a central processing unit in huge local data centres or to an expensive cloud. As the number of nodes sending data for analysis via collection and processing devices increases, so does the risk of data streams being intercepted. There is also an increased risk of attacks on this sensitive infrastructure. Maintaining the integrity of this infrastructure is important, and the ability to analyse all data is a resource that must be protected. The aim of this paper is to address the problem of autonomous threat detection and response at the interface of sensors, edge devices, cloud devices with historical data, and finally during the data collection process in data centres. Ultimately, we would like to present a machine learning algorithm with reinforcements adapted to detect threats and immediately isolate infected nests.

engineering, electrical & electronic,computer science, information systems,physics, applied

Aidong Xu,Minggui Cao,Runfa Liao,Yunan Zhang,Yixin Jiang,Yi Chen,Hong Wen,Jinran Du

DOI: https://doi.org/10.1088/1755-1315/428/1/012019

2020-01-01

IOP Conference Series Earth and Environmental Science

Abstract:Edge computing can meet the needs of many industries in real-time business control, security and privacy protection. In the process of massive heterogeneous terminals accessing the network through edge devices, it is very challenging to achieve fast and reliable authentication. The physical layer authentication technology authenticates through the channel characteristics, which has the characteristics of lightweight, and can well adapt to the authentication scenario of massive heterogeneous terminal access. In order to identify malicious nodes, this paper proposes an attack identification scheme of malicious nodes under edge computing. The new channel response information vector is constructed by using the correlation between the channel information of consecutive frames. Two or more time slot channel frequency response vectors are averaged to obtain a new channel response vector. It has the advantages of low computational complexity and high recognition accuracy. And combined with the channel frequency response based on the deep neural network to identify malicious nodes, the data set in the factory environment is simulated.

Minh T. Hoang,Nhan V. Nguyen,Thu A. Pham,Tra T. Nguyen,Tuan M. Dang,Hoang N. Nguyen

DOI: https://doi.org/10.15837/ijccc.2024.5.6767

IF: 2.635

2024-09-02

International Journal of Computers Communications & Control

Abstract:Edge computing is essential for 6G mobile networks for improving reliability, reducing data rates and latency, and enhancing mobile connectivity. Edge computing is also meant to meet the increasing demands of the Internet of Things (IoT)/ Internet of Everything (IoE). In these approaches, IIoT systems necessitate precision, reliability, and scalability, while vulnerabilities in IIoT systems may lead to financial losses and safety hazards. To tackle this, Edge AI/ML-based IDSs provide adaptability and robustness for IIoT security challenges. These solutions improve security levels, threat detection rates, and response times. However, main issues such as limited resources and the accuracy of attack detection rate are challenged nowadays. In this paper, we present contributions in proposing an intrusion detection system (IDS) for edge devices deploying a lightweight deep neural network to detect IIoT attacks. We present performance analysis of the typical dimensionality reduction methods and balancing data features of the Edge-IIoT dataset to get higher performance metrics than other state-of-the-art studies.

computer science, information systems,automation & control systems

Kai Yang,JiaMing Wang,MinJing Li

DOI: https://doi.org/10.1038/s41598-024-70094-2

2024-08-20

Abstract:In the field of Industrial Internet of Things (IIoT), existing intrusion detection models face challenges in three main areas: low accuracy in detecting attack traffic, feature redundancy when dealing with high-dimensional and complex attack traffic, making it difficult to capture critical information, and a tendency to favor learning common categories while neglecting rare categories when handling imbalanced data. To tackle these challenges, this study introduces an intrusion detection method that combines an attention mechanism, Bidirectional Gated Recurrent Units (BiGRU), and Inception Convolutional Neural Network (Inception-CNN) to enhance the model's detection rate. Simultaneously, the method employs a mixed sampling strategy for data resampling to address the bias learning issue caused by data imbalance. Additionally, the method employs a hybrid sampling strategy for data resampling to address the bias learning issue caused by data imbalance. It also incorporates denoising techniques to handle potential dataset noise introduced by hybrid sampling. Furthermore, a feature selection method combining Pearson correlation coefficient and Random Forest is applied to eliminate feature redundancy, enhancing the model's ability to capture crucial information from high-dimensional attack traffic. Experimental validation on internationally recognized datasets (Edge-IIoTset, CIC-IDS2017, and CIC IoT 2023) affirms the reliability of the proposed intrusion detection method. This approach underscores the significance of intrusion detection in the security of Industrial IoT and showcases its potential in addressing pertinent challenges in network security.

Qi Ao

DOI: https://doi.org/10.1109/dsa51864.2020.00028

2020-11-01

Abstract:In the last decade, the industrial field has suffered from a large number of attacks, which are diverse and difficult to detect. Aiming at the stealthy attacks suffered by industrial control systems, this paper processed an intrusion detection method oriented to industrial control process. The method focused on the change in the state of the controlled physical system, and under the premise that the alarm mechanism cannot detect the attack, it abstracted the intrusion detection into the optimization stopping of the detection of the state of the controlled system. Through adaptive optimization of the reference value in the non-parametric cumulative sum (CUSUM) algorithm, the detection delay of the industrial control process is further shortened. Simulation experiments show that this method can detect the tampering of the sensor observation data by the attacker in time, and effectively avoid the physical damage of the controlled system.

Guangxia Lia,Yulong Shena,Peilin Zhaob,Xiao Lu,Jia Liu,Yangyang Liu,Steven C. H. Hoi

DOI: https://doi.org/10.48550/arXiv.1912.03589

IF: 5.414

2019-12-08

Machine Learning

Abstract:Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace---the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds---power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

Fei Yu,Qiang Wei,Yangyang Geng,Yunchao Wang

DOI: https://doi.org/10.1109/imcec51613.2021.9482240

2021-06-18

Abstract:Industrial network boundary protection equipment faces threats from attackers when protecting the industrial control system network. The similarity and static characteristics caused by large-scale and long-term deployment determine that it could only defend against known attacks but could not deal with unknown APT threats, which leads to the breakthrough of one defense line is equivalent to the breakthrough of all defense lines and may bring challenges to industrial production safety. This paper proposes a mimic defense model of industrial isolation gateway based on endogenous security. With the dynamic scheduling mechanism to transform the attack surface, the gateway selects multiple heterogeneous filter executors to process the same packet simultaneously. By comparing the processing results of each executor, anomaly detection is carried out to realize the dynamic defense of the industrial isolation gateway. The experimental results show that the industrial isolation gateway based on mimic architecture can significantly increase the difficulty of backdoor utilization, such as paralysis, rule tampering, and information theft, and effectively defend the industrial control system from the threats caused by the backdoors and vulnerabilities of the isolation gateway while exerting the normal boundary protection function.

Hongcheng Huang,Peixin Ye,Min Hu,Jun Wu

DOI: https://doi.org/10.1016/j.dcan.2022.04.008

IF: 6.348

2022-04-01

Digital Communications and Networks

Abstract:Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

telecommunications

Wenxin Lei,Wenjing Hou,Aidong Xu,Yixin Jiang,Hong Wen,Yunan Zhang

DOI: https://doi.org/10.1145/3448734.3450781

2021-01-01

Abstract:Edge computing is now widely applied in industrial IoT to enable fast response and resolution of services for end-user applications in the interconnected world of things. However, edge computing devices are highly vulnerable to attacks due to their proximity to ends with large amounts of private user information and rich digital assets. The purpose of this paper is to propose a situational awareness approach for edge computing devices to protect the security of edge devices. An example is implemented, and the results show that the situational awareness model can accurately detect the attacks encountered by edge devices.

Bruno Paes Leao,Jagannadh Vempati,Siddharth Bhela,Tobias Ahlgrim,Daniel Arnold

2024-05-31

Abstract:Modern industrial systems face a growing threat from sophisticated cyberattacks that can cause significant operational disruptions. This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of such a system. Application of the proposed framework can enable the design and development of advanced cybersecurity solutions for a wide range of industrial applications. Attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation model (SM), of the industrial process is employed for calculation of the KPI based on operating conditions. Such SM is augmented with a layer of information describing the communication network topology, connected devices, and potential actions an adversary can take based on each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated with the cyberattack (cyber-states) and transition logic for updating their values is also proposed. The resulting augmented simulation model (ASM) is then employed in an artificial intelligence-based sequential decision-making optimization to yield the most critical cyberattack scenarios as measured by their impact on the defined KPI. The methodology is successfully tested based on an electrical power distribution system use case.

Systems and Control

Zhongran Zhou,Cheng Huang,Xuxi Zou,Lei Mao

DOI: https://doi.org/10.1145/3654446.3654508

2023-01-01

Abstract:In industrial Internet system, data security and privacy protection are very important, and data interaction and collaboration need fast and reliable network connection. Lightweight trusted identity architecture needs to support high-speed data transmission and processing, and provide secure authentication and access control mechanisms to prevent unauthorized access and malicious attacks. Therefore, a lightweight trusted identity architecture based on cloud-side collaboration technology of industrial Internet is designed. The data collector is used to collect the lightweight trusted identification data of industrial Internet, and a task scheduling model of industrial Internet is constructed based on cloud-side collaboration technology. On this basis, combined with industrial Internet, trusted applications and logo authorities, the lightweight trusted logo architecture is designed. The experimental results show that the proposed method has high confidence and accuracy of verification information, and can accurately detect and identify industrial Internet attacks, and take corresponding countermeasures in time, thus protecting users' network security.

Ziaur Rahman,Xun Yi Ibrahim Khalil

DOI: https://doi.org/10.48550/arXiv.2201.12727

2022-01-30

Cryptography and Security

Abstract:Industry 4.0 is all about doing things in a concurrent, secure, and fine-grained manner. IoT edge-sensors and their associated data play a predominant role in today's industry ecosystem. Breaching data or forging source devices after injecting advanced persistent threats (APT) damages the industry owners' money and loss of operators' lives. The existing challenges include APT injection attacks targeting vulnerable edge devices, insecure data transportation, trust inconsistencies among stakeholders, incompliant data storing mechanisms, etc. Edge-servers often suffer because of their lightweight computation capacity to stamp out unauthorized data or instructions, which in essence, makes them exposed to attackers. When attackers target edge servers while transporting data using traditional PKI-rendered trusts, consortium blockchain (CBC) offers proven techniques to transfer and maintain those sensitive data securely. With the recent improvement of edge machine learning, edge devices can filter malicious data at their end which largely motivates us to institute a Blockchain and AI aligned APT detection system. The unique contributions of the paper include efficient APT detection at the edge and transparent recording of the detection history in an immutable blockchain ledger. In line with that, the certificateless data transfer mechanism boost trust among collaborators and ensure an economical and sustainable mechanism after eliminating existing certificate authority. Finally, the edge-compliant storage technique facilitates efficient predictive maintenance. The respective experimental outcomes reveal that the proposed technique outperforms the other competing systems and models.

Zhuocheng Xu,Ziang Yang,Boya Di,Lingyang Song

DOI: https://doi.org/10.1109/VTC2023-Fall60731.2023.10333804

2023-01-01

Abstract:Edge computing has been viewed as a powerful technology to realize the vision of network services. However, due to the limited capabilities and insufficient security systems, edge computing is vulnerable to distributed denial of service (DDoS) attacks which may exhaust the resources of edge servers with excessive requests and degrade their service capabilities. Setting detection thresholds for DDoS detection indicators can effectively prevent DDoS attacks, but existing thresholding methods fail to update detection thresholds in time to guarantee the detection performance whenever the system settings vary. In this paper, we propose a multi-dimensional thresholding method against DDoS attacks in edge computing. We design three detection indicators based on the behavior features of DDoS attackers. By solving a threshold optimization problem, we obtain closed-form solutions and numerical solutions of the optimal detection thresholds, which adapt to dynamic system settings. Simulations show that the proposed thresholding method has a superior detection performance in terms of both the accuracy and robustness.