Big Data Research ›› 2023, Vol. 9 ›› Issue (4): 98-115.doi: 10.11959/j.issn.2096-0271.2023051

• TOPIC: CROSS-DOMAIN DATA MANAGEMENT • Previous Articles    

Argus: multi-source data-driven industrial control security situational awareness system

Tianchen ZHU1,2, Jun ZHAO3, Bo LI1,2,4, Jianxin LI1,2,4   

  1. 1 School of Computer Science and Engineering, Beihang University, Beijing 100191, China
    2 Beijing Advanced Innovation Center for Big Data and Brain Computing, Beijing 100191, China
    3 School of Information Science and Engineering, Shandong Normal University, Jinan 250358, China
    4 Zhongguancun Laboratory, Beijing 100191, China
  • Online:2023-07-01 Published:2023-07-01
  • Supported by:
    The National Natural Science Foundation of China(U20B2053)

Abstract:

Industrial control system (ICS) is the brain of national industrial manufacturing and civil infrastructure.However, the security risks associated with ICS have become increasingly prominent, making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically, the paper presented a multi-source data-driven ICS security situational awareness system named Argus, which incorporated an awareness chain for ICS security.Furthermore, the paper developed autonomous situational awareness technologies for ICS security, such as stateless high-speed device scanning, precise threat intelligence extraction, and suspicious attack behavior detection, to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that, compared with conventional ICS situational awareness methods, the perception accuracy of the Argus system has improved by over 10%, with efficiency improvements by two orders of magnitude.Additionally, Argus allows for proactive warning and mitigation of potential security risks.

Key words: industrial control system, multi-source data fusion, situation awareness, threat intelligence

CLC Number: 

No Suggested Reading articles found!