Anomaly Detection for Industrial Internet of Things Cyberattacks

The evolution of the Internet of Things (IoT) has empowered modern industries with the capability to implement large-scale IoT ecosystems, such as the Industrial Internet of Things (IIoT). The IIoT is vulnerable to a diverse range of cyberattacks that can be exploited by intruders and cause substantial reputational and financial harm to organizations. To preserve the confidentiality, integrity, and availability of IIoT networks, an anomaly-based intrusion detection system (IDS) can be used to provide secure, reliable, and efficient IIoT ecosystems. In this paper, we propose an anomaly-based IDS for IIoT networks as an effective security solution to efficiently and effectively overcome several IIoT cyberattacks. The proposed anomaly-based IDS is divided into three phases: pre-processing, feature selection, and classification. In the pre-processing phase, data cleaning and normalization are performed. In the feature selection phase, the candidates’ feature vectors are computed using two feature reduction techniques, minimum redundancy maximum relevance and neighborhood components analysis. For the final step, the modeling phase, the following classifiers are used to perform the classification: support vector machine, decision tree, k-nearest neighbors, and linear discriminant analysis. The proposed work uses a new data-driven IIoT data set called X-IIoTID. The experimental evaluation demonstrates our proposed model achieved a high accuracy rate of 99.58%, a sensitivity rate of 99.59%, a specificity rate of 99.58%, and a low false positive rate of 0.4%.     

Intelligent Intrusion Detection for Industrial Internet of Things Using Clustering Techniques

The rapid growth of the Internet of Things (IoT) in the industrial sector has given rise to a new term: the Industrial Internet of Things (IIoT). The IIoT is a collection of devices, apps, and services that connect physical and virtual worlds to create smart, cost-effective, and scalable systems. Although the IIoT has been implemented and incorporated into a wide range of industrial control systems, maintaining its security and privacy remains a significant concern. In the IIoT contexts, an intrusion detection system (IDS) can be an effective security solution for ensuring data confidentiality, integrity, and availability. In this paper, we propose an intelligent intrusion detection technique that uses principal components analysis (PCA) as a feature engineering method to choose the most significant features, minimize data dimensionality, and enhance detection performance. In the classification phase, we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification. To validate the effectiveness and robustness of our proposed model, we validate the detection method on a new driven IIoT dataset called X-IIoTID. The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79% and reduced error rate of 0.21% when compared to existing techniques.     

基于互联网基础的物联网安全问题

对物联网所面临的安全问题进行了分析和总结。针对物联网中存在的各种问题进行了深入研究,希望在发展物联网的同时,首先要重视其安全问题。     

物联网隐私保护研究进展

物联网被越来越广泛地应用于各种不同的新型网络环境中.在物联网密文数据访问控制方面,要求对授权方实现细粒度的密文访问控制策略.然而,传统的信道安全无法满足“一对多”、“多对多”环境下抵抗密钥共享攻击等基于应用的安全与隐私保护需求.物联网隐私保护外包计算可在加密域上,保护单个数据隐私及外包计算结果隐私的前提下实现对数据的聚合和信号处理等运算,并验证其正确性.但现有工作多基于(全)同态加密技术来实现,效率低下,且不符合混合加密的基本原则.针对上述2方面问题,介绍了国际上近年来利用密码学技术的具体的解决方案,特别是阐述了该团队提出的同时满足可追踪与可撤销性的多机构属性基加密方法和在不得不使用公钥加密进行数据隐私保护的前提下,仅使用一次公钥加密来高效实现对n个数据轻量级隐私保护外包聚合的新方法.同时,对当前热门的智能电网、无线体域网和无线车载网等中的隐私保护研究进展进行了综述,给出了国内外在该领域的最新研究进展和对该领域具有挑战性的公开问题的研究情况.     

Implementation path and reference framework for Industrial Internet Platform (IIP) in product service system using industrial practice investigation method

With the development of intelligent sensing, edge computing, fog computing, cloud computing, parallel computing, smart grid, big data, block chain, 5G, cyber-physical systems, digital twins, machine learning and other technologies, the industrial internet has undergone control network stage, sensor network stage, internet stage, Internet of Things (IoT) stage, Industrial Internet of Things (IIoT) stage, and Industrial Internet (II) stage, etc. In the existing research, scholars focus on a local dot, such as: technology, function, elements and application based on industrial internet. However, there is a lack of an overall framework to study the top-level planning of Industrial Internet Platform (IIP) from a systematic perspective. On the other hand, there are few studies on the detailed path and steps for implementing IIP in a specific enterprise in a specific industry. The objective of this paper is to study a reference framework and industrial implementation path for IIP in product service system using industrial practice investigation method, which meets the needs of industry on the basis of existing theory and industrial practice, and to provide reference for government and industry planning, design, implementation and promotion of IIP. In addition, the proposed reference framework and industrial implementation for IIP in product service system can enhance the core value of the enterprise and increase benefits.     

Intelligent Intrusion Detection System for Industrial Internet of Things Environment

Rapid increase in the large quantity of industrial data, Industry 4.0/5.0 poses several challenging issues such as heterogeneous data generation, data sensing and collection, real-time data processing, and high request arrival rates. The classical intrusion detection system (IDS) is not a practical solution to the Industry 4.0 environment owing to the resource limitations and complexity. To resolve these issues, this paper designs a new Chaotic Cuckoo Search Optimization Algorithm (CCSOA) with optimal wavelet kernel extreme learning machine (OWKELM) named CCSOA-OWKELM technique for IDS on the Industry 4.0 platform. The CCSOA-OWKELM technique focuses on the design of feature selection with classification approach to achieve minimum computation complexity and maximum detection accuracy. The CCSOA-OWKELM technique involves the design of CCSOA based feature selection technique, which incorporates the concepts of chaotic maps with CSOA. Besides, the OWKELM technique is applied for the intrusion detection and classification process. In addition, the OWKELM technique is derived by the hyperparameter tuning of the WKELM technique by the use of sunflower optimization (SFO) algorithm. The utilization of CCSOA for feature subset selection and SFO algorithm based hyperparameter tuning leads to better performance. In order to guarantee the supreme performance of the CCSOA-OWKELM technique, a wide range of experiments take place on two benchmark datasets and the experimental outcomes demonstrate the promising performance of the CCSOA-OWKELM technique over the recent state of art techniques.     

物联网访问控制安全性综述

近年来物联网安全事件频发,物联网访问控制作为重要的安全机制发挥着举足轻重的作用.但物联网与互联网存在诸多差异,无法直接应用互联网访问控制.现有的物联网访问控制方案并未重视其中的安全性问题,物联网访问控制一旦被打破,将造成隐私数据泄露、权限滥用等严重后果,亟需对物联网访问控制的安全性问题与解决方案进行综合研究.根据物联网架构复杂、设备多样且存储与计算性能较低的特性,梳理了物联网访问控制中的保护面和信任关系,形成信任链,并论述了信任链中的风险传递规律.围绕保护面和信任链,从感知层、网络层、应用层分别综述了现有的访问控制攻击面,分析了存在的安全风险.针对安全风险提出了应有的访问控制安全性要求,包括机制完善、应对攻击面、多级认证与授权、结合具体场景,基于这4个要求总结了现有的安全性解决方案和针对性的访问控制框架.最后讨论了物联网访问控制设计中所面临的挑战,指出了深入研究物联网云平台访问控制、物联网云对接标准化、引入零信任理念3个未来的研究方向.     

物联网安全分析研究

物联网的安全问题和隐私问题是制约物联网建设与发展的一个重要因素,研究了物联网目前存在的安全威胁及应对措施,通过分析物联网的三层安全体系结构,得出物联网各层安全问题所在,并针对各层存在的安全问题给出相应的安全对策,为物联网安全与隐私保护提供理论参考。     

面向物联网数据安全共享的属性基加密方案

物联网的发展一直面临着严峻的安全威胁和挑战,而物联网数据的安全共享及细粒度访问控制是其急需应对的安全问题之一.针对该问题,提出一种面向物联网数据安全共享的访问结构隐藏的属性基加密方案.该方案在保证数据隐私的情况下,能够实现密文数据的细粒度访问控制.首先提出一种将身份加密方案(identity-based encryption, IBE)转换为支持多值属性与门的密文策略属性基加密方案(ciphertext-policy attribute-based encryption, CP-ABE)的通用转换方法,并且转换后的CP-ABE能够继承IBE的特征.然后基于该转换方法将Wee提出的接收者匿名IBE方案转换为访问结构隐藏的CP-ABE方案,实现了密文、用户私钥、公钥和主私钥长度恒定,且解密只需一个双线对运算.而后将该CP-ABE方案应用于物联网中的智慧医疗应用场景,并给出应用的系统模型及步骤.最后,理论分析与实验结果表明所提方案在实现访问结构隐藏时,在计算效率、存储负担及安全性方面具有优势,在实际应用于物联网环境时更加高效和安全.     

Security and Privacy in Solar Insecticidal Lamps Internet of Things: Requirements and Challenges

Solar insecticidal lamps (SIL) can effectively control pests and reduce the use of pesticides. Combining SIL and Internet of Things (IoT) has formed a new type of agricultural IoT, known as SIL-IoT, which can improve the effectiveness of migratory phototropic pest control. However, since the SIL is connected to the Internet, it is vulnerable to various security issues. These issues can lead to serious consequences, such as tampering with the parameters of SIL, illegally starting and stopping SIL, etc. In this paper, we describe the overall security requirements of SIL-IoT and present an extensive survey of security and privacy solutions for SIL-IoT. We investigate the background and logical architecture of SIL-IoT, discuss SIL-IoT security scenarios, and analyze potential attacks. Starting from the security requirements of SIL-IoT we divide them into six categories, namely privacy, authentication, confidentiality, access control, availability, and integrity. Next, we describe the SIL-IoT privacy and security solutions, as well as the blockchain-based solutions. Based on the current survey, we finally discuss the challenges and future research directions of SIL-IoT.     

物联网安全综述

随着智能家居、数字医疗、车联网等技术的发展,物联网应用越发普及,其安全问题也受到越来越多研究者的关注.目前,物联网安全的相关研究尚在起步阶段,大部分研究成果还不能完善地解决物联网发展中的安全问题.首先对物联网3层逻辑架构进行了介绍,阐述了每个层次的安全问题与研究现状重点;然后分析并讨论了物联网的主要应用场景(智能家居、智能医疗、车联网、智能电网、工业与公共基础设施)中需要特别关注的隐私保护、入侵检测等安全问题;再次,归纳分析了现有研究工作中的不足与安全问题产生的主要原因,指出物联网安全存在的五大技术挑战：数据共享的隐私保护方法、有限资源的设备安全保护方法、更加有效的入侵检测防御系统与设备测试方法、针对自动化操作的访问控制策略、移动设备的跨域认证方法;最后,通过详尽分析这五大技术挑战,指出了物联网安全未来的研究方向.     

物联网安全问题的分析

近几年,随着物联网技术的不断研究与发展,其逐步走向了实用阶段。物联网技术在智能交通,智能家居,智慧物流等方面得到了广泛的应用。而物联网在各个方面越来越广泛的应用,也对其传输数据、信息的安全性提出了更高的要求。结合物联网特征,就物联网在应用中面临的安全问题展开讨论,就对物联网各逻辑层的安全需求分析,找出物联网环境中最需要关注身份认证的环节,为物联网安全问题的研究与发展起到一定的建言作用。     

工业物联网数据流自适应聚类方法

5G通讯技术的迅猛发展使工业物联网得到了全面提升, 工业物联网数据规模将越来越大、数据维度也越来越高, 如何高效利用流聚类进行工业物联网数据挖掘工作是一个亟需解决的问题. 提出了一种基于工业物联网数据流自适应聚类方法. 该算法利用微簇之间的高密性, 计算各微簇节点的局部密度峰值以自适应产生宏簇数; 采用引力能量函数对微...     

信息安全在物联网时代面临的挑战

物联网安全研究主要集中在物联网安全体系、物联网个体隐私保护模式、物联网安全相关法律的制定等方面。首先举例说明物联网在智能电网等生产生活领域的应用,然后讨论了物联网安全技术架构。最后根据物联网的安全架构分析了物联网安全面临的挑战。由此警示我们应提早应对物联网发展带来的信息安全等挑战。     

物联网安全与隐私保护研究

随着物联网概念的提出,各国政府专家、企业和技术人员都开始着手研究和建设物联网的工作。物联网安全和隐私问题必然会影响其建设与发展。为了解除物联网发展过程中的障碍,同时为物联网的安全与隐私保护提供相关措施,分析了物联网体系架构所面临的安全威胁,并从感知层、传输层和应用层分别对安全威胁进行详细的研究和总结,最后针对物联网面临的各类安全威胁给出了对应的安全措施。     

工业物联网网关的研究与实现

工业物联网是工业领域的物联网技术,是新一代信息技术的重要组成部分。在工业物联网体系架构中,感知层网络和工业互联网之间需要一个网关设备,实现工业互联网与传感层网络的互联互通。工业物联网网关旨在解决当前感知层网络设备的横向不关联,无法联动控制和统一管理的问题。网关以工业互联网为载体进行信息交换,把分散在各种工业现场的感知网络设备信息进行采集、存储、分析、管理。本文研究了一种i工业物联网网关设计及实现方案。该方案设计基于ARM9平台,采用Lnux操作系统,集成多种通用工控通讯协议、物联网通讯协议及互联网通讯协议,实现物联网感知层与工业互联网应用层之间的无缝对接。     

物联网安全问题研究

物联网的安全问题是关系物联网产业能否安全可持续发展的核心技术之一,从信息安全的机密性、完整性和可用性等三个基本属性出发,分析了物联网安全需求和面临的安全问题,研究了物联网的安全模型,并对物联网的安全机制进行了探讨,希望为建立物联网可靠的信息安全体系提供参考依据。     

物联网安全问题及解决方案

本文介绍了物联网的概念,分析了其体系架构并总结了其特点,从物联网的体系架构、信息安全的机密、完整等角度阐述了物联网发展存在的安全问题,并进行了提出了一些相应的安全策略。     

物联网位置隐私保护综述

位置信息是物联网感知信息的基本要素之一,也是物联网提供基于位置服务的前提.位置信息在带来服务便利的同时,其泄露也带来诸多威胁.物联网位置隐私保护已成为当前的研究热点之一.综述了物联网位置隐私保护领域现有的工作,阐述了物联网位置隐私保护的目标与挑战,重点介绍物联网在定位过程、基于位置服务以及边信息中的位置隐私泄露方式及对应的位置隐私保护机制,并探讨了物联网位置隐私保护技术未来的发展方向.     

面向工业物联网环境下后门隐私泄露感知方法

伴随工业物联网相关技术的高速发展,后门隐私信息的泄露正成为一个重大的挑战,严重威胁工业控制系统及物联网环境的安全性及稳定性.本文基于工业物联网环境下后门隐私的数据特征定义若干基本属性,根据静态及动态数据流安全威胁抽取上层语义,并基于多属性决策方法聚合生成静态与动态泄露度,最终结合灰色关联分析计算安全级与安全阈值,以此实现后门隐私信息在静态二进制结构及动态数据流向中的泄露场景感知.实验选择目标环境中27种后门隐私信息进行测试,依次计算并分析基本定义、上层语义及判决语义,通过安全级与安全阈值的比较成功感知多种后门泄露场景.实验还将本文工作与其他相关模型或系统进行对比,验证了所提方法的有效性.