基于数字孪生的工业互联网安全检测与响应研究

马佳利; 郭渊博; 方晨; 陈庆礼; 张琦

doi:10.11959/j.issn.1000-436x.2024091

您当前的位置：

首页 >

文章列表页 >

基于数字孪生的工业互联网安全检测与响应研究

专题：工业互联网安全技术 | 更新时间：2024-08-08

- 基于数字孪生的工业互联网安全检测与响应研究
- Research on industrial Internet security detection and response based on digital twin
- 通信学报 2024年45卷第6期页码：87-100
- 作者机构：
  
  信息工程大学密码工程学院，河南郑州 450001
- 作者简介：
  
  [ "马佳利（1996- ），男，福建福清人，信息工程大学博士生，主要研究方向为数字孪生、网络安全、工业互联网等。" ]
  [ "郭渊博（1975- ），男，陕西周至人，博士，信息工程大学教授、博士生导师，主要研究方向为网络安全、数据挖掘、机器学习和人工智能安全等。" ]
  [ "方晨（1993- ），男，安徽宿松人，博士，信息工程大学讲师，主要研究方向为机器学习、隐私安全等。" ]
  陈庆礼（1998- ），男，河南新乡人，信息工程大学硕士生，主要研究方向为人工智能安全等。
  张琦（1983- ），男，河南新乡人，信息工程大学副教授，主要研究方向为人工智能安全等。
- 基金信息：
  
  国家自然科学基金资助项目(62276091);国家社会科学基金资助项目(2022-SKJJ-B-057);河南省重大公益专项基金资助项目;Major Public Welfare Project of Henan Province(201300311200)
- DOI：10.11959/j.issn.1000-436x.2024091
  中图分类号： TP391
- 收稿日期：2023-11-13，
  
  修回日期：2024-04-08，
  
  纸质出版日期：2024-06-25
- 稿件说明：
移动端阅览
马佳利,郭渊博,方晨等.基于数字孪生的工业互联网安全检测与响应研究[J].通信学报,2024,45(06):87-100.

MA Jiali,GUO Yuanbo,FANG Chen,et al.Research on industrial Internet security detection and response based on digital twin[J].Journal on Communications,2024,45(06):87-100.
马佳利,郭渊博,方晨等.基于数字孪生的工业互联网安全检测与响应研究[J].通信学报,2024,45(06):87-100. DOI： 10.11959/j.issn.1000-436x.2024091.

MA Jiali,GUO Yuanbo,FANG Chen,et al.Research on industrial Internet security detection and response based on digital twin[J].Journal on Communications,2024,45(06):87-100. DOI： 10.11959/j.issn.1000-436x.2024091.

摘要

考虑传统网络安全防御方法不能够满足工业互联网对可靠性和稳定性的严格要求，基于数字孪生的思想研究了一种在数字空间中通过采集现场数据和使用孪生模型安全认知进行异常检测和响应的方法。首先，通过对数字孪生建模方案进行分析，总结出4类建模方法并集成到多模块数字孪生（DT）架构中；然后，通过引入信号时序逻辑技术将不同孪生模型认知转化为标准的信号时序逻辑（STL）规范集，根据规范集对系统行为的监测实现异常检测，多源认知增加了检测结果的可靠性；最后，通过对违反STL规范集情况的分析实现异常定位，并通过对已知设备故障的分析设计相应STL弱规范实现异常分类，对异常的两方面响应有利于帮助系统恢复正常运行。案例研究表明，所提方法在异常检测和响应方面非常有效。将所提方法与基于深度学习的入侵检测系统进行对比，实验结果表明，所提方法在对异常情况的检测时检出率提高了25%~40.9%。

Abstract

Considering that traditional network security defense methods cannot meet the strict requirements of industrial Internet for reliability and stability

a method for anomaly detection and response in digital space was studied based on the idea of digital twins by collecting on-site data and using twin model security cognition. Firstly

four types of modeling methods were summarized and integrated into the multi module digital twin (DT) architecture by analyzing the digital twin modeling solutions. Secondly

the cognition of different twin models was transformed into a standard signal temporal logic (STL) specification set by introducing signal temporal logic technology

and anomaly detection was achieved by monitoring system behavior based on the specification set

by the reliability of detection results was increased. Finally

anomaly localization was achieved through the analysis of violations of the STL specification set

and corresponding STL weak specifications were designed through the analysis of known device faults to achieve anomaly classification. Two aspects of response to anomalies were beneficial for helping the system restore normal operation. The case study demonstrates that the effectiveness of the proposed method in anomaly detection and response. Comparing the proposed method with the intrusion detection system based on deep learning

the experimental results show that the detection rate of the proposed method increases by 25%~40.9% in detecting anomalies.

关键词

Keywords

references

刘奇旭 , 陈艳辉 , 尼杰硕 , 等 . 基于机器学习的工业互联网入侵检测综述 [J ] . 计算机研究与发展 , 2022 , 59 ( 5 ): 994 - 1014 .

LIU Q X , CHEN Y H , NI J S , et al . Survey on machine learning-based anomaly detection for industrial Internet [J ] . Journal of Computer Research and Development , 2022 , 59 ( 5 ): 994 - 1014 .

LANGNER R . Stuxnet: dissecting a cyberwarfare weapon [J ] . IEEE Security & Privacy , 2011 , 9 ( 3 ): 49 - 51 .

LEE R M . Analysis of the cyber attack on the Ukrainian power grid [J ] . Electricity Information Sharing and Analysis Center , 2016 , 388 ( 1-29 ): 3 .

PINTO A D , DRAGONI Y , CARCANO A . TRITON: The first ICS cyber attack on safety instrument systems [C ] // Proceedings of the Black Hat USA . Piscataway : IEEE Press , 2018 : 1 - 26 .

戴翔 , 倪浩杰 . 基于PPDRR模型可攻击溯源的新型安全管理平台的设计 [J ] . 网络安全技术与应用 , 2021 ( 6 ): 42 - 43 .

DAI X , NI H J . Design of a new security management platform based on PPDRR model and traceable attack [J ] . Network Security Technology & Application , 2021 ( 6 ): 42 - 43 .

DIBAJI S M , PIRANI M , FLAMHOLZ D , et al . A systems and control perspective of CPS security [J ] . Annual Reviews in Control , 2019 , 47 : 394 - 411 .

罗耀锋 . 面向工业控制系统的入侵检测方法的研究与设计 [D ] . 杭州 : 浙江大学 , 2013 .

LUO Y F . Research and design on intrusion detection methods for industry control system [D ] . Hangzhou : Zhejiang University , 2013 .

SONG J Y , PAUL R , YUN J H , et al . CNN-based anomaly detection for packet payloads of industrial control system [J ] . International Journal of Sensor Networks , 2021 , 36 ( 1 ): 36 - 49 .

LIU H P , ZHOU Z P , ZHANG M . Application of optimized bidirectional generative adversarial network in ICS intrusion detection [C ] // Proceedings of the 2020 Chinese Control and Decision Conference (CCDC) . Piscataway : IEEE Press , 2020 : 3009 - 3014 .

徐丽娟 , 王佰玲 , 杨美红 , 等 . 工业控制网络多模式攻击检测及异常状态评估方法 [J ] . 计算机研究与发展 , 2021 , 58 ( 11 ): 2333 - 2349 .

XU L J , WANG B L , YANG M H , et al . Multi-mode attack detection and evaluation of abnormal states for industrial control network [J ] . Journal of Computer Research and Development , 2021 , 58 ( 11 ): 2333 - 2349 .

张玫 , 曾彬 , 朱成威 . 工控系统安全监测及溯源系统的设计与实现 [J ] . 信息技术与网络安全 , 2019 , 38 ( 1 ): 14 - 19 .

ZHANG M , ZENG B , ZHU C W . Design and implementation of safety monitoring and traceability system for industrial control system [J ] . Cyber Security and Data Governance , 2019 , 38 ( 1 ): 14 - 19 .

ERIC V , SANKARAN M . Digital twin: generalization, characterization and implementation [J ] . Decision Support Systems , 2021 , 145 : 113524 .

ABBURU S , BERRE A J , JACOBY M , et al . COGNITWIN–hybrid and cognitive digital twins for the process industry [C ] // Proceedings of the 2020 IEEE International Conference on Engineering, Technology and Innovation (ICE/ITMC) . Piscataway : IEEE Press , 2020 : 1 - 8 .

KUBOTA T , HAMZEH R , XU X . STEP-NC enabled machine tool digital twin [J ] . Procedia CIRP , 2020 , 93 : 1460 - 1465 .

SNIJDERS R , PILEGGI P , BROEKHUIJSEN J , et al . Machine learning for digital twins to predict responsiveness of cyber-physical energy systems [C ] // Proceedings of the 2020 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems . Piscataway : IEEE Press , 2020 : 1 - 6 .

FRIEDERICH J , FRANCIS D P , LAZAROVA-MOLNAR S , et al . A framework for data-driven digital twins of smart manufacturing systems [J ] . Computers in Industry , 2022 , 136 : 103586 .

MALER O , NICKOVIC D . Monitoring temporal properties of continuous signals [C ] // International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems . Berlin : Springer , 2004 : 152 - 166 .

GAUTHAMA RAMAN M R , MUJEEB A C , ADITYA M . Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation [J ] . Cybersecurity , 2021 , 4 ( 1 ): 1 - 12 .

GRIEVES M W . Product lifecycle management: the new paradigm for enterprises [J ] . International Journal of Product Development , 2005 , 2 : 71 - 84 .

TUEGEL E , INGRAFFEA A , EASON T , et al . Reengineering aircraft structural life prediction using a digital twin [J ] . International Journal of Aerospace Engineering , 2011 , 2011 : 1 - 14 .

SAMIR K , MAFFEI A , ONORI M A . Real-Time asset tracking; a starting point for digital twin implementation in Manufacturing [J ] . Procedia CIRP , 2019 , 81 : 719 - 723 .

TAO F , ZHANG M . Digital twin shop-floor: a new shop-floor paradigm towards smart manufacturing [J ] . IEEE Access , 2017 , 5 : 20418 - 20427 .

XIE J , WANG X , YANG Z , et al . Virtual monitoring method for hydraulic supports based on digital twin theory [J ] . Mining Technology , 2019 , 128 ( 2 ): 77 - 87 .

GUIVARCH D , MERMOZ E , MARINO Y , et al . Creation of helicopter dynamic systems digital twin using multibody simulations [J ] . CIRP Annals , 2019 , 68 ( 1 ): 133 - 136 .

ECKHART M , EKELHART A , WEIPPL E . Enhancing cyber situational awareness for cyber-physical systems through digital twins [C ] // Proceedings of the 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) . Piscataway : IEEE Press , 2019 : 1222 - 1225 .

DIETZ M , VIELBERTH M , PERNUL G . Integrating digital twin security simulations in the security operations center [C ] // Proceedings of the 15th International Conference on Availability, Reliability and Security . New York : ACM Press , 2020 : 1 - 9 .

DIETZ M , SCHLETTE D , PERNUL G . Harnessing Digital Twin Security Simulations for systematic Cyber Threat Intelligence [C ] // Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC) . Piscataway : IEEE Press , 2022 : 789 - 797 .

VIELBERTH M , GLAS M , DIETZ M , et al . A digital twin-based cyber range for SOC analysts [C ] // Data and Applications Security and Privacy XXXV . Berlin : Springer , 2021 : 293 - 311 .

XU Q H , ALI S , YUE T . Digital twin-based anomaly detection in cyber-physical systems [C ] // Proceedings of the 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST) . Piscataway : IEEE Press , 2021 : 205 - 216 .

BIN M A , AMMAR H , VASOS V , et al . A blockchain-based data-driven fault-tolerant control system for smart factories in industry 4.0 [J ] . Computer Communications , 2023 , 204 : 158 - 171 .

覃姜 . 基于信号时序逻辑的运行时验证技术研究 [D ] . 广州 : 华南理工大学 , 2022 .

QIN J . Research on runtime verification based on signal temporal logic [D ] . Guangzhou : South China University of Technology , 2022 .

GOH J , ADEPU S , JUNEJO K N , et al . A dataset to support research in the design of secure water treatment systems [C ] // Critical Information Infrastructures Security: 11th International Conference . Berlin : Springer , 2017 : 88 - 99 .

ADEPU S , MATHUR A . An investigation into the response of a water treatment system to cyber attacks [C ] // Proceedings of the 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE) . Piscataway : IEEE Press , 2016 : 141 - 148 .

ADEPU S , MATHUR A . Distributed attack detection in a water treatment plant: method and case study [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 1 ): 86 - 99 .

DENG A L , HOOI B . Graph neural network-based anomaly detection in multivariate time series [J ] . arXiv Preprint , arXiv: 2106.06947 , 2021 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络异常检测中的流量表示研究

面向数字孪生的智慧校园研究与设计

高校综合服务数字孪生建模及智能风险评估

无等待与时隙映射复用结合的时间触发流调度方法

工业互联网流量分析技术综述