The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.
Intrusion detection is essential for ensuring the security of industrial control systems. However, conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. In this study, we propose an industrial control intrusion detection approach based on a combined deep learning model for communication processes that use the Modbus protocol. Initially, the network packets are classified as carrying information and noncarrying information based on key fields according to the communication protocol used. Next, a template comparison approach is employed to detect the network packets that do not carry any information. Furthermore, an approach based on a GoogLeNet-long short-term memory model is used to detect the network packets that do carry information. This approach involves network packet sequence construction, feature extraction, and time-series level detection. Subsequently, the detected intrusions are classified into multiple categories through a Softmax classifier. A gas pipeline dataset of the Modbus protocol is used to evaluate the proposed approach and compare it with existing strategies. The accuracy, false-positive rate, and miss rate are 97.56%, 2.42%, and 2.51%, respectively, thus confirming that the proposed approach is suitable for intrusion detection in industrial control systems.
Traffic analysis and traffic abnormality detection are emerged as an efficient way of detecting network attacks in recent years. The existing approaches can be improved by introducing a new model and a new analysis method of network user's traffic behaviors. The description dimensions to network user's traffic behaviors in the current approaches are high, resulting in high processing complexity, high delay in differentiating an individual user's abnormal traffic behavior from massive network data, and low detection rate. To improve the detection rate and efficiency, we develop a new method of establishing user's traffic behavior analysis system based on a new model of network traffic monitoring.First, we establish a more complete feature set based on the characteristics of network traffic to describe massive network user's behaviors. Then, we define a feature selection rule based on the relative deviation distance to select the optimized feature set. We use the selected feature set to locate the abnormality moment and the users who produce the abnormal traffic behavior. Finally, a traffic behavior analysis method based on prediction is developed to improve efficiency of the system. This new method is applied to evaluate the mobile users on mobile cloud. The experimental results show that the proposed method has a higher detection rate and lower delay in the analysis of abnormal user's traffic behavior than that of the existing approaches.
Wireless sensor networks have become increasingly popular due to the rapid growth of the Internet of Things. As open wireless transmission mediums are easy to attack, security is one of the primary design concerns for wireless sensor networks. Current solutions consider routing and data encryption as two isolated issues, providing incomplete security. Therefore, in this paper we divide the WSN communication process into a data path selection phase and a data encryption phase. By proposing an improved transmission method based on ant colony optimization and threshold proxy re-encryption for wireless sensor networks,named as ACOTPRE, it resists internal and external attacks and ensures safe and efficient data transmission. In the data path selection stage, the ant colony optimization algorithm is used for network routing. The improvement of the pheromone concentration is proposed. In order to resist attacks from external attackers, proxy re-encryption is extended to WSN in the data encryption stage. The threshold secret sharing algorithm is introduced to generate a set of re-encryption key fragments composed of random numbers at the source node. We confirm the performance of our model via simulation studies.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.