摘要
工业控制系统近年来面临越来越多的网络攻击威胁。基于特征的攻击检测方法难以检测未知攻击,而基于异常的攻击检测方法一般忽略了攻击在时间上的关联性,影响准确性。提出一种基于信号时间序列概率的工控攻击检测技术,从概率角度对工控系统信号时间序列的异常进行建模并推导计算公式,给出基于贝叶斯网络的概率估计方法来减少计算开销,设计了基于信号序列概率异常的检测方法。对实际数据进行实验验证,结果表明该方案可以检测90%的攻击,同时正确分析出80%的攻击持续过程。
Nowadays industrial control system(ICS)is suffering increasing cyber attacks.The approach based on signature detection could not detect unknown attacks,and the approach based on anomaly detection usually ignores the association of the continuous attack series which would affect the accuracy.An ICS attack detection scheme using probabilistic estimation is proposed.Firstly model the anomaly of signal time series from the probabilistic perspective and deduce the equation to calculate the probability.Then present a probability estimation method to simplify the calculation.Finally design a detection scheme based on the anomaly of signal time series.Evaluate the method using a real-life dataset,and the results show that the method could detect 90%of the attacks and 80%of the duration of attacks.
作者
谢耀滨
常瑞
蒋烈辉
XIE Yaobin;CHANG Rui;JIANG Liehui(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2019年第4期432-437,共6页
Journal of Information Engineering University
基金
国家自然科学基金青年科学基金资助项目(61802431)。
关键词
工控系统
攻击检测
贝叶斯网络
时间序列分析
industrial control system
attack detection
Bayesian network
time series analysis
