Big Data Research ›› 2023, Vol. 9 ›› Issue (4): 98-115.doi: 10.11959/j.issn.2096-0271.2023051
• TOPIC: CROSS-DOMAIN DATA MANAGEMENT • Previous Articles
Tianchen ZHU1,2, Jun ZHAO3, Bo LI1,2,4, Jianxin LI1,2,4
Online:
2023-07-01
Published:
2023-07-01
Supported by:
CLC Number:
Tianchen ZHU, Jun ZHAO, Bo LI, Jianxin LI. Argus: multi-source data-driven industrial control security situational awareness system[J]. Big Data Research, 2023, 9(4): 98-115.
"
实体类别 | 详细描述 |
VEN | VEN实 体 代 表生 产 软件 的厂 商,例 如Microsoft、Tencent等。在STIX2.0中,该实体对应于Identity |
PRO | PRO实体代表厂商生产的软件、硬件产品,例如Word、Office等 |
VER | VER实体代表产品的版本信息,例如ver3.0、v4.2.0等 |
MOD | MOD实体代表产品中的某个模块或者产品包含的功能组件,例如插件等 |
FILE/PATH | FILE/PATH实体代表文件路径或URL超链接地址 |
FUNC | FUNC实体代表文件中的某个具体函数,例如某个文件中的函数名称、某个模组中的类等 |
PARAMETER | PARAMETER实体是参数实体。它代表文件中的变量和常量,例如某段代码包含的变量num |
ATTACKER | ATTACKER实体代表实行攻击的某个组织、团体或个人 |
VULTYPE | VULTYPE代表漏洞的分类,例如XSS、Stack Overflow、SQL Injection等 |
VUL | VUL实体代表具体漏洞名称 |
PROBLEM | PROBLEM实体代表产品、模组、文件或具体代码中客观存在的可能发生的问题 |
"
关系编号 | 对应节点类型 | 详细信息 |
R1 | 源IP地址-目的IP地址 | 表示从某一源IP地址到某一目的IP地址的连接 |
R2 | 源IP地址-协议 | 表示某一源IP地址通过某一协议发送请求报文 |
R3 | 源IP地址-端口号 | 表示某一源IP地址与其发送请求报文所用端口之间的关系 |
R4 | 源IP地址-请求 | 表示某一源IP地址与其所发送的请求报文之间的关系 |
R5 | 源IP地址-应答 | 表示某一源IP地址与其接收的应答报文之间的关系 |
R6 | 目的IP地址-协议 | 表示某一目的IP地址通过某一协议接收请求报文 |
R7 | 目的IP地址-端口号 | 表示某一目的IP地址与其接收请求报文所用端口之间的关系 |
R8 | 目的IP地址-请求 | 表示某一目的IP地址与其所接收的请求报文之间的关系 |
R9 | 目的IP地址-应答 | 表示某一目的IP地址与其发送的应答报文之间的关系 |
R10 | 协议-端口号 | 表示某一协议利用某一端口进行工作 |
"
字段 | 值 |
时间 | 2019-12-2 19:00:51 |
漏洞 | CVE-2019-7481 |
厂商 | SonicWall |
端口 | 80/TCP |
IP地址 | 192.185.18.204 |
DNS | neogenomes.com |
文件/路径 | GET/court/PlaintNote_12545_copy.zip |
端口 | 443/tcp |
IP地址 | 81.4.123.67 |
DNS | onion1.host:443 |
文件/路径 | GET/temper/PGPClient.exe |
端口 | 443/tcp |
IP地址 | 168.235.98.160 |
DNS | onion1.pw |
文件/路径 | POST/blog/index.php |
… | … |
"
方法 | CTU-13数据集 | 蜜罐数据集 | |||||
准确率 | 召回率 | F1 | 准确率 | 召回率 | F1 | ||
SVM | 84.14 | 85.32 | 84.73 | 82.36 | 84.21 | 83.27 | |
Graph-ML | 92.31 | 87.50 | 88.48 | 91.04 | 89.37 | 90.20 | |
Graph-Cluster | 94.17 | 92.36 | 93.26 | 93.21 | 92.72 | 92.96 | |
GCN | 92.54 | 91.85 | 92.20 | 92.16 | 91.45 | 91.80 | |
HAN | 93.43 | 91.89 | 92.65 | 93.14 | 92.81 | 92.97 | |
Argus系统 | 92.65 | 93.47 | 93.06 | 93.68 | 97.71 | 95.65 | |
提升比例 | -1.61% | +1.20% | -0.21% | +0.58% | +5.28% | +2.88% |
[1] | BHAMARE D , ZOLANVARI M , ERBAD A ,et al. Cybersecurity for industrial control systems:a survey[J]. Computers& Security, 2020,89:101677. |
[2] | 周明, 吕世超, 游建舟 ,等. 工业控制系统安全态势感知技术研究[J]. 信息安全学报, 2022,7(2): 101-119. |
ZHOU M , LYU S C , YOU J Z ,et al. A comprehensive survey of security situational aware-ness on industrial control systems[J]. Journal of Cyber Security, 2022,7(2): 101-119. | |
[3] | FENG C , LI T T , CHANA D . Multilevel anomaly detection in industrial control systems via package signatures and LSTM networks[C]// Proceedings of 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). Piscataway:IEEE Press, 2017: 261-272. |
[4] | MUNA A L H , MOUSTAFA N , SITNIKOVA E . Identification of malicious activities in industrial Internet of Things based on deep learning models[J]. Journal of Information Security and Applications, 2018,41: 1-11. |
[5] | CHANG C P , HSU W C , LIAO I E . Anomaly detection for industrial control systems using K-means and convolutional autoencoder[C]// Proceedings of 2019 International Conference on Software,Telecommunications and Computer Networks (SoftCOM). Piscataway:IEEE Press, 2019: 1-6. |
[6] | DEMERTZIS K , ILIADIS L , BOUGOUDIS I . Gryphon:a semi-supervised anomaly detection system based on one-class evolving spiking neural network[J]. Neural Computing and Applications, 2020,32(9): 4303-4314. |
[7] | PRIYANGA S , KRITHIVASAN K , PRAVINRAJ S ,et al. Detection of cyberattacks in industrial control systems using enhanced principal component analysis and hypergraphbased convolution neural network (EPCAHG-CNN)[J]. IEEE Transactions on Industry Applications, 2020,56(4): 4394-4404. |
[8] | DOSHI K , YILMAZ Y , ULUDAG S . Timely detection and mitigation of stealthy DDoS attacks via IoT networks[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(5): 2164-2176. |
[9] | KHAN I A , KESHK M , PI D C ,et al. Enhancing IIoT networks protection:a robust security model for attack detection in Internet industrial control systems[J]. Ad Hoc Networks, 2022,134:102930. |
[10] | ISO. Electrical and electronic components and general system aspects:ISO/TC 22/SC 32[S]. 2021. |
[11] | SCHLETTE D , CASELLI M , PERNUL G . A comparative study on cyber threat intelligence:the security incident response perspective[J]. IEEE Communications Surveys & Tutorials, 2021,23(4): 2525-2556. |
[12] | OASIS. Cyber threat intelligence (CTI):TC.STIX 2.0[S]. 2018. |
[13] | HUANG Z , XU W , YU K . Bidirectional LSTM-CRF models for sequence tagging[J]. arXiv preprint, 2015,arXiv:1508.01991. |
[14] | ZHENG S C , HAO Y X , LU D Y ,et al. Joint entity and relation extraction based on a hybrid neural network[J]. Neurocomputing, 2017,257: 59-66. |
[15] | ZHAO J , LIU X D , YAN Q B ,et al. Multi-attributed heterogeneous graph convolutional network for bot detection[J]. Information Sciences, 2020,537: 380-393. |
[16] | SUN Y Z , HAN J W , YAN X F ,et al. Pathsim:meta path-based top-k similarity search in heterogeneous information networks[J]. Proceedings of the VLDB Endowment, 2011,4(11): 992-1003. |
[17] | LYON G F . Nmap network scanning:the official Nmap project guide to network discovery and security scanning[M]. Sunnyvale: Insecure, 2009. |
[18] | GARCíA S , GRILL M , STIBOREK J ,et al. An empirical comparison of botnet detection methods[J]. Computers &Security, 2014,45: 100-123. |
[19] | HEARST M A , DUMAIS S T , OSUNA E ,et al. Support vector machines[J]. IEEE Intelligent Systems and Their Applications, 1998,13(4): 18-28. |
[20] | DAYA A A , SALAHUDDIN M A , LIMAM N ,et al. A graph-based machine learning approach for bot detection[C]// Proceedings of 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). Piscataway:IEEE Press, 2019: 144-152. |
[21] | CHOWDHURY S , KHANZADEH M , AKULA R ,et al. Botnet detection using graph-based feature clustering[J]. Journal of Big Data, 2017,4(1): 1-23. |
[22] | KIPF T N , WELLING M . Semi-supervised classification with graph convolutional networks[J]. arXiv preprint, 2016,arXiv:1609.02907. |
[23] | WANG X , JI H Y , SHI C ,et al. Heterogeneous graph attention network[C]// Proceedings of WWW’19:The World Wide Web Conference. New York:ACM Press, 2019: 2022-2032. |
[1] | Yang AN, Jianwei SUN, Qian LI, Yongshun GONG. Urban traffic flow prediction based on the multisource heterogeneous spatio-temporal data fusion [J]. Big Data Research, 2023, 9(4): 69-82. |
[2] | Yida LIU, Xiaoou DING, Hongzhi WANG, Donghua YANG. Research on iterative data cleaning of human-computer interaction [J]. Big Data Research, 2023, 9(4): 59-68. |
[3] | Hongrun REN, Yangyong ZHU. Data pipeline model: exploration of the overthe-counter form of streaming data [J]. Big Data Research, 2023, 9(3): 15-28. |
[4] | Weijun GAO, Kai WANG. Research on public welfare donation traceability system based on consortium blockchains [J]. Big Data Research, 2023, 9(3): 150-167. |
[5] | Chaoran LUO, Yun MA, Xiang JING, Gang HUANG. Internet of data: a solution for dataspace infrastructure and its technical challenges [J]. Big Data Research, 2023, 9(2): 110-121. |
[6] | Xiangquan GUI, Zhili GUO, Yi YANG, Bingfeng QIN. Tourism points exchange system design based on blockchain technology [J]. Big Data Research, 2023, 9(2): 147-162. |
[7] | Yazhen YE, Yangyong ZHU. Data-Commerce-Ecosystem: data goods, data businessman and data commerce [J]. Big Data Research, 2023, 9(1): 111-125. |
[8] | Lingli ZHANG, Qikai CHU, Guijuan WANG, Weihan ZHANG, Hui PU, Zhenjin SONG, Yadong WU. Text sentiment visual analysis technology and its application in humanities [J]. Big Data Research, 2022, 8(6): 56-73. |
[9] | Aili LI, Zishuai ZHANG, Yin LIN, Qiuju WANG, Jianan YANG, Weicheng MENG, Yanfeng ZHANG. Research on emotion monitoring of public based on social network big data [J]. Big Data Research, 2022, 8(6): 105-126. |
[10] | Zhengxun XIA, Jianfei TANG, Shengmei LUO, Yan ZHANG. Exploration and practice of trusted AI governance framework [J]. Big Data Research, 2022, 8(4): 145-164. |
[11] | Yazhen YE, Yangyong ZHU. BoxedData: a data product form based on databox [J]. Big Data Research, 2022, 8(3): 15-25. |
[12] | Qifeng TANG, Zhiqing SHAO, Yazhen YE. Authenticating and licensing architecture of data rights in data trade [J]. Big Data Research, 2022, 8(3): 40-53. |
[13] | Feng ZHI, Feng TIAN, Ruofan ZHAO. Classification of big data in metrology [J]. Big Data Research, 2022, 8(1): 60-72. |
[14] | Yongfeng WANG, Zhiguang CHEN. A survey of persistent index data structures on non-volatile memory [J]. Big Data Research, 2021, 7(6): 78-88. |
[15] | Jinfeng MA, Kaifeng RAO, Ruonan LI, Jing ZHANG, Hua ZHENG. Research on the integration of water environment model and big data technology [J]. Big Data Research, 2021, 7(6): 103-119. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|