一种基于状态迁移图的工业控制系统异常检测方法  被引量:13

An Anomaly Detection Method for Industrial Control Systems via State Transition Graph

在线阅读下载全文

作  者:吕雪峰 谢耀滨[2] LV Xue-Feng;XIE Yao-Bin(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001;PLA Information Engineering University,Zhengzhou 450001)

机构地区:[1]数学工程与先进计算国家重点实验室,郑州450001 [2]解放军信息工程大学,郑州450001

出  处:《自动化学报》2018年第9期1662-1671,共10页Acta Automatica Sinica

摘  要:基于状态的工业控制系统入侵检测方法以其高准确率受到研究者的青睐,但是这种方法往往依赖专家经验事先定义系统的临界状态,且处理不了系统状态变量较多的情况.针对这一问题,提出一种新的基于状态迁移图的异常检测方法.该方法利用相邻数据向量间的余弦相似度和欧氏距离建立系统正常状态迁移模型,不需要事先定义系统的临界状态,并通过以下两个条件来判定系统是否处于异常:1)新的数据向量对应的状态是否位于状态迁移图内;2)前一状态到当前状态是否可达.文章建立了恶意数据攻击模型,并以田纳西–伊斯曼(Tennessee-eastman,TE)过程MATLAB模型作为仿真平台进行了仿真测试.仿真结果表明,该方法即使在系统遭受轻微攻击的情况下也有较好的检测结果,且消耗较少的时空资源.State-based intrusion detection method for industrial control system is favored owing to its high accuracy,but this kind of method often relies on some critical states defined by expert experience beforehand and cannot deal with systems containing a number of variables. To handle this problem, a new anomaly detection method based on state transition graph is proposed. The proposed method constructs a normal state transition model of the system depending on the cosine similarity and Euclidian distance between two adjacent data vectors without any predefined critical states,and can determine whether the system is in the normal state or not according to the following two conditions: 1) whether or not the current state calculated by the new data vector is in the state transition graph; 2) whether or not the previous state can reach the current state. To evaluate the method, a false data injection model is established and tested on a Tennessee-Eastman(TE) process simulated by MATLAB. The result shows that even when the attack is insensitive the method can still get good detection result and consume little time and space resource.

关 键 词:工业控制系统 状态迁移图 异常检测 田纳西–伊斯曼过程 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术] TP273[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象