网络与信息安全学报 ›› 2024, Vol. 10 ›› Issue (4): 17-36.doi: 10.11959/j.issn.2096-109x.2024050

• 综述 • 上一篇    下一篇

面向工业传感网络的时间序列异常检测综述

吴越, 曹国彦   

  1. 西北工业大学网络空间安全学院,陕西 西安 710072
  • 收稿日期:2024-01-19 修回日期:2024-07-28 出版日期:2024-08-25 发布日期:2024-09-14
  • 作者简介:吴越(1998- ),男,山西临汾人,西北工业大学硕士生,主要研究方向为工业互联网安全。
    曹国彦(1986- ),男,陕西榆林人,西北工业大学副教授,主要研究方向为工业控制系统的仿真、控制、计算、通信与安全建模。
  • 基金资助:
    国家自然科学基金(61803303);核高基国家重大专项(2017ZX01030-2021);航空科学基金(20182D53045)

Survey of time series anomaly detection for industrial sensor networks

Yue WU, Guoyan CAO   

  1. School of Cybersecurity, Northwestern Polytechnical University, Xi’an 710072, China
  • Received:2024-01-19 Revised:2024-07-28 Online:2024-08-25 Published:2024-09-14
  • Supported by:
    The National Natural Science Foundution of China(61803303);The National Science and Technology Major Project of the Nuclear HighTech Bases of China(2017ZX01030-2021);The Aeronautical Science Foundation of China(20182D53045)

摘要:

随着工业控制系统与信息网络的深度融合,工业关键基础设备的网络化、智能化成为未来工业发展的趋势。工业传感网络作为工业系统网络化的重要组成部分,其数据安全已成为被工业安全领域广泛关注。工业传感网络数据异常影响工业控制系统的物理安全、信息安全和网络安全。工业传感网络异常检测是面向网络攻击及物理故障,通过对复杂、多层次、多尺度的传感时间序列分析,发现隐蔽的异常逻辑及故障原因的方法。总结了工业传感网络异常的成因,系统地综述了工业传感网络异常检测的研究进展,从时序特征、时空多尺度及非结构图表征3个视角,对工业传感网络异常检测的关键技术及典型方法进行分类阐述,分析现有各类方法的发展脉络及主要突破。介绍了用于工业传感网络的数据集和评价指标,及方法的检测效果,并通过对比这些方法的实验结果,说明了各方法的特点及技术侧重,给出了现有工作的应用前景,梳理出当前异常检测方法在实际应用中所面临的挑战。最后提出了工业传感网络异常检测发展趋势及未来的研究方向。

关键词: 工业控制系统, 传感网络, 时间序列, 异常检测

Abstract:

The deep integration of industrial control systems and information networks drives the trend towards networking and intelligence in future industrial development. Industrial sensor networks, crucial for industrial system networking, raise concerns in industrial security, particularly regarding data security. Anomalies in industrial sensor network data impact the physical, information, and network security of industrial control systems. Industrial sensor network anomaly detection, addressing network attacks and physical faults, involves analyzing complex, multi-layered, and multi-scale sensor time series data to discover hidden anomalous logic and fault causes. The causes of anomalies in industrial sensor networks were summarized, research progress in industrial sensor network anomaly detection was reviewed systematically, and key technologies and typical methods were explained categorically from three perspectives: time series features, spatiotemporal multiscale, and non-structured graph representation. The developmental trajectories and major breakthroughs of various existing methods were analyzed and consolidated. Datasets and evaluation metrics currently used for industrial sensor networks were introduced, the detection performance of existing methods was summarized, and through comparative analysis of experimental results, the characteristics and technical focuses of each method were highlighted. The application prospects of existing work were pointed out and the challenges faced by current anomaly detection methods in practical applications were outlined. Future development trends and research directions for industrial sensor network anomaly detection were suggested.

Key words: industrial control system, sensor network, time series, anomaly detection

中图分类号: 

No Suggested Reading articles found!