计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (1): 383-392.doi: 10.11896/jsjkx.231200083

• 信息安全 • 上一篇    下一篇

基于动态贝叶斯博弈的工业控制网络恶意接入检测研究

刘浩含, 陈泽茂   

  1. 武汉大学国家网络安全学院 武汉 430040
  • 收稿日期:2023-12-12 修回日期:2024-04-19 出版日期:2025-01-15 发布日期:2025-01-09
  • 通讯作者: 陈泽茂(chenzemao@whu.edu.cn)
  • 作者简介:(liuhaohan@whu.edu.cn)
  • 基金资助:
    国家重点研发计划(2022YFC3102805)

Study on Malicious Access Detection in Industrial Control Networks Based on Dynamic BayesianGames

LIU Haohan, CHEN Zemao   

  1. School of Cyber Science and Engineering,Wuhan University,Wuhan 430040,China
  • Received:2023-12-12 Revised:2024-04-19 Online:2025-01-15 Published:2025-01-09
  • About author:LIU Haohan,born in 1998,postgra-duate.His main research interest is Internet of Things security.
    CHEN Zemao,born in 1975,Ph.D,professor.His main research interests include information system security,trusted computing and equipment information security.
  • Supported by:
    National Key Research and Development Program of China(2022YFC3102805).

PDF (PC)

131

摘要: 针对工业控制网络(Industrial Control Network,ICN)远程接入场景下未经授权访问、拒绝服务攻击、欺骗攻击以及信息披露等安全问题,通过STRIDE威胁建模方法对该场景下的潜在威胁进行分析,提出一种基于动态贝叶斯博弈的接入检测框架。该方法能够将试图接入ICN的非法、恶意请求筛选出来并阻断,同时利用持续进行的多轮博弈迭代以及SDN灵活动态的特性对策略参数进行实时调整,以防止相同恶意接入源的再次访问。仿真实验结果表明,随着博弈轮数的增加,相比于现有的两类恶意接入防御方法,该框架的检测准确性提升了3%以上,假阳性比例下降了1.2%以上,检测效率提升了14.7%以上,且具有较好的鲁棒性。

关键词: 工业控制网络, 软件定义网络, 动态贝叶斯博弈, 恶意接入检测

Abstract: In view of security issues such as unauthorized access,denial of service attacks,spoofing attacks and information disclosure in the remote access scenario of industrial control network(ICN),the STRIDE threat modeling method is used to analyze the potential threats in this scenario.An access detection framework based on dynamic Bayesian game is proposed.This method can screen and block illegal and malicious requests trying to access the ICN.At the same time,it uses the continuous multiple rounds of game iterations and the flexible and dynamic characteristics of SDN to adjust the policy parameters in real time to prevent the same malicious access source from being accessing again.Simulation experimental results show that as the number of game rounds increases,compared with the existing two types of malicious access defense methods,the detection accuracy of this framework increases by more than 3%,the false positive rate decreases by more than 1.2%,the detection efficiency has improved by more than 14.7%,and it has good robustness.

Key words: Industrial control network, Software-defined network, Dynamic Bayesian game, Malicious access detection

中图分类号: 

  • TP393
[1]DORASWAMY B,KRISHNA K L.A Deep Learning Approach for Anomaly Detection in Industrial Control Systems[C]//2022 International Conference on Augmented Intelligence and Sustainable Systems(ICAISS).IEEE,2022:442-448.
[2]MUBARAK S,HABAEBI M H,ISLAM M R,et al.ICS cyber attack detection with ensemble machine learning and dpi using cyber-kit datasets[C]//2021 8th International Conference on Computer and Communication Engineering(ICCCE).IEEE,2021:349-354.
[3]YOUM S,KIM Y K,SHIN K S,et al.An authorized access attack detection method for realtime intrusion detection system[C]//2020 IEEE 17th Annual Consumer Communications & Networking Conference(CCNC).IEEE,2020:1-6.
[4]OUYANG Y,LI B,KONG Q,et al.FS-IDS:a novel few-shot learning based intrusion detection system for scada networks[C]//IEEE International Conference on Communications.IEEE,2021:1-6.
[5]FERDIANA R.Performance of Intrusion Detection SystemUsing Bagging Ensemble with SDN-BaseClassifier[C]//2022 IEEE 7th International Conference on Information Technology and Digital Applications(ICITDA).IEEE,2022:1-7.
[6]SEBOPELO R,ISONG B,GASELA N,et al.A review of intrusion detection techniques in the SDN environment[C]//2021 3rd International Multidisciplinary Information Technology and Engineering Conference(IMITEC).IEEE,2021:1-9.
[7]FERDIANA R.New Approach of Ensemble Method to Improve Performance of IDS using S-SDN Classifier[C]//2022 IEEE International Conference on Communication,Networks and Satellite(COMNETSAT).IEEE,2022:463-468.
[8]FAUSTO A,GAGGERO G,PATRONE F,et al.Reduction ofthe Delays Within an Intrusion Detection System(IDS) Based on Software Defined Networking(SDN)[J].IEEE Access,2022,10:109850-109862.
[9]BURCH Z C.Credential Theft Powered Unauthorized Login Detection through Spatial Augmentation[D].Virginia Tech,2018.
[10]KUNIMOTO M,OKUBO T.Analysis and Consideration of Detection Methods to Prevent Fraudulent Access by Utilizing Attribute Information and the Access Log History[J].Journal of Information Processing,2023,31:602-608.
[11]LIU P,LIU Y,WANG X,et al.Channel-state-based fingerprin-ting against physical access attack in industrial field bus network[J].IEEE Internet of Things Journal,2021,9(12):9557-9573.
[12]PASHAEI A,AKBARI M E,LIGHVAN M Z,et al.Improving the IDS performance through early detection approach in local area networks using industrial control systems of honeypot[C]//2020 IEEE International Conference on Environment and Electrical Engineering and 2020 IEEE Industrial and Commercial Power Systems Europe(EEEIC/I&CPS Europe).IEEE,2020:1-5.
[13]CHAVEZ A,LAI C,JACOBS N,et al.Hybrid intrusion detection system design for distributed energy resource systems[C]//2019 IEEE CyberPELS(CyberPELS).IEEE,2019:1-6.
[14]ZHANG Z X,ZONG X J,HE K,et al.Research on Abnormal Traffic Detection in Industrial Control Network Based on CVAE-CatBoost[J].Computer Engineering,2023,49(5):173-180.
[15]LI S M,ZHANG Y H,WANG Y H,et al.Semi-quantitative Information Industry Control Heterogeneous Network Security Assessment[J].Journal of Chinese Computer Systems,2024,45(5):1218-1227.
[16]NOBAKHT M,SIVARAMAN V,BORELI R.A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow[C]//2016 11th International Conference on Availability,Reliability and Security(ARES).IEEE,2016:147-156.
[17]ALI A,YOUSAF M M.Novel three-tier intrusion detection and prevention system in software defined network[J].IEEE Access,2020,8:109662-109676.
[18]SALAM R,BHATTACHARYA A.Performance evaluation of SDN architecture through D-ITG platform for distributed controller over single controller[C]//2021 12th International Conference on Computing Communication and Networking Techno-logies(ICCCNT).IEEE,2021:1-6.
[19]KAUR K,SINGH J,GHUMMAN N S.Mininet as software defined networking testing platform[C]//International Conference on Communication,Computing & Systems(ICCCS).2014:139-142.
[20]BADOTRA S,SINGH J.Open Daylight as a Controller for Software Defined Networking[J].International Journal of Advanced Research in Computer Science,2017,8(5):1105-1111.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发