Characteristic insights on industrial cyber security and popular defense mechanisms

Wan, Ming; Li, Jiawei; Liu, Ying; Zhao, Jianming; Wang, Jiushuang

doi:10.23919/jcc.2021.01.012

Cited by 13 publications

(4 citation statements)

References 118 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As one feasible application-level security technology, industrial anomaly detection has received extensive attention and study, and it is mainly classified into two categories: traditional anomaly detection and ML-based (Machine Learning-based) anomaly detection [15,16]. Furthermore, one typical example of traditional anomaly detection is to identify abnormal communication behaviors by using the statistical-based or knowledge-based detection approach, which seems to have fine availability and robustness due to its straightforward feature extraction and simplified engine design [17,18].…”

Section: Introductionmentioning

confidence: 99%

Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine

Wan,

Hao,

et al. 2023

CMC

View full text Add to dashboard Cite

The process control-oriented threat, which can exploit OT (Operational Technology) vulnerabilities to forcibly insert abnormal control commands or status information, has become one of the most devastating cyber attacks in industrial automation control. To effectively detect this threat, this paper proposes one functional patternrelated anomaly detection approach, which skillfully collaborates the BinSeg (Binary Segmentation) algorithm with FSM (Finite State Machine) to identify anomalies between measuring data and control data. By detecting the change points of measuring data, the BinSeg algorithm is introduced to generate some initial sequence segments, which can be further classified and merged into different functional patterns due to their backward difference means and lengths. After analyzing the pattern association according to the Bayesian network, one functional state transition model based on FSM, which accurately describes the whole control and monitoring process, is constructed as one feasible detection engine. Finally, we use the typical SWaT (Secure Water Treatment) dataset to evaluate the proposed approach, and the experimental results show that: for one thing, compared with other changepoint detection approaches, the BinSeg algorithm can be more suitable for the optimal sequence segmentation of measuring data due to its highest detection accuracy and least consuming time; for another, the proposed approach exhibits relatively excellent detection ability, because the average detection precision, recall rate and F1-score to identify 10 different attacks can reach 0.872, 0.982 and 0.896, respectively.

show abstract

Section: Introductionmentioning

confidence: 99%

Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine

Wan,

Hao,

et al. 2023

CMC

View full text Add to dashboard Cite

show abstract

“…MEC is defined as providing IT service environment and cloud computing capability at the edge of mobile network [1][2][3][4][5][6][7][8][9]. In the view of the service providers, the network is actually divided into three parts: wireless access network, mobile core network, and application network.…”

Section: Introductionmentioning

confidence: 99%

On Improving the Robustness of MEC with Big Data Analysis for Mobile Video Communication

Zhao

Zeng

Liu

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Mobile video communication and Internet of Things are playing a more and more important role in our daily life. Mobile Edge Computing (MEC), as the essential network architecture for the Internet, can significantly improve the quality of video streaming applications. The mobile devices transferring video flow are often exposed to hostile environment, where they would be damaged by different attackers. Accordingly, Mobile Edge Computing Network is often vulnerable under disruptions, against either natural disasters or human intentional attacks. Therefore, research on secure hub location in MEC, which could obviously enhance the robustness of the network, is highly invaluable. At present, most of the attacks encountered by edge nodes in MEC in the IoT are random attacks or random failures. According to network science, scale-free networks are more robust than the other types of network under the random failures. In this paper, an optimization algorithm is proposed to reorganize the structure of the network according to the amount of information transmitted between edge nodes. BA networks are more robust under random attacks, while WS networks behave better under human intentional attacks. Therefore, we change the structure of the network accordingly, when the attack type is different. Besides, in the MEC networks for mobile video communication, the capacity of each device and the size of the video data influence the structure significantly. The algorithm sufficiently takes the capability of edge nodes and the amount of the information between them into consideration. In robustness test, we set the number of network nodes to be 200 and 500 and increase the attack scale from 0% to 100% to observe the behaviours of the size of the giant component and the robustness calculated for each attack method. Evaluation results show that the proposed algorithm can significantly improve the robustness of the MEC networks and has good potential to be applied in real-world MEC systems.

show abstract

“…However, information security problems in no matter what type of cyberphysical systems or social networks emerge rapidly and extensively, and the corresponding security incidents also occur repeatedly [4,5]. As a consequence, IIoT is facing more and more severe challenges of information security [6][7][8][9], and it may suffer from greater risks than traditional IoT. In particular, one integrated IIoT system always consists of thousands of sensor nodes, which ensure interconnection and interoperability by using some specific wireless communication protocols.…”

Section: Introductionmentioning

confidence: 99%

“…The main causes involve the following two aspects: on the one hand, most IIoT devices only have low power and limited system resources, and the security add-ons may decrease their work performance by performing the higher or lower computational costs of security operations [20]; on the other hand, IIoT is usually designed to serve industrial control systems, whose requirements on high availability and reliability may be not completely satisfied because of the inefficient adaption between the original system design and some added security services. Differently, anomaly detection in IIoT systems can be widely regarded as a feasible and effective measure to identify unexpected industrial activities [8,[21][22][23], because it can scarcely affect industrial availabilities and real-time requirements by using the bypass monitoring. However, the sensing data in distributed IIoT networks has some special characteristics of sparsity, statefulness, and correlation.…”

Section: Introductionmentioning

confidence: 99%

Anomaly Detection Collaborating Adaptive CEEMDAN Feature Exploitation with Intelligent Optimizing Classification for IIoT Sparse Data

Zhao

Zeng

Wan

et al. 2021

Wireless Communications and Mobile Computing

Self Cite

View full text Add to dashboard Cite

IIoT (Industrial Internet of Things) has gained considerable attention and has been increasingly applied due to its ubiquitous sensing and communication. However, the sparse characteristic of sensing data in distributed IIoT networks may bring out tremendous challenges to implement the security protection measures. Based on the design of centralized data gathering and forwarding, this paper proposes a novel anomaly detection approach for IIoT sparse data, which can successfully collaborate the adaptive CEEMDAN (Complete Ensemble Empirical Mode Decomposition with Adaptive Noise) feature exploitation with one intelligent optimizing classification. Furthermore, in the adaptive CEEMDAN feature exploitation, the CEEMDAN energy entropy based on adaptive IMF (Intrinsic Mode Function) selection is designed to extract the sensing features from IIoT sparse data; in the intelligent optimizing classification, one effective OCSVM (One-Class Support Vector Machine) classifier optimized by the IABC (Improved Artificial Bee Colony) swarm intelligence algorithm is introduced to detect various abnormal sensing features. The experimental results show that, not only does the CEEMDAN energy entropy based on adaptive IMF selection accurately describe the change of industrial production by analyzing the probability distribution and energy distribution of sparse sensing data, but also the proposed IABC-OCSVM classifier has higher detection efficiency compared with the OCSVM classifiers optimized by other swarm intelligence algorithms.

show abstract

Characteristic insights on industrial cyber security and popular defense mechanisms

Cited by 13 publications

References 118 publications

Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine

Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine

On Improving the Robustness of MEC with Big Data Analysis for Mobile Video Communication

Anomaly Detection Collaborating Adaptive CEEMDAN Feature Exploitation with Intelligent Optimizing Classification for IIoT Sparse Data

Contact Info

Product

Resources

About