基于扩展信念规则库的工业控制系统在线入侵检测方法

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Information Security Pub Date : 2024-04-26 DOI:10.1007/s10207-024-00845-9

Guangyu Qian, Jinyuan Li, Wei He, Wei Zhang, You Cao

{"title":"基于扩展信念规则库的工业控制系统在线入侵检测方法","authors":"Guangyu Qian, Jinyuan Li, Wei He, Wei Zhang, You Cao","doi":"10.1007/s10207-024-00845-9","DOIUrl":null,"url":null,"abstract":"<p>Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model’s adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"14 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An online intrusion detection method for industrial control systems based on extended belief rule base\",\"authors\":\"Guangyu Qian, Jinyuan Li, Wei He, Wei Zhang, You Cao\",\"doi\":\"10.1007/s10207-024-00845-9\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model’s adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"14 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00845-9\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00845-9","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

工业控制系统（ICS）中的入侵检测对于维护物理信息系统的安全至关重要。然而，现有模型主要依赖于黑盒方法，在结果可信度和适应复杂多变环境的能力方面存在局限性。因此，本文提出了一种在线可更新扩展信念规则库模型（O-EBRB），用于工业控制系统的入侵检测。首先，建立了一个植根于扩展信念规则库（EBRB）的工业入侵检测模型。该模型能同时处理定量和定性数据，确保其结果的可靠性。随后，提出了一种新颖的基于领域的规则更新方法，用于整合新的观测数据。通过将新数据纳入或合并到原始模型中，增强了模型在动态环境中的适应性。最后，采用基于领域的规则权重计算方法，即使规则不断扩展，模型也能继续有效地计算模型参数。通过在两个真实世界的工业入侵检测数据集上进行大量实验，结果证明了所提出的模型在处理信息方面的有效性及其在动态环境中的鲁棒性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

An online intrusion detection method for industrial control systems based on extended belief rule base

查看原文本刊更多论文

An online intrusion detection method for industrial control systems based on extended belief rule base

Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model’s adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.