CN106778210A - A kind of industrial control system functional safety verification method based on immunological learning - Google Patents

A kind of industrial control system functional safety verification method based on immunological learning Download PDF

Info

Publication number
CN106778210A
CN106778210A CN201611169479.7A CN201611169479A CN106778210A CN 106778210 A CN106778210 A CN 106778210A CN 201611169479 A CN201611169479 A CN 201611169479A CN 106778210 A CN106778210 A CN 106778210A
Authority
CN
China
Prior art keywords
behavior
industrial control
control
industry control
functional safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611169479.7A
Other languages
Chinese (zh)
Other versions
CN106778210B (en
Inventor
刘单丹
赵勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Wonderful Technology Co Ltd
Original Assignee
Chengdu Wonderful Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Wonderful Technology Co Ltd filed Critical Chengdu Wonderful Technology Co Ltd
Priority to CN201611169479.7A priority Critical patent/CN106778210B/en
Publication of CN106778210A publication Critical patent/CN106778210A/en
Application granted granted Critical
Publication of CN106778210B publication Critical patent/CN106778210B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of industrial control system functional safety verification method based on immunological learning, comprise the following steps:A, the behavior parametric data for obtaining Industry Control, including using offline by the way of ring test industrial control module;B, according to behavior parametric data, mould the security criteria pattern base of multiple dimensioned lower Industry Control;C, by security criteria pattern base recognize exception control behavior;D, abnormal behaviour pattern database is constructed based on exception control behavior;It does not rely on the prior information such as normal parsing rule and abnormal darkened features, and on the premise of not grasping the specific defect origin cause of formation, feature and its utilizing details, subordinate act the performance accurate lockout failure of aspect and hidden danger significantly reduce functional safety risk.

Description

A kind of industrial control system functional safety verification method based on immunological learning
Technical field
Field is ensured the present invention relates to industrial control system functional safety, and in particular to a kind of industry based on immunological learning Control system functional safety verification method.
Background technology
Industrial control system is the important component of national critical infrastructures, is related to the strategic security of country. Under the transition and upgrade of the industry just background as global economic development new round focus of the competition, " the manufacturing industry recurrence " in the U.S., moral " industry 4.0 " of state, and " made in China 2025 " of China is strategic, expresses same content with all playing the same tune on different musical instruments:Use thing The technologies such as connection perception, cloud computing, big data, industry interconnection lead the change of industrial mode of production, pull the innovation of industrial economy Development.So far, control system has been pulled open with the curtain of information technology depth integration, with industrial process such as electric power, the energy, traffic Monitoring also just experiencing a unprecedented transition with the industrial control system for being controlled to core and changing, intelligent, network Change, serviceization, integrated as irreversible trend trend, the feature being presented as in terms of three below is changed in its evolution:One It is specificity to versatility evolution.Industrial control system along with IT technologies development, and it is a large amount of use the general software and hardwares of IT, Such as PC, operating system, Database Systems, Ethernet, ICP/IP protocol;Two is closure to explorative evolution.Internet, thing The development of networking technology, industrialization and information-based depth integration, make industrial control system no longer be an independent system.Three is hard Part type is to software-type evolution.Industrial control system is by mechanization, electrification, electronization towards the continuous evolution in the intelligentized direction of software. I.e. industrial control system constantly by firmly to soft in evolution.
The Technology Ways selection of industrial control system functional safety checking:
" power " is not from the heart.Principle of products closing, the omission of code document privacy, development teams, software of the third party dependence are modern The common problem of industrial control field, thus causes existing control system and its equipment quality safeguard technology to tackle certainly There are the known fault and risk of brand.Inter-trade, the parsing of straddle mounting standby host rationality mode is difficult to effectively obtain General Electric, west gate The support of the industry control market mainstream such as son, Schneider company, let alone collect control data innovation of the development based on prior information Type Initiative Defense.Typical Representative includes the Predix platforms of General Electric and the Sinalytics platforms of Siemens etc..
" anti-" is unequal to preventing.At present, industrial system dispose to be formed with technical grade fire wall, anti-virus, anti-tamper, anti-refusal It is the security system of core with intrusion prevention, is based on " anti-", passive type to resolve safely thinking.However, " anti-" is unequal to It is anti-, activeization, dynamic cannot be tackled at all with the darkened features such as " illegal ", "abnormal", " malice " as testing goal security monitoring Formula, the cyberspace of polytropy are attacked.Typical Representative includes that Venus InfoTech's industry control vulnerability scanning system and the logical industry control of remarkable letter enter Invade system of defense etc..
" name " is not inconsistent reality.For industry PC, HMI, operator and engineer station and WEB server and database service The white list of the white list of the processes such as device service, industrial system accesses control list and user's assets, simply on paper Certification discriminating is given its identity qualification, and in actual industrial process, has failed that its behavioral function is verified and checked Core." name " is not inconsistent real risk hidden danger so that traditional industrial system safety guarantee performs practically no function.Typical Representative includes that extra large day is bright Industry technical grade fire wall and 30 bodyguard's industry control safety monitoring systems etc..
The content of the invention
In order to solve the above-mentioned technical problem the present invention provides a kind of industrial control system functional safety based on immunological learning Verification method, it does not rely on the prior information such as normal parsing rule and abnormal darkened features, do not grasp the specific defect origin cause of formation, On the premise of feature and its utilization details, subordinate act the performance accurate lockout failure of aspect and hidden danger significantly reduce functional safety wind Danger.
The present invention is achieved through the following technical solutions:
A kind of industrial control system functional safety verification method based on immunological learning, comprises the following steps:
A, using the behavior parametric data for obtaining Industry Control by the way of ring test industrial control module offline;
B, according to behavior parametric data, mould the security criteria pattern base of multiple dimensioned lower Industry Control;
C, by security criteria pattern base recognize exception control behavior;
D, abnormal behaviour pattern database is constructed based on exception control behavior.
This method is driven by the behavior big data of industrial control module off-line test and moulds security criteria pattern base, is realized Initiative Defense, abnormal behaviour pattern database is constructed with the abnormal behaviour example set study of defect inducing, is produced and is evolved selection seemingly Defect immune antibody library, by security criteria pattern base and the double factor Combining diagnosis of abnormal behaviour pattern database, promote The standard compliance identification of control function under each yardstick, improves the security of industrial control system.Using the above method, based on big The offline behavior parametric data of amount directly constructs security criteria pattern base, does not rely on normal parsing rule and abnormal darkened features Etc. prior information, on the premise of not grasping the specific defect origin cause of formation, feature and its utilizing details, multiple dimensioned lower Industry Control is constructed Security criteria pattern base, subordinate act performance the accurate lockout failure of aspect and hidden danger, significantly reduce functional safety risk.
Step B is specially:
B1, according to behavior parametric data, using the method reconstruct data point built based on Bayesian network with probability inference Cloth vestige;
B2, with reference to the built-in actual industry control Obj State of every industry control industrial process example, with pca method mistake Examples translating the embarking on journey of Cheng Bianqian is functional mode;With reference to the built-in actual industry control job instruction of every industry control operation process example, It is with pca method etc. that Noumenon property is examples translating into treatment service model;
B3, foundation behavioral function model and treatment service model, with graphic symbolic expression industry control access and operation process Information flow form, formed security criteria pattern base.
Further, step B1 is specially:
B1-1, the interdependence effects degree sequence in behavior parametric data according to each variable to its dependent variable, to other Variable influence it is maximum come the 1st, at first into networking step, the networking stage each variable iteratively from having been enter into shellfish Being searched in the variable of leaf this network can increase the node of present score and add father node set, until full score is not further added by;
B1-2, the probability inference for for every incomplete behavior parametric data be based on Bayesian network, find out institute There are candidate value and its relative probability, filled as AFR control using the candidate value of maximum probability.
Further, building behavioral function model specific method based on pca method in step B2 is:
B2-1-1, by under nominal situation Industry Control Obj State performance data set transformation be average be 0, variance is 1 Standard data set;
B2-1-2, industry control access process principal component model is set up by above-mentioned standard data set, extract pivot;
B2-1-3, the statistic for calculating standard data set industry control access process principal component model and corresponding control limit.
Further, building treatment service model specific method based on pca method in step B2 is:
B2-2-1, by the industrial control module behavior command data set transformation under nominal situation be average be 0, variance is 1 Standard data set;
B2-2-2, industry control operation process principal component model is set up by above-mentioned standard data set, extract pivot;
Further, the discrimination method in step C is specially:
C-1, the standard compliance identification that control function under each yardstick is promoted with security criteria pattern base, by pivot analysis Whether method can occur from performance aspect identification abnormal behaviour tendency;
C-2, for exception control behavior, if can determine that its defect using cluster class belong to, lock this illness behavior;If nothing Method judgement, then be transferred to step D.
Further, the method from performance aspect identification abnormal behaviour tendency in step C-1 is specially:
C-1-1, quantitation status and appearance behavior parametric data is obtained online, and be standardized;
C-1-2, to standard data set difference Counting statistics amount Hotelling's T2With square prediction error SPE, monitoring The control whether its value exceedes normal condition is limited, if not transfiniting, repeat step C-1-1, if transfiniting, into step C-1-3;
C-1-3, each variable is calculated to Hotelling's T2The contribution of statistic and square prediction error SPE statistics Rate, the maximum variable of contribution rate is exactly the variable that may cause failure.
Further, step D is specially:
D-1, that support network and system simulation reappearance high, user behavior duplication, resource are built using computer technology is automatic The industry control honey net isolated with release, Environmental security with controlled exchange is configured, illness behavior is traped;
D-2, clear and definite defect utilize mechanism on the premise of, using under characteristic relation rough set construct decision tree, excavate Priori darkened features, construct abnormal behaviour pattern database.
The method that step D-2 constructs abnormal behaviour pattern database is specially:
D-2-1, call the Cloud transform algorithm based on Peak Intensity Method come in discretization behavior parametric data all continuous types belong to Property, obtain new behavior parametric data collection;
D-2-2, for new behavior parametric data collection, calculate each conditional attribute relative to decision attribute each division The degree of approximation up and down of set and the weighted mean roughness of each conditional attribute;
The minimum attribute B of weighted mean roughness is with B as current split vertexes under D-2-3, selection characteristic relation Root constructs decision tree, i.e., to each value of B, can obtain a sample branch Q;
D-2-4, for each sample branch Q, if he is not reaching to leaf node, continue repeat step D-2-2.
The present invention compared with prior art, has the following advantages and advantages:
The present invention is driven by the behavior big data of industrial control module off-line test and moulds security criteria pattern base, is realized Initiative Defense, abnormal behaviour pattern database is constructed with the abnormal behaviour example set study of defect inducing, is produced and is evolved selection seemingly Defect immune antibody library, by security criteria pattern base and the double factor Combining diagnosis of abnormal behaviour pattern database, promote The standard compliance identification of control function under each yardstick, improves the security of industrial control system.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding the embodiment of the present invention, constitutes of the application Point, do not constitute the restriction to the embodiment of the present invention.In the accompanying drawings:
Fig. 1 is flow chart of the method for the present invention.
Fig. 2 is the offline theory diagram in ring test industrial control module of the invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, with reference to embodiment and accompanying drawing, to this Invention is described in further detail, and exemplary embodiment of the invention and its explanation are only used for explaining the present invention, do not make It is limitation of the invention.
Embodiment 1
A kind of industrial control system functional safety verification method based on immunological learning, comprises the following steps:
A, using the behavior parametric data for obtaining Industry Control by the way of ring test industrial control module offline;
B, according to behavior parametric data, mould the security criteria pattern base of multiple dimensioned lower Industry Control;
C, in actual industrial control process, by security criteria pattern base recognize exception control behavior;
D, abnormal behaviour pattern database is constructed based on exception control behavior.
The present invention is limited to open mechanism and known fault bar for existing industrial control system functional safety verification method Implement the defect of diagnosis under part, exploration does not rely on the innovative security mechanism of mechanism analytic modell analytical model and priori fault mode, hair Exhibition sets up risk controllable type industrial control system based on closure principle component and faulty components of hiding, and the system is to the controllable of risk With endogenous and acquired.The security criteria pattern of Industry Control is built with the substantial amounts of behavior parametric data of controlled device Storehouse, support solves the problems, such as functional safety;And the generation of substantial amounts of behavior parametric data, based on being manufactured in ring test offline, and The Monitoring Data that non-dependent is showed in presence.Monitor on-line obtain data cannot often correspond to specific behaviour, Noise is too many;Additionally, also cannot be distinguished by normal behaviour performance data or abnormal behaviour performance data, it is too difficult to mark.
Embodiment 2
The present embodiment is specifically refined on the basis of embodiment 1 to each step.
, it is necessary to operation process and industry control access process to industrial control system carry out Formal Representation before step A is carried out:
One is to launch access function explanation:Implement front and rear original state by clearly defining controlled device, Industry Control And final state, and implement during state change each crucial intermediateness, illustrate the particular row of industry control access process It is function;Using behavioral function as the entity for carrying industry control access process, controlled device state is followed logic as inter-entity The information of flowing.
Two is evolutionary operation function declaration:Using servicing as the entity for carrying industry control operation process for processing information, tune The function porxy of degree treatment service follows industry control job instruction as inter-entity the letter of logic flows as behavioral function role Breath.
Three is to draw industry control information flow chart:With the information in the graphic symbolic expression industry control access of standardization and operation process Nowed forming;It is considered as an information input output unit i.e. IPO units with each entity in job information flow graph accessing, in detail Describe input information source, the input information content, output information flow direction, output information content of the bright unit etc. in detail.
In step A, specifically can launch hardware-in-loop simulation around industrial control module and drive test, offline process industry The behavior parameter big data of control.
In step, mainly include in ring test offline:A1, define in industrial control system there is common accreditation granularity , carry homogeneity functional characteristic referable level component;In industrial control field, generally there are two class referable level assemblies especially to cause Concern, i.e.,:Computation module and communication component;A2, to support testing tool to call, cycle tests generation, test model emulation Monitoring platform, off-line type hardware-in―the-loop test is launched around industrial control module, manufactures behavior parameter big data.As shown in Fig. 2 Monitoring platform includes three functional parts:Main control computer, bus instrument observing and controlling combination, signal condition and switching device.Wherein Main control computer provides exploitation and the running environment of test executive, and controls surveying instrument to complete by controlling bus The execution of test executive, fetch test data.Bus instrument observing and controlling combination in mainly include modular testing measuring instrument, All kinds of controlling switches, communication bus etc..Signal condition mainly includes all kinds of measurements with switching device and encourages turning for control signal Connect and be adapted to.
The behavior parametric data of a large amount of Industry Control behaviors instantiation based on step A collections, the endogenous immunization machine of modeling System, moulds security criteria pattern base as mechanism is approached, and specifically includes following steps:
B1, according to behavior parametric data, using the method reconstruct data point built based on Bayesian network with probability inference Cloth vestige, the data distribution vestige of reconstruct, mainly for the purpose of ensuring the modeling of behavior example, the validity of functional structure modeling, It is incomplete inclined with model with data caused by avoiding test blindspot and measurement breakpoint the complete polishing of necessary industrial process data Lean on;
B2, with reference to the built-in actual industry control Obj State of every industry control industrial process example, with pca method mistake Examples translating the embarking on journey of Cheng Bianqian is functional mode;With reference to the built-in actual industry control job instruction of every industry control operation process example, It is with pca method etc. that Noumenon property is examples translating into treatment service model;
B3, foundation behavioral function model, treatment service model and route navigation model, are accessed with graphic symbolic expression industry control With the information flow form in operation process, security criteria pattern base is formed.
Wherein, B1 is specially:
B1-1, the interdependence effects degree sequence in original behavior parametric data according to each variable to its dependent variable, Maximum on the influence of its dependent variable comes the 1st, at first into networking step, many number variables can so found as much as possible Related father node;In the networking stage, each variable is iteratively searched from the variable for having been enter into Bayesian network and can increase current The node of score adds father node set, until full score is not further added by;
B1-2, the probability inference for for every incomplete behavior parametric data be based on Bayesian network, find out institute There are candidate value and its relative probability, filled as AFR control using the candidate value of maximum probability.
Behavioral function model specific method is built in B2 is:
B2-1-1, by under nominal situation Industry Control Obj State performance data set transformation be average be 0, variance is 1 Standard data set;
B2-1-2, industry control access process principal component model is set up by above-mentioned standard data set, extract pivot;
B2-1-3, the statistic for calculating standard data set industry control access process principal component model and corresponding control limit.
Treatment service model specific method is built in step B2 is:
B2-2-1, by the industrial control module behavior command data set transformation under nominal situation be average be 0, variance is 1 Standard data set;
B2-2-2, industry control operation process principal component model is set up by above-mentioned standard data set, extract pivot;
B2-2-3, the statistic for calculating standard data set industry control operation process principal component model and corresponding control limit.
Step C realizes that gather online data, placement sensing measuring point, field monitoring is gathered in actual industrial control process Characterization behavior parametric data of the industrial control process on component category.
On-line data acquisition mainly includes:1st, measuring point is selected, sensor is distributed rationally, it is ensured that to the peace of industrial control module Full inspection surveys best results, dynamic property influence minimum;2nd, the control process data integration based on RTDB in Industry Control is set up to put down Information on the lines such as platform, abundant collection site operation, job instruction, equipment state, supports towards Programmable Embedded electronic equipment Function modes detection, the logic behavior capture of real-time control and monitoring software, and industry control network agreement communications solution Analysis.RTDB in Industry Control should comply with following pattern:With high-precision temporal resolution support the different equipment of brand with it is soft Part, supports extensive data source form, with the big number of data compression rate supportive behavior of ultra high efficiency with the collection fitting percentage of multi-protocols According to transmission and storage performance.
Discrimination method in step C is specially:
C-1, the security criteria pattern base set up jointly with behavioral function model, treatment service model and route navigation model The standard compliance identification of control function under each yardstick is promoted, recognizing abnormal behaviour from performance aspect by pca method inclines To whether occurring;
C-2, for exception control behavior, the decision rule stored up using abnormal behavior storehouse village judges that its defect utilizes cluster Class belongs to, if having clearly classifying, locks this illness behavior;If cannot judge, step D is transferred to.
It is specially from the method for performance aspect identification abnormal behaviour tendency:
C-1-1, quantitation status and appearance behavior parametric data is obtained online, and be standardized;
C-1-2, to standard data set difference Counting statistics amount Hotelling's T2With square prediction error SPE, monitoring The control whether its value exceedes normal condition is limited, if not transfiniting, repeat step C-1-1, if transfiniting, into step C-1-3;
C-1-3, each variable is calculated to Hotelling's T2The contribution of statistic and square prediction error SPE statistics Rate, the maximum variable of contribution rate is exactly the variable that may cause failure.
In C-2, the decision rule stored up using abnormal behavior storehouse village judges that its defect has using the method that cluster class belongs to Body is:
C-2-1, call the Cloud transform algorithm based on Peak Intensity Method come in discretization behavior parametric data all continuous types belong to Property, obtain new data record;
C-2-2, call abnormal behavior library storage based under characteristic relation rough set construction decision tree to exception Controlling behavior carries out judgement of the defect using cluster class ownership.
Step D is specially based on the abnormal behaviour pattern database that quiet dynamic defect is constructed in exception control behavior:
D-1, that support network and system simulation reappearance high, user behavior duplication, resource are built using computer technology is automatic The industry control remaining honey net isolated with release, Environmental security with controlled exchange is configured, illness behavior is traped;
D-2, clear and definite defect utilize mechanism on the premise of, using under characteristic relation rough set construct decision tree, excavate Priori darkened features, construct abnormal behaviour pattern database.
Will be unable to judge that defect is lured into being that gene is carried, supported with industry control operation using the exception control behavior that cluster class belongs to Mimicryization reconstruct leading-type industry control remaining honey net, it is carried out potential disease predisposition study and judge, priori darkened features excavate, construct Abnormal behaviour pattern database, the abnormal behaviour pattern database have it is acquired, can according to priori darkened features etc. exception number According to being updated, prevent the attack of priori darkened features.
The method that step D-2 constructs abnormal behaviour pattern database is specially:
D-2-1, call the Cloud transform algorithm based on Peak Intensity Method come in discretization behavior parametric data all continuous types belong to Property, obtain new behavior parametric data collection;
D-2-2, for new behavior parametric data collection, calculate each conditional attribute relative to decision attribute each division The degree of approximation up and down of set and the weighted mean roughness of each conditional attribute;
The minimum attribute B of weighted mean roughness is with B as current split vertexes under D-2-3, selection characteristic relation Root constructs decision tree, i.e., to each value of B, it is that behavior parametric data concentration meets B that can obtain sample branch a Q, Q Property value for v subsample;
D-2-4, for each sample branch Q, if he is not reaching to leaf node, continue repeat step D-2-2.
Above-described specific embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect Describe in detail, should be understood that and the foregoing is only specific embodiment of the invention, be not intended to limit the present invention Protection domain, all any modification, equivalent substitution and improvements within the spirit and principles in the present invention, done etc. all should include Within protection scope of the present invention.

Claims (9)

1. a kind of industrial control system functional safety verification method based on immunological learning, it is characterised in that comprise the following steps:
A, using the behavior parametric data for obtaining Industry Control by the way of ring test industrial control module offline;
B, according to behavior parametric data, mould the security criteria pattern base of multiple dimensioned lower Industry Control;
C, by security criteria pattern base recognize exception control behavior;
D, abnormal behaviour pattern database is constructed based on exception control behavior.
2. a kind of industrial control system functional safety verification method based on immunological learning according to claim 1, it is special Levy and be, step B is specially:
B1, according to behavior parametric data, reconstruct data distribution trace with the method for probability inference using being built based on Bayesian network Mark;
B2, with reference to the built-in actual industry control Obj State of every industry control industrial process example, process is become with pca method It is functional mode to move examples translating embarking on journey;With reference to the built-in actual industry control job instruction of every industry control operation process example, with master Element method etc. is examples translating into treatment service model Noumenon property;
B3, foundation behavioral function model and treatment service model, with the letter in graphic symbolic expression industry control access and operation process Breath nowed forming, forms security criteria pattern base.
3. a kind of industrial control system functional safety verification method based on immunological learning according to claim 2, it is special Levy and be:Step B1 is specially:
B1-1, the interdependence effects degree sequence in behavior parametric data according to each variable to its dependent variable, to its dependent variable Influence it is maximum come the 1st, at first into networking step, the networking stage each variable iteratively from having been enter into Bayes Being searched in the variable of network can increase the node addition father node set of present score, until full score is not further added by;
B1-2, the probability inference for for every incomplete behavior parametric data be based on Bayesian network, find out all times Choosing value and its relative probability, are filled using the candidate value of maximum probability as AFR control.
4. a kind of industrial control system functional safety verification method based on immunological learning according to claim 2, it is special Levy and be:Building behavioral function model specific method based on pca method in step B2 is:
B2-1-1, by under nominal situation Industry Control Obj State performance data set transformation be average be 0, variance is 1 mark Quasi- data set;
B2-1-2, industry control access process principal component model is set up by above-mentioned standard data set, extract pivot;
B2-1-3, the statistic for calculating standard data set industry control access process principal component model and corresponding control limit.
5. a kind of industrial control system functional safety verification method based on immunological learning according to claim 2, it is special Levy and be:Building treatment service model specific method based on pca method in step B2 is:
B2-2-1, by the industrial control module behavior command data set transformation under nominal situation be average be 0, variance is 1 mark Quasi- data set;
B2-2-2, industry control operation process principal component model is set up by above-mentioned standard data set, extract pivot;
B2-2-3, the statistic for calculating standard data set industry control operation process principal component model and corresponding control limit.
6. a kind of industrial control system functional safety verification method based on immunological learning according to claim 2, it is special Levy and be:Discrimination method in step C is specially:
C-1, the standard compliance identification that control function under each yardstick is promoted with security criteria pattern base, by pca method Whether can occur from performance aspect identification abnormal behaviour tendency;
C-2, for exception control behavior, if can determine that its defect using cluster class belong to, lock this illness behavior;If cannot sentence It is fixed, then it is transferred to step D.
7. a kind of industrial control system functional safety verification method based on immunological learning according to claim 6, it is special Levy and be:Method from performance aspect identification abnormal behaviour tendency in step C-1 is specially:
C-1-1, quantitation status and appearance behavior parametric data is obtained online, and be standardized;
C-1-2, to standard data set difference Counting statistics amount Hotelling's T2With square prediction error SPE, monitoring its value is The no control more than normal condition is limited, if not transfiniting, repeat step C-1-1, if transfiniting, into step C-1-3;
C-1-3, each variable is calculated to Hotelling's T2The contribution rate of statistic and square prediction error SPE statistics, tribute It is exactly the variable that may cause failure to offer the maximum variable of rate.
8. a kind of industrial control system functional safety verification method based on immunological learning according to claim 1, it is special Levy and be:Step D is specially:
D-1, support network and system simulation reappearance high, user behavior duplication, resource are built using computer technology automatically configure Isolate the industry control remaining honey net with controlled exchange with release, Environmental security, trap illness behavior;
D-2, clear and definite defect utilize mechanism on the premise of, using under characteristic relation rough set construct decision tree, excavate priori Darkened features, construct abnormal behaviour pattern database.
9. a kind of industrial control system functional safety verification method based on immunological learning according to claim 8, it is special Levy and be:The method that step D-2 constructs abnormal behaviour pattern database is specially:
D-2-1, call the Cloud transform algorithm based on Peak Intensity Method come discretization behavior parametric data in all continuous type attributes, obtain To new behavior parametric data collection;
D-2-2, for new behavior parametric data collection, calculate each conditional attribute relative to decision attribute each divide set The degree of approximation up and down and each conditional attribute weighted mean roughness;
The minimum attribute B of weighted mean roughness, as current split vertexes, is root structure with B under D-2-3, selection characteristic relation Decision tree is made, i.e., to each value of B, a sample branch Q can be obtained;
D-2-4, for each sample branch Q, if he is not reaching to leaf node, continue repeat step D-2-2.
CN201611169479.7A 2016-12-16 2016-12-16 Industrial control system function safety verification method based on immune learning Active CN106778210B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611169479.7A CN106778210B (en) 2016-12-16 2016-12-16 Industrial control system function safety verification method based on immune learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611169479.7A CN106778210B (en) 2016-12-16 2016-12-16 Industrial control system function safety verification method based on immune learning

Publications (2)

Publication Number Publication Date
CN106778210A true CN106778210A (en) 2017-05-31
CN106778210B CN106778210B (en) 2020-04-07

Family

ID=58892374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611169479.7A Active CN106778210B (en) 2016-12-16 2016-12-16 Industrial control system function safety verification method based on immune learning

Country Status (1)

Country Link
CN (1) CN106778210B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370732A (en) * 2017-07-14 2017-11-21 成都信息工程大学 System is found based on neutral net and the industrial control system abnormal behaviour of optimal recommendation
CN108769071A (en) * 2018-07-02 2018-11-06 腾讯科技(深圳)有限公司 attack information processing method, device and internet of things honey pot system
CN109445406A (en) * 2018-10-18 2019-03-08 西南交通大学 Industrial control system safety detection method based on scrnario testing and affairs search
CN111239529A (en) * 2020-03-05 2020-06-05 西南交通大学 Excitation test method and system supporting predictive maintenance of electromechanical equipment
CN113378151A (en) * 2021-06-23 2021-09-10 上海红阵信息科技有限公司 Unified identity authentication system and method based on mimicry structure
CN115001866A (en) * 2022-08-01 2022-09-02 成都市以太节点科技有限公司 Safety protection method based on immune mechanism, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102637019A (en) * 2011-02-10 2012-08-15 武汉科技大学 Intelligent integrated fault diagnosis method and device in industrial production process
CN105763392A (en) * 2016-02-19 2016-07-13 中国人民解放军理工大学 Industrial control protocol fuzzing test method based on protocol state
CN105959144A (en) * 2016-06-02 2016-09-21 中国科学院信息工程研究所 Safety data acquisition and anomaly detection method and system facing industrial control network
EP3076291A1 (en) * 2015-03-30 2016-10-05 Rockwell Automation Germany GmbH & Co. KG Method for assignment of verification numbers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102637019A (en) * 2011-02-10 2012-08-15 武汉科技大学 Intelligent integrated fault diagnosis method and device in industrial production process
EP3076291A1 (en) * 2015-03-30 2016-10-05 Rockwell Automation Germany GmbH & Co. KG Method for assignment of verification numbers
CN105763392A (en) * 2016-02-19 2016-07-13 中国人民解放军理工大学 Industrial control protocol fuzzing test method based on protocol state
CN105959144A (en) * 2016-06-02 2016-09-21 中国科学院信息工程研究所 Safety data acquisition and anomaly detection method and system facing industrial control network

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370732A (en) * 2017-07-14 2017-11-21 成都信息工程大学 System is found based on neutral net and the industrial control system abnormal behaviour of optimal recommendation
CN108769071A (en) * 2018-07-02 2018-11-06 腾讯科技(深圳)有限公司 attack information processing method, device and internet of things honey pot system
CN108769071B (en) * 2018-07-02 2021-02-09 腾讯科技(深圳)有限公司 Attack information processing method and device and Internet of things honeypot system
CN109445406A (en) * 2018-10-18 2019-03-08 西南交通大学 Industrial control system safety detection method based on scrnario testing and affairs search
CN109445406B (en) * 2018-10-18 2021-05-18 西南交通大学 Industrial control system safety detection method based on scene test and transaction search
CN111239529A (en) * 2020-03-05 2020-06-05 西南交通大学 Excitation test method and system supporting predictive maintenance of electromechanical equipment
CN113378151A (en) * 2021-06-23 2021-09-10 上海红阵信息科技有限公司 Unified identity authentication system and method based on mimicry structure
CN115001866A (en) * 2022-08-01 2022-09-02 成都市以太节点科技有限公司 Safety protection method based on immune mechanism, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN106778210B (en) 2020-04-07

Similar Documents

Publication Publication Date Title
CN106778210A (en) A kind of industrial control system functional safety verification method based on immunological learning
CN112102111B (en) Intelligent processing system for power plant data
CN110233849B (en) Method and system for analyzing network security situation
CN112114579B (en) Industrial control system safety measurement method based on attack graph
Yu et al. A digital twin-based decision analysis framework for operation and maintenance of tunnels
CN108347430A (en) Network invasion monitoring based on deep learning and vulnerability scanning method and device
CN109426722A (en) SQL injection defect inspection method, system, equipment and storage medium
CN108306756B (en) Holographic evaluation system based on power data network and fault positioning method thereof
Sommestad et al. The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures
CN104243445B (en) For analyzing the method and system of the network security threats in airborne platform
CN107992746A (en) Malicious act method for digging and device
CN107817756A (en) Networking DNC system target range design method
CN110266647A (en) It is a kind of to order and control communication check method and system
CN106202665B (en) Initial failure root primordium recognition methods based on domain mapping and weighted association rules
CN106709613A (en) Risk assessment method suitable for industrial control system
CN106529283B (en) A kind of software-oriented defines network-based control device safety quantitative analysis method
CN113347170B (en) Intelligent analysis platform design method based on big data framework
CN105939200A (en) Method and system for performing network security risk evaluation by utilizing expert system
CN109729069A (en) Detection method, device and the electronic equipment of unusual IP addresses
CN109088744A (en) Powerline network abnormal intrusion detection method, device, equipment and storage medium
CN110493254A (en) Industrial Yunan County's overall evaluating method and device
CN110188040A (en) A kind of software platform for software systems fault detection and health state evaluation
CN102194061A (en) Method for verifying security model of computer system
CN115767601A (en) 5GC network element automatic nanotube method and device based on multidimensional data
CN114676047A (en) Unmanned aerial vehicle software security property analysis and verification method based on fault mode library

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant