摘要
目前,工业控制系统(industrial control system, ICS)面临巨大的信息安全威胁,针对ICS的异常检测技术成为该领域的研究重点.近年来ICS的数据规模增大,但是异常运行数据样本依然缺失,异常检测系统也难以实时获取ICS运行数据,增加了ICS的异常检测难度.为此,基于数字孪生技术,提出数字孪生驱动的工控系统异常检测框架,借助数字孪生技术的一致性、实时性和可视化效果,解决当前异常检测的瓶颈问题.首先设计面向异常检测的数字孪生模块,利用数字孪生中虚拟实体与物理实体的模型一致性模拟异常数据,解决异常样本难获取的问题.随后设计攻击状态下的ICS异常检测模块,结合数字孪生模块的实时交互数据实现在线异常检测.最后以双容水箱控制系统为实验对象,综合运用WinCC,Unity3D,MySQL等开发环境,通过实验验证了该方法的可行性与有效性.
In recent years, the industrial control system(ICS) has been facing a huge threat of information security. the anomaly detection technology for ICS has become a research focus in this field. Meanwhile, the amount of data collected by ICS has increased sharply. However, the anomaly operation data sample is still missing. The anomaly detection system is difficult to obtain ICS operation data in real-time, which increases the difficulty of ICS anomaly detection. Therefore, based on the digital twin technology, the digital twin-driven anomaly detection framework for the industrial control system is proposed. To get the anomaly sample, the digital twin module for anomaly detection is designed using digital twins’ virtual and reality consistency. Then, the anomaly detection module in the attack state is designed to realize online anomaly detecting combined with the real-time interactive data of digital twins. Finally, taking the double tank control system as the experimental object, the feasibility and effectiveness of the proposed method are verified by experiments using WinCC, Unity3 D, MySQL, and other development environments.
作者
徐博
杜鑫
周纯杰
Xu Bo;Du Xin;Zhou Chunjie(School of Artificial Intelligence and Automation,Huazhong University of Science and Technology,Wuhan 430074)
出处
《信息安全研究》
2022年第6期578-585,共8页
Journal of Information Security Research
基金
国家自然科学基金项目(62127808)。
关键词
工业控制系统
异常检测
数字孪生
长短期记忆模型
双容水箱控制系统
industrial control system
anomaly detection
digital twin
long short term memory model
double tank control system
