Attack Detection and Location Using State Forecasting in Multivariate Time Series of ICS

IF 7.9 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2025-04-01 DOI:10.1109/TNSE.2025.3555764

Guoyan Cao;Yue Wu;Dengxiu Yu;Zhen Wang

引用次数: 0

Abstract

ICS (industrial control systems) security researches have paid a great effort on anomaly detection base on the analyzes of communication protocols, network dataflow, sensor time series. However, few research have been done to recognize cyber attacks as well as the localization, which make active security control impossible. Actually, to recognize cyber attacks is crucial for ICS security control. In this paper, we proposed a novel multivariate time series attack detection and location framework based on adaptive state space formulation and forecasting. To dynamically describe systems' state transition characteristics, a graph structure learning scheme was designed based on Attention mechanism. Furthermore, to achieve state forecasting of systems, an improved Kalman filter with Transformer mechanism was proposed. Experiments on datasets from real industrial scenario demonstrated the effectiveness, and proved that the proposed method achieved higher location accuracy than the state-of-the-art methods.

查看原文本刊更多论文

基于状态预测的ICS多变量时间序列攻击检测与定位

基于通信协议、网络数据流、传感器时间序列分析的异常检测是工业控制系统安全研究的重点。然而，对网络攻击的识别和定位的研究很少，这使得主动安全控制成为不可能。事实上，识别网络攻击对于ICS安全控制至关重要。本文提出了一种基于自适应状态空间表述和预测的多元时间序列攻击检测与定位框架。为了动态描述系统的状态转移特征，设计了一种基于注意机制的图结构学习方案。为了实现系统的状态预测，提出了一种基于变压器机制的改进卡尔曼滤波器。在真实工业场景数据集上的实验证明了该方法的有效性，并证明了该方法比现有方法具有更高的定位精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.