Argus:基于多源数据驱动的工控安全态势感知系统  

作　　者：朱天晨 赵军[3] 李博[1,2,4] 李建欣 ZHU Tianchen;ZHAO Jun;LI Bo;LI Jianxin(School of Computer Science and Engineering,Beihang University,Beijing 100191,China;Beijing Advanced Innovation Center for Big Data and Brain Computing,Beijing 100191,China;School of Information Science and Engineering,Shandong Normal University,Jinan 250358,China;Zhongguancun Laboratory,Beijing 100191,China)

机构地区：[1]北京航空航天大学计算机学院,北京100191 [2]北京市大数据与脑机智能高精尖中心(北京航空航天大学),北京100191 [3]山东师范大学信息科学与工程学院,山东济南250358 [4]中关村实验室,北京100191

出　　处：《大数据》2023年第4期98-115,共18页Big Data Research

基　　金：国家自然科学基金资助项目(No.U20B2053)。

摘　　要：工业控制(工控)系统是国家工业制造与民用基础设施的“大脑”,近年来安全风险日益突出,已成为网络安全中的重点防护目标。针对工控安全数据分散、威胁感知滞后的问题,设计了多源数据驱动的工控安全态势感知系统Argus,提出了工控安全感知链,研发了无状态极速设备扫描、威胁情报精准提取、可疑攻击行为检测等工控安全态势自主感知技术,实现了多通道、立体式工控安全监测与态势感知。实验结果显示,相比传统工控安全态势感知方法,Argus系统的感知精度提升超过10%,效率提升两个数量级,并可前摄性地预警、缓解潜在安全风险。Industrial control system(ICS)is the brain of national industrial manufacturing and civil infrastructure.However,the security risks associated with ICS have become increasingly prominent,making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically,the paper presented a multi-source data-driven ICS security situational awareness system named Argus,which incorporated an awareness chain for ICS security.Furthermore,the paper developed autonomous situational awareness technologies for ICS security,such as stateless high-speed device scanning,precise threat intelligence extraction,and suspicious attack behavior detection,to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that,compared with conventional ICS situational awareness methods,the perception accuracy of the Argus system has improved by over 10%,with efficiency improvements by two orders of magnitude.Additionally,Argus allows for proactive warning and mitigation of potential security risks.

关 键 词：工业控制系统 多源数据融合 态势感知 威胁情报 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]