面向工业无线网络的时间同步攻击检测

doi:10.11959/j.issn.2096-3750.2023.00334

物联网学报 ›› 2023, Vol. 7 ›› Issue (2): 88-97.doi: 10.11959/j.issn.2096-3750.2023.00334

面向工业无线网络的时间同步攻击检测

张思超¹^,²^,³^,⁴, 梁炜¹^,²^,³, 苑旭东¹^,²^,³, 张吟龙¹^,²^,³, 郑萌¹^,²^,³

¹ 中国科学院沈阳自动化研究所机器人学国家重点实验室，辽宁沈阳 110016
² 中国科学院网络化控制系统重点实验室，辽宁沈阳 110016
³ 中国科学院机器人与智能制造创新研究院，辽宁沈阳 110169
⁴ 中国科学院大学，北京 100049

修回日期:2023-03-11 出版日期:2023-06-30 发布日期:2023-06-01
作者简介:张思超（1988- ），男，中国科学院沈阳自动化研究所副研究员，主要研究方向为工业无线网络、无线网络安全等
梁炜（1974- ），女，博士，中国科学院沈阳自动化研究所研究员，主要研究方向为工业无线网络、网络信息安全等
苑旭东（1980- ），男，博士，中国科学院沈阳自动化研究所副研究员，主要研究方向为工业TSN、工业无线网络
张吟龙（1988- ），男，博士，中国科学院沈阳自动化研究所副研究员，主要研究方向为工业信息处理、多源信息融合等
郑萌（1983- ），男，博士，中国科学院沈阳自动化研究所研究员，主要研究方向为工业物联网、网络化控制系统等
基金资助:
国家重点研发计划(2021YFB3301000);国家自然科学基金资助项目(62022088);国家自然科学基金资助项目(62273332)

Time synchronization attack detection for industrial wireless network

Sichao ZHANG¹^,²^,³^,⁴, Wei LIANG¹^,²^,³, Xudong YUAN¹^,²^,³, Yinlong ZHANG¹^,²^,³, Meng ZHENG¹^,²^,³

¹ State Key Laboratory of Robotics, Shenyang Institute of Automation, Chinese Academy of Sciences, Shenyang 110016, China
² Key Laboratory of Networked Control Systems, Chinese Academy of Sciences, Shenyang 110016, China
³ Institutes for Robotics and Intelligent Manufacturing, Chinese Academy of Sciences, Shenyang 110169, China
⁴ University of Chinese Academy of Sciences, Beijing 100049, China

Revised:2023-03-11 Online:2023-06-30 Published:2023-06-01
Supported by:
The National Key Research and Development Program of China(2021YFB3301000);The National Natural Science Foundation of China(62022088);The National Natural Science Foundation of China(62273332)

摘要/Abstract

摘要：

高精度的时间同步是保障工业无线网络（IWN, industrial wireless network）安全、可靠传输的基础。延迟攻击作为一类无法使用密码技术解决的时间同步攻击，严重威胁工业无线网络的安全运行。首先，在深入分析工业无线网络时间同步机制的基础上，构造了3种时间同步攻击模型，即单向全生命周期延迟攻击、双向全生命周期延迟攻击和单向非全生命周期延迟攻击，模型在目标节点未被捕获的前提下可实现较隐蔽的延迟攻击。其次，针对现有检测算法难以检测时间特征无明显变化的较隐蔽延迟攻击的问题，提出了一种基于贝叶斯模型的攻击检测算法，算法提取传输速率、传输时延、传输成功率及时间同步周期共4类代表性特征。此外，在贝叶斯特征信息矩阵中引入无线信道噪声模型，以保证在噪声干扰存在条件下的攻击检测和分类准确性。实验结果表明，所提算法在有噪声存在的情况下能够有效检测3种延迟攻击。

关键词: 工业无线网络, 时间同步攻击, 延迟攻击, 攻击检测, 贝叶斯模型

Abstract:

High-precision time synchronization is the basis for ensuring the secure and reliable transmission of industrial wireless network (IWN).Delay attacks, as a class of time synchronization attacks which cannot be solved by cryptographic techniques, seriously threaten the secure operation of IWN.Firstly, based on the in-depth analysis on the time synchronization mechanisms of IWN, three-time synchronization attack models were proposed, including the one-way full life cycle delay attack, two-way full life cycle delay attack, and one-way non-full-life cycle delay attack.Stealthier delay attacks could be realized by the attack models under the premise that target nodes were not captured.Secondly, considering the problem that existing detection algorithms are difficult to detect stealthier delay attacks without obvious changes in time features, an attack detection algorithm based on a Bayesian model was proposed that extracts four representative features, including transmission rate, transmission delay, transmission success rate and time synchronization interval.In addition, in order to ensure the accuracy of the attack detection and classification in the presence of noise interference, the noise model of wireless channel was introduced to the Bayesian feature information matrix.Experimental results show that the proposed algorithm can effectively detect three kinds of attacks in the presence of noise.

Key words: industrial wireless network, time synchronization attack, delay attack, attack detection, Bayesian model

中图分类号:

TN92

张思超, 梁炜, 苑旭东, 张吟龙, 郑萌. 面向工业无线网络的时间同步攻击检测[J]. 物联网学报, 2023, 7(2): 88-97.

Sichao ZHANG, Wei LIANG, Xudong YUAN, Yinlong ZHANG, Meng ZHENG. Time synchronization attack detection for industrial wireless network[J]. Chinese Journal on Internet of Things, 2023, 7(2): 88-97.

图/表 13

图1

图2

图3

图4

图5

图6

图7

图8

表1

表2

表3

表4

图9

参考文献 30

[1]	LIANG W , ZHENG M , ZHANG J L ,et al. WIA-FA and its applications to digital factory:a wireless network solution for factory automation[J]. Proceedings of the IEEE, 2019,107(6): 1053-1073.
[2]	WOLLSCHLAEGER M , SAUTER T , JASPERNEITE J . The future of industrial communication:automation networks in the era of the internet of things and industry 4.0[J]. IEEE Industrial Electronics Magazine, 2017,11(1): 17-27.
[3]	SAUTER T , SOUCEK S , KASTNER W ,et al. The evolution of factory and building automation[J]. IEEE Industrial Electronics Magazine, 2011,5(3): 35-48.
[4]	SHI H G , ZHENG M , LIANG W ,et al. Transmission scheduling with order constraints in WIA-FA-based AGV systems[J]. IEEE Internet of Things Journal, 2021,8(1): 381-392.
[5]	LIANG W , ZHANG J L , SHI H G ,et al. An experimental evaluation of WIA-FA and IEEE 802.11 networks for discrete manufacturing[J]. IEEE Transactions on Industrial Informatics, 2021,17(9): 6260-6271.
[6]	WANG Q , JIANG J . Comparative examination on architecture and protocol of industrial wireless sensor network standards[J]. IEEE Communications Surveys ＆ Tutorials, 2016,18(3): 2197-2219.
[7]	PETERSEN S , CARLSEN S . WirelessHART versus ISA100.11a:the format war hits the factory floor[J]. IEEE Industrial Electronics Magazine, 2011,5(4): 23-34.
[8]	ZHENG M , LIANG W , YU H B ,et al. Performance analysis of the industrial wireless networks standard:WIA-PA[J]. Mobile Networks and Applications, 2017,22(1): 139-150.
[9]	SHI H G , ZHENG M , LIANG W ,et al. AODR:an automatic on-demand retransmission scheme for WIA-FA networks[J]. IEEE Transactions on Vehicular Technology, 2021,70(6): 6094-6107.
[10]	吴宝明, 李声飞 . 基于最优线性拟合的WSN时间同步算法研究[J]. 传感技术学报, 2010,23(12): 1787-1791.
	WU B M , LI S F . Study on optimal linear fit time synchronization algorithm for wireless sensor network[J]. Chinese Journal of Sensors and Actuators, 2010,23(12): 1787-1791.
[11]	周贤伟, 韦炜, 覃伯平 . 无线传感器网络的时间同步算法研究[J]. 传感技术学报, 2006,19(1): 20-25,29.
	ZHOU X W , WEI W , QIN B P . Research on time synchronization in wireless sensor network[J]. Chinese Journal of Sensors and Actuators, 2006,19(1): 20-25,29.
[12]	汪付强, 曾鹏, 于海斌 . 一种低开销的双向时间同步算法[J]. 仪器仪表学报, 2011,32(6): 1357-1363.
	WANG F Q , ZENG P , YU H B . Low overhead two-way time synchronization algorithm[J]. Chinese Journal of Scientific Instrument, 2011,32(6): 1357-1363.
[13]	杨雨沱, 梁炜, 张晓玲 ,等. 面向工厂自动化无线网络的时间同步方法[J]. 计算机研究与发展, 2014,51(3): 511-518.
	YANG Y T , LIANG W , ZHANG X L ,et al. Time synchronization method of wireless network for factory automation[J]. Journal of Computer Research and Development, 2014,51(3): 511-518.
[14]	程利娟, 王福豹, 段渭军 . 无线传感器网络时间同步算法的安全性研究[J]. 计算机应用研究, 2007,24(11): 6-8.
	CHENG L J , WANG F B , DUAN W J . Research on security of time synchronization in wireless sensor networks[J]. Application Research of Computers, 2007,24(11): 6-8.
[15]	GANERIWAL S , P?PPER C , ?APKUN S ,et al. Secure time synchronization in sensor networks[J]. ACM Transactions on Information and System Security, 2008,11(4): 1-35.
[16]	YANG W , WANG Q , QI Y ,et al. Time synchronization attacks in IEEE802.15.4e networks[C]// Proceedings of 2014 International Conference on Identification,Information and Knowledge in the Internet of Things. Piscataway:IEEE Press, 2015: 166-169.
[17]	杨伟, 王沁, 万亚东 ,等. IEEE802.15.4e 标准的安全多跳时间同步协议设计[J]. 计算机科学, 2017,44(3): 175-181,194.
	YANG W , WANG Q , WAN Y D ,et al. Design of secure multi-hop time synchronization protocol for IEEE802.15.4e[J]. Computer Science, 2017,44(3): 175-181,194.
[18]	CHHETRI S R , RASHID N , FAEZI S ,et al. Security trends and advances in manufacturing systems in the era of industry 4.0[C]// Proceedings of 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). Piscataway:IEEE Press, 2017: 1039-1046.
[19]	LIANG L L , LIU Y Z , YAO Y G ,et al. Security challenges and risk evaluation framework for industrial wireless sensor networks[C]// Proceedings of 2017 4th International Conference on Control,Decision and Information Technologies (CoDIT). Piscataway:IEEE Press, 2017: 904-907.
[20]	PAN F , PANG Z B , LUVISOTTO M ,et al. Physical-layer security for industrial wireless control systems:basics and future directions[J]. IEEE Industrial Electronics Magazine, 2018,12(4): 18-27.
[21]	MARTI S , GIULI T J , LAI K ,et al. Mitigating routing misbehavior in mobile ad hoc networks[C]// Proceedings of the 6th Annual International Conference on Mobile Computing and Networking. New York:ACM Press, 2000: 255-265.
[22]	尹香兰, 齐望东 . LiteST:一种无线传感器网络轻量级安全时间同步协议[J]. 通信学报, 2009,30(4): 74-85.
	YIN X L , QI W D . LiteST:a lightweight secure time synchronization protocol for wireless sensor networks[J]. Journal on Communications, 2009,30(4): 74-85.
[23]	KIM K T . SAEP:secure,accurate and energy-efficient time synchronization protocol in WSNs[J]. IEICE Transactions on Communications, 2011,E94-B(6): 1587-1597.
[24]	秦绍华, 陈冬岩 . 具有容错性的无线传感器网络时间同步协议[J]. 软件学报, 2012,23(1): 126-133.
	QIN S H , CHEN D Y . Fault-tolerant time synchronization protocol for wireless sensor networks[J]. Journal of Software, 2012,23(1): 126-133.
[25]	赵庭达, 武晓春 . 基于TCPN的铁路时间同步网延迟攻击应对策略研究[J]. 铁道标准设计, 2022,66(8): 168-174.
	ZHAO T D , WU X C . Research on countermeasures against delay attack of railway time synchronization network based on TCPN[J]. Railway Standard Design, 2022,66(8): 168-174.
[26]	MOUSSA B , KASSOUF M , HADJIDJ R ,et al. An extension to the precision time protocol (PTP) to enable the detection of cyber attacks[J]. IEEE Transactions on Industrial Informatics, 2020,16(1): 18-27.
[27]	MOHSEN M , AMIR H J . A new delay attack detection algorithm for PTP network in power substation[J]. International Journal of Electrical Power ＆ Energy Systems, 2021,133:107226.
[28]	KIM E J , JEONGSIK I N , YOUM S ,et al. Delay attack-resilient clock synchronization for wireless sensor networks[J]. IEICE Transactions on Information and Systems, 2012,,E95-D(1): 188-191.
[29]	孙子文, 吴梦芸, 白勇 . 抗延迟攻击的 WSN 时间同步方法[J]. 传感技术学报, 2014,27(7): 982-987.
	SUN Z W , WU M Y , BAI Y . Delay attack- resistant time synchronization for WSN[J]. Chinese Journal of Sensors and Actuators, 2014,27(7): 982-987.
[30]	张颖, 沈曦, 黎其浩 ,等. 基于马尔可夫逻辑树和系统脆性分析的智慧变电站协议延迟攻击检测与恢复模型[J]. 电力系统保护与控制, 2020,48(3): 113-121.
	ZHANG Y , SHEN X , LI Q H ,et al. Research on protocol delay attack detection and mitigation model of smart substation based on Markov logic tree and system brittleness analysis[J]. Power System Protection and Control, 2020,48(3): 113-121.

配置参数	参数值
通信协议	WIA-FA
通信频率/GHz	2.4
信道带宽/MHz	20
通信功率/dBm	14～15
超帧长度/（个时隙）	256
时隙大小/ms	10
时间同步周期/（个超帧）	2
高斯白噪声/dBm	0

攻击名称	流程	训练集	测试集
单向全生命周期延迟攻击	进行2 000次时间同步，时延为2 ms	200次有攻击，800次无攻击	200次有攻击，800次无攻击
双向全生命周期延迟攻击	进行2 000次时间同步，时延为2 ms	200次有攻击，800次无攻击	200次有攻击，800次无攻击
单向非全生命周期延迟攻击	进行2 000次时间同步，累计时延为2 ms	200次有攻击，800次无攻击	200次有攻击，800次无攻击

检测算法	单向全生命周期延迟攻击	双向全生命周期延迟攻击	单向非全生命周期延迟攻击
文献[28]算法	检测失败	检测失败	检测成功
文献[29]算法	检测失败	检测失败	检测成功
文献[30]算法	检测失败	检测失败	检测成功
所提算法	检测成功	检测成功	检测成功

检测性能	检测模型	单向全生命周期延迟攻击	双向全生命周期延迟攻击	单向非全生命周期延迟攻击
准确率	未引入噪声协方差的检测模型	94.5%	95.3%	96.2%
	引入噪声协方差的检测模型	96.7%	97.8%	98.6%
精确率	未引入噪声协方差的检测模型	83.7%	85.9%	88.6%
	引入噪声协方差的检测模型	89.6%	92.4%	95.1%
召回率	未引入噪声协方差的检测模型	90.0%	91.5%	93.0%
	引入噪声协方差的检测模型	94.5%	97.0%	98.0%

面向工业无线网络的时间同步攻击检测

Time synchronization attack detection for industrial wireless network

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 30

相关文章 15

Metrics

推荐阅读 0

[1]	耿光磊, 高博, 熊轲, 樊平毅, 陆杨, 王煜炜. 联邦学习赋能6G网络综述[J]. 物联网学报, 2023, 7(2): 50-66.
[2]	李庆洋, 李雪婷, 朱晓荣. 6G多回程链路选择与功率分配联合优化方法[J]. 物联网学报, 2023, 7(2): 67-75.
[3]	申滨, 李银波, 梁枭伟. 基于增强加权质心定位的认知物联网用户频谱接入控制[J]. 物联网学报, 2023, 7(1): 93-108.
[4]	马柱华, 罗丽平. 非理想顺序干扰消除和信道状态信息下SWIPT-NOMA-CR网络中断性能[J]. 物联网学报, 2023, 7(1): 129-139.
[5]	王一竹, 张周, 马丕明, 任保全. 基于可靠多播通信的分布式无线信道最优接入方法研究[J]. 物联网学报, 2022, 6(4): 14-26.
[6]	童飞, 隋儒聪, 陈煜, 苏恒, 刘恒睿, 苏上峰, 晏宇珂. 一种能量高效的线性传感器网络多信道MAC协议[J]. 物联网学报, 2022, 6(4): 27-40.
[7]	李贤, 毕宿志, 曾泓儒, 林彬, 林晓辉. 基于智能化用户协作的边缘计算任务卸载与资源分配优化[J]. 物联网学报, 2022, 6(4): 41-52.
[8]	肖芳, 杨淑艳, 文博, 朱晓荣. 面向配电网的场域网弹性表征和评估模型[J]. 物联网学报, 2022, 6(3): 71-81.
[9]	何彬, 李国兵, 陈源, 张国梅. 基于图信号处理的OFDM系统导频设计和信道估计方法[J]. 物联网学报, 2022, 6(3): 91-102.
[10]	张在琛, 尤肖虎, 党建, 吴亮, 朱秉诚, 陈绩, 汪磊. 无线光通信与物联网[J]. 物联网学报, 2022, 6(3): 1-13.
[11]	黄诺, 刘伟杰, 龚晨. 面向工业物联网的拍赫兹通信[J]. 物联网学报, 2022, 6(3): 37-46.
[12]	孙君, 赵尚维康. 工业物联网中基于Sarsa算法的节能计算卸载方案[J]. 物联网学报, 2022, 6(3): 82-90.
[13]	梁静远, 李梦茹, 王佳帆, 柯熙政. 无线光通信系统纠错编码研究进展[J]. 物联网学报, 2022, 6(3): 23-36.
[14]	徐增熠, 牛文清, 陈慧, 贺志学, 迟楠. 非线性编码叠加调制的两发一收可见光通信系统研究[J]. 物联网学报, 2022, 6(3): 14-22.
[15]	陈九九, 郭彩丽, 冯春燕, 刘传宏. 智能网联环境下面向语义通信的资源分配[J]. 物联网学报, 2022, 6(3): 47-57.