Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (1): 383-392.doi: 10.11896/jsjkx.231200083

• Information Security • Previous Articles     Next Articles

Study on Malicious Access Detection in Industrial Control Networks Based on Dynamic BayesianGames

LIU Haohan, CHEN Zemao   

  1. School of Cyber Science and Engineering,Wuhan University,Wuhan 430040,China
  • Received:2023-12-12 Revised:2024-04-19 Online:2025-01-15 Published:2025-01-09
  • About author:LIU Haohan,born in 1998,postgra-duate.His main research interest is Internet of Things security.
    CHEN Zemao,born in 1975,Ph.D,professor.His main research interests include information system security,trusted computing and equipment information security.
  • Supported by:
    National Key Research and Development Program of China(2022YFC3102805).

PDF (PC)

129

Abstract: In view of security issues such as unauthorized access,denial of service attacks,spoofing attacks and information disclosure in the remote access scenario of industrial control network(ICN),the STRIDE threat modeling method is used to analyze the potential threats in this scenario.An access detection framework based on dynamic Bayesian game is proposed.This method can screen and block illegal and malicious requests trying to access the ICN.At the same time,it uses the continuous multiple rounds of game iterations and the flexible and dynamic characteristics of SDN to adjust the policy parameters in real time to prevent the same malicious access source from being accessing again.Simulation experimental results show that as the number of game rounds increases,compared with the existing two types of malicious access defense methods,the detection accuracy of this framework increases by more than 3%,the false positive rate decreases by more than 1.2%,the detection efficiency has improved by more than 14.7%,and it has good robustness.

Key words: Industrial control network, Software-defined network, Dynamic Bayesian game, Malicious access detection

CLC Number: 

  • TP393
[1]DORASWAMY B,KRISHNA K L.A Deep Learning Approach for Anomaly Detection in Industrial Control Systems[C]//2022 International Conference on Augmented Intelligence and Sustainable Systems(ICAISS).IEEE,2022:442-448.
[2]MUBARAK S,HABAEBI M H,ISLAM M R,et al.ICS cyber attack detection with ensemble machine learning and dpi using cyber-kit datasets[C]//2021 8th International Conference on Computer and Communication Engineering(ICCCE).IEEE,2021:349-354.
[3]YOUM S,KIM Y K,SHIN K S,et al.An authorized access attack detection method for realtime intrusion detection system[C]//2020 IEEE 17th Annual Consumer Communications & Networking Conference(CCNC).IEEE,2020:1-6.
[4]OUYANG Y,LI B,KONG Q,et al.FS-IDS:a novel few-shot learning based intrusion detection system for scada networks[C]//IEEE International Conference on Communications.IEEE,2021:1-6.
[5]FERDIANA R.Performance of Intrusion Detection SystemUsing Bagging Ensemble with SDN-BaseClassifier[C]//2022 IEEE 7th International Conference on Information Technology and Digital Applications(ICITDA).IEEE,2022:1-7.
[6]SEBOPELO R,ISONG B,GASELA N,et al.A review of intrusion detection techniques in the SDN environment[C]//2021 3rd International Multidisciplinary Information Technology and Engineering Conference(IMITEC).IEEE,2021:1-9.
[7]FERDIANA R.New Approach of Ensemble Method to Improve Performance of IDS using S-SDN Classifier[C]//2022 IEEE International Conference on Communication,Networks and Satellite(COMNETSAT).IEEE,2022:463-468.
[8]FAUSTO A,GAGGERO G,PATRONE F,et al.Reduction ofthe Delays Within an Intrusion Detection System(IDS) Based on Software Defined Networking(SDN)[J].IEEE Access,2022,10:109850-109862.
[9]BURCH Z C.Credential Theft Powered Unauthorized Login Detection through Spatial Augmentation[D].Virginia Tech,2018.
[10]KUNIMOTO M,OKUBO T.Analysis and Consideration of Detection Methods to Prevent Fraudulent Access by Utilizing Attribute Information and the Access Log History[J].Journal of Information Processing,2023,31:602-608.
[11]LIU P,LIU Y,WANG X,et al.Channel-state-based fingerprin-ting against physical access attack in industrial field bus network[J].IEEE Internet of Things Journal,2021,9(12):9557-9573.
[12]PASHAEI A,AKBARI M E,LIGHVAN M Z,et al.Improving the IDS performance through early detection approach in local area networks using industrial control systems of honeypot[C]//2020 IEEE International Conference on Environment and Electrical Engineering and 2020 IEEE Industrial and Commercial Power Systems Europe(EEEIC/I&CPS Europe).IEEE,2020:1-5.
[13]CHAVEZ A,LAI C,JACOBS N,et al.Hybrid intrusion detection system design for distributed energy resource systems[C]//2019 IEEE CyberPELS(CyberPELS).IEEE,2019:1-6.
[14]ZHANG Z X,ZONG X J,HE K,et al.Research on Abnormal Traffic Detection in Industrial Control Network Based on CVAE-CatBoost[J].Computer Engineering,2023,49(5):173-180.
[15]LI S M,ZHANG Y H,WANG Y H,et al.Semi-quantitative Information Industry Control Heterogeneous Network Security Assessment[J].Journal of Chinese Computer Systems,2024,45(5):1218-1227.
[16]NOBAKHT M,SIVARAMAN V,BORELI R.A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow[C]//2016 11th International Conference on Availability,Reliability and Security(ARES).IEEE,2016:147-156.
[17]ALI A,YOUSAF M M.Novel three-tier intrusion detection and prevention system in software defined network[J].IEEE Access,2020,8:109662-109676.
[18]SALAM R,BHATTACHARYA A.Performance evaluation of SDN architecture through D-ITG platform for distributed controller over single controller[C]//2021 12th International Conference on Computing Communication and Networking Techno-logies(ICCCNT).IEEE,2021:1-6.
[19]KAUR K,SINGH J,GHUMMAN N S.Mininet as software defined networking testing platform[C]//International Conference on Communication,Computing & Systems(ICCCS).2014:139-142.
[20]BADOTRA S,SINGH J.Open Daylight as a Controller for Software Defined Networking[J].International Journal of Advanced Research in Computer Science,2017,8(5):1105-1111.
[1] GU Zhouchao, CHENG Guang, ZHAO Yuyu. Segmental Routing in Band Telemetry Method for Endogenous Secure Switches [J]. Computer Science, 2024, 51(5): 284-292.
[2] LI Chunjiang, YIN Shaoping, CHI Haotian, YANG Jing, GENG Haijun. DDoS Attack Detection Model Based on Statistics and Ensemble Autoencoders in SDN [J]. Computer Science, 2024, 51(11): 389-399.
[3] GENG Haijun, WANG Wei, ZHANG Han, WANG Ling. Routing Protection Scheme with High Failure Protection Ratio Based on Software-defined Network [J]. Computer Science, 2023, 50(9): 337-346.
[4] CHEN Ziqiang, XIA Zhengyou. Failure Recovery Model for Single Link with Congestion-Avoidance in SDN [J]. Computer Science, 2023, 50(4): 212-219.
[5] CHEN Gang, MENG Xiang-ru, KANG Qiao-yan, ZHAI Dong. vSDN Fault Recovery Algorithm Based on Minimum Spanning Tree [J]. Computer Science, 2022, 49(11A): 211200034-7.
[6] ZHOU Jian-xin, ZHANG Zhi-peng, ZHOU Ning. Load Balancing Technology of Segment Routing Based on CKSP [J]. Computer Science, 2020, 47(4): 256-261.
[7] ZHAO Jin-long, ZHANG Guo-min, XING Chang-you, SONG Li-hua, ZONG Yi-ben. Self-adaptive Deception Defense Mechanism Against Network Reconnaissance [J]. Computer Science, 2020, 47(12): 304-310.
[8] ZHANG Zhao, LI Hai-long, HU Lei, DONG Si-qi. Service Function Load Balancing Based on SDN-SFC [J]. Computer Science, 2019, 46(9): 130-136.
[9] ZHANG Fang, DENG Chang-lin, WANG Zhi and GUO Wei. Link Failure Detection and Fast Recovery in Software-defined Satellite Network [J]. Computer Science, 2017, 44(6): 63-67.
[10] LIU Lin and ZHOU Jian-tao. Review for Research of Control Plane in Software-defined Network [J]. Computer Science, 2017, 44(2): 75-81.
[11] JIANG Wei-wei, LIU Guang-jie and DAI Yue-wei. Design of Modbus TCP Industrial Control Network Protocol Abnormal Data Detection Rules Based on Snort [J]. Computer Science, 2015, 42(11): 212-216.
[12] HU Yi,YU Dong,LIU Ming-lie. Present Research and Developing Trends on Industrial Control Network [J]. Computer Science, 2010, 37(1): 23-27.
[13] . [J]. Computer Science, 2007, 34(5): 96-98.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.