基于入侵检测的信息物理系统攻击识别综述  被引量：7

作　　者：李沁雪 刘永桂[2] 黎善斌[2] 谢徐欢 任红卫 LI Qin-xue;LIU Yong-gui;LI Shan-bin;XIE Xu-huan;REN Hong-wei(School of Ship and Ocean Engineering,Guangzhou Maritime University,Guangzhou 510700,China;School of Automation Science and Engineering,South China University of Technology,Guangzhou 510640,China;School of Automation,Guangdong University of Petrochemical Technology,Maoming 525000,China)

机构地区：[1]广州航海学院船舶与海洋工程学院,广东广州510700 [2]华南理工大学自动化科学与工程学院,广东广州510640 [3]广东石油化工学院自动化学院,广东茂名525000

出　　处：《控制工程》2022年第6期1049-1057,共9页Control Engineering of China

基　　金：国家自然科学基金项目(62006052,61973128,61803108);广东省基础与应用基础研究基金项目(2021A1515011520);广东省自然科学基金资助项目(2019A1515011807);广州市科技计划资助项目(202102020663)。

摘　　要：信息物理系统(CPSs)的入侵检测与识别是工业、民生各系统深度网络化、信息化、智能化背景下衍生出的信息安全共性问题。在广泛调研大量国内外文献的基础上,针对CPSs的网络攻击,提出攻击识别的必要性,并综述了基于入侵检测的CPSs攻击识别的研究现状。首先,针对单一网络攻击,阐述并总结了基于入侵检测的攻击类型识别技术的研究意义和研究现状;其次,针对复杂隐身攻击,阐述并总结了复杂协同网络攻击下的攻击路径识别的研究现状;再次,针对数据注入式攻击,探讨并总结了集检测、位置识别和数据恢复于一体的攻击识别的优势和研究现状;最后,总结并探讨了基于入侵检测的CPSs攻击识别的现存若干问题,并对未来可能的研究发展趋势进行了展望。With the deep networking,informatization and intelligence of industry and people’s livelihood systems,intrusion detection and identification has become a common problem of information security in cyber-physical systems(CPSs).On the basis of a large number of domestic and foreign literatures,the necessity of attack identification for cyber-attacks is proposed,and the state-of-art of the attack identification based on intrusion detection in CPSs is reviewed in this paper.First of all,for the single type cyber-attack,the research significance and status of the attack type identification based on intrusion detection are elaborated and summarized.Secondly,the research status of the attack path identification under complex and cooperative stealth cyber-attacks is described and summarized.Thirdly,for the data injection attacks,the advantages and research status of the attack identification integrated with detection,location identification and data recovery are discussed and summarized.Finally,the existing problems of the attack identification based on intrusion detection in CPSs are discussed,and the possible research directions in future are expected.

关 键 词：信息物理系统 信息安全 入侵检测 攻击识别 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]