The security of industrial control protocol is the cornerstone to ensure ICS’s stable operation, a large number of industrial control protocols in the design phase ignore the consideration of security, resulting in most of the mainstream industrial control protocols generally having vulnerabilities. Considering the ICS architecture and the developmental characteristics of industrial control protocols, the various vulnerabilities and attack threats commonly faced by industrial control protocols were systematically summarized. At the same time, for the unknown potential vulnerabilities of industrial control protocols, the vulnerability mining techniques of industrial control protocols were analyzed in-depth, including the static symbolic execution-based, code audit-based, and fuzzing-based. The protocol design security protection technology was comprehensively dissected from the three directions of industrial control protocol specification design, communication mechanism, and third-party middleware. In addition, the future development trend of industrial control protocol security was further prospected from the aspects of sandbox development, security protection, and vulnerability mining.

Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet, a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly, the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly, the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally, the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies, combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method, the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario, which shows its high efficiency and practicability in the industrial Internet environment.

Considering that traditional network security defense methods cannot meet the strict requirements of industrial Internet for reliability and stability, a method for anomaly detection and response in digital space was studied based on the idea of digital twins by collecting on-site data and using twin model security cognition. Firstly, four types of modeling methods were summarized and integrated into the multi module digital twin (DT) architecture by analyzing the digital twin modeling solutions. Secondly, the cognition of different twin models was transformed into a standard signal temporal logic (STL) specification set by introducing signal temporal logic technology, and anomaly detection was achieved by monitoring system behavior based on the specification set, by the reliability of detection results was increased. Finally, anomaly localization was achieved through the analysis of violations of the STL specification set, and corresponding STL weak specifications were designed through the analysis of known device faults to achieve anomaly classification. Two aspects of response to anomalies were beneficial for helping the system restore normal operation. The case study demonstrates that the effectiveness of the proposed method in anomaly detection and response. Comparing the proposed method with the intrusion detection system based on deep learning, the experimental results show that the detection rate of the proposed method increases by 25%~40.9% in detecting anomalies.

To address the shortcomings of existing authentication schemes in vehicle networks, which commonly suffer from key escrow issues, as well as the lack of consideration for lightweight deployment and secure rapid authentication of compute-constrained electronic control unit (ECU), a lightweight certificateless anonymous authentication and key agreement scheme without bilinear pairings was proposed for compute-unconstrained ECU networks. The authentication key pair was securely constructed by elliptic curve cryptography, anonymous authentication and key agreement were realized by lightweight methods such as hash functions and XOR operation. Additionally, a certificateless batch verification scheme was proposed to reduce the authentication costs for compute-constrained ECU networks. Finally, a security verification method based on the colored Petri net (CPN) and Dolev-Yao attacker model was proposed to evaluate the formal security of the proposed scheme. The proposed scheme is proved through security evaluation and performance analysis to effectively resist various types of attacks such as replay, spoofing, tampering, known key, known specific session temporary information attack, etc., with multiple security attributes, small computation and communication cost.

To solve the problem that the access control strategy of the program in the industrial Internet was difficult to extract from the source code, and that the user’s access operation was difficult to trigger all access paths, which led to the difficulty of universal detection of logical vulnerabilities, game theory was applied to the access control logic vulnerability detection for the first time. The vulnerabilities were identified by analyzing the game results of different participants on resource pages in the Web application, so that the access logic of different users could be targeted to obtain. Experimental results demonstrate that the proposed method successfully detect 31 vulnerabilities, including 8 unreported ones, out of 11 open-source applications, with a detection range exceeding 90%.

Unmanned intelligent vehicles are exposed to high risks of network attack, hardware attack, operating system attack and software attack. They are susceptible to physical or remote security attacks, causing it to deviate from the delivery trajectory and fail the delivery task, or even be manipulated to disrupt normal operation of the factory. To address this problem, a dual-verified secure localization method for unmanned intelligent vehicles was proposed. The existing Wi-Fi network infrastructure was utilized by the vehicles for fingerprinting localization and a feature fusion strategy was designed to realize the dynamic fusion of Wi-Fi and magnetic field fingerprints. Multiple environmental monitoring points were deployed to collect the sound signals made by vehicles to calculate the position based on time difference of arrival and spatial segmentation method. Then the location reported by the vehicle was compared with the result of monitoring points for verification. Once an abnormal position was detected, an alert would be issued, ensuring the normal operation of the unmanned intelligent vehicles. The experimental results in the real indoor scenarios show that the proposed method can effectively track the positions of the target unmanned intelligent vehicle, and the positioning accuracy is better than existing benchmark algorithms.

To address the issue where the resource limitations of wireless devices caused state extraction delays that cannot meet the freshness requirements of real-time applications, considering the limited processing capacity of edge nodes, a scheduling method that jointly considered information freshness and real-time performance was proposed. This method initially characterized the task delay before computation and the information freshness after computation by utilizing the system time of the queue and the age of information, respectively. Simultaneously, reasonable deadlines were assigned to each offloaded task to ensure their validity before entering the computation process. Then, the minimum processing rate constraint method was employed to restrict the processing rate during task scheduling, thereby ensuring the real-time nature of task scheduling. Finally, the objective of optimizing long-term task scheduling decisions was achieved based on Lyapunov optimization techniques. Simulation results demonstrate the good performance of the proposed method in both scheduling timeliness and system information freshness.

With the continuous increase in the scale and variety of malware, traditional malware analysis methods, which relied on manual feature extraction, become time-consuming and error-prone, rendering them unsuitable. To improve detection efficiency and accuracy, a deep visualization classification method for malicious code based on Ngram-TFIDF was proposed. The malware dataset was processed by combining N-gram and TF-IDF techniques, transforming it into grayscale images. Subsequently, the CBAM was introduced and the number of dense blocks was adjusted to construct the DenseNet88_CBAM network model for grayscale image classification. Experimental results demonstrate that the proposed method achieves superior classification performance, with accuracy improvements of 1.11% and 9.28% in malware family classification and type classification, respectively.

Given the issues of low transmission rate and poor bit error performance in traditional differential chaos shift keying systems, a dual-mode three-dimensional index modulation differential chaos shift keying (DMTD-IM-DCSK) system was proposed. This system simultaneously utilized time slots, orthogonal codes, and sort index to transmit information on both selected and unselected time slots. At the receiver, the variance of noise was reduced and the system’s error performance was improved by the use of denoising techniques. Formulas for bit error rate (BER) were derived for additive white Gaussian noise channels and multipath Rayleigh fading channels. Simulation results demonstrate that, compared to similar chaotic keying systems, the proposed system achieves higher data rates and superior error performance.

To address the high-cost issue of twin single sideband quadrature phase shift keying (Twin-SSB-QPSK) signals in optical transmission, a optical fiber communication system was proposed, in which a single photodetector (PD) was employed at the receiver to directly detect the Twin-SSB-QPSK signals. At the receiver end, optical bandpass filter (OBPF) was not required to separate the two optical single sideband signals of the Twin-SSB-QPSK signal. Instead, the heterodyne effect of direct detection was utilized, allowing a single PD to directly detect the coherent superposition of the twin two optical single sideband QPSK signals, resulting in a single 16-ary quadrature amplitude modulation (16QAM) signal. Simulations demonstrated that two 56 Gbit/s QPSK signals were combined into a single 112 Gbit/s 16QAM signal and then compared with the traditional single 16QAM signal transmission scheme. The simulation results indicate that the proposed scheme does not introduce additional power penalties while reducing the system device requirements and deployment costs.

To achieve Wi-Fi cross-domain human activity perception that was not dependent on target domain data, a domain-generalization human activity recognition model based on CSI instance normalization called INDG-Fi was proposed. The instance normalization standardization was utilized to remove domain information from the representation of CSI features by INDG-Fi. Then action classifiers and domain classifiers were constructed for shared feature extraction. By employing activity bias learning and adversarial domain learning, the model biased the features extracted from the encoding layer towards signal variations caused by human actions while moving away from domain signals. To enhance the model’s focus on subcarrier signals that were more significantly influenced by human actions, a subcarrier attention module was incorporated into the encoding layer. The implemented results demonstrate that the proposed INDG-Fi achieves perceptual accuracies of 97.99% and 92.73% for unseen users and locations, respectively, thus enabling robust cross-domain perception.

Sequential recommendation predicts next items for users based on their historical interactions. Existing methods capture long-term dependencies but struggle to recommend precisely for users with short interaction sequences, especially for long-tail users. Therefore, a sequential recommendation algorithm for long-tail users based on knowledge-enhanced contrastive learning was proposed. Firstly, semantic item similarity was introduced by leveraging relationships between entities in the knowledge graph to extract correlated items from original sequences. Secondly, two sequence augmentation operators were proposed based on different contrastive learning views, addressing the problem of insufficient training for long-tail user sequences by augmenting self-supervised signals. Finally, precise sequence recommendations were provided for long-tail users by utilizing the joint training of shared network parameters between contrastive self-supervised tasks and the recommendation task. Experimental results on real-world datasets demonstrate the effectiveness of the proposed algorithm in improving performance for long-tail users.