摘要
针对城轨云平台边界数量多、边界安全防护薄弱的问题,分析了城轨云与工业控制网络协同交互过程,提出了一种面向城轨云平台边界安全防护的动态信任管理方法,包括异常行为识别、信任评估、信任更新、基于信任值的动态访问控制。根据城轨云的综合监控系统网络拓扑,分析了未经授权控制指令、违规控制指令、干扰正常控制指令三类异常行为。结果表明,所提出的动态信任管理方法能够有效抵御恶意节点发起的异常行为;对于不同节点、不同异常行为的信任值变化不同;符合“缓升快降”的规则,能够保障城轨云平台细粒度的边界安全防护。
To address the problem of numerous borders and weak border protection in metro cloud platform,the collaborative interaction between the cloud and the industrial control network is analyzed,and a dynamic trust management method for border security protection of metro cloud platform is proposed.The method consists of abnormal behavior recognition,trust evaluation,trust updating,and trust-based dynamic access control.Based on the network topology of metro cloud-based integrated supervisory control system,three kinds of abnormal control commands are simulated,i.e.,unauthorized control commands,nonconforming nonconforming control commands,and interference with normal control commands.The results show that the proposed method can effectively resist abnormal control commands initiated by malicious nodes.The changes in trust values vary for different nodes and different types of misbehaviors following the rule of“slow rise and fast fall”,thus ensuring fine-grained boundary protection for the metro cloud platform.
作者
张雷
徐倩
何积丰
曾小清
宁正
ZHANG Lei;XU Qian;HE Jifeng;ZENG Xiaoqing;NING Zheng(College of Transportation Engineering,Tongji University,Shanghai 201804,China;Shanghai Research Institute for Intelligent Autonomous Systems,Tongji University,Shanghai 201810,China)
出处
《同济大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2024年第2期157-165,F0002,共10页
Journal of Tongji University:Natural Science
基金
国家自然科学基金资助项目(52172329)
国家重点研发计划资助项目(2022YFB4300501)
上海市科委资助项目(23DZ2204900)。
关键词
信任管理
城轨云
边界安全防护
异常控制指令
trust management
metro cloud
border security protection
abnormal control commands