Discussion about the Industrial Control Network Intrusion Prevention Technology based on On-line Ensemble Learning

doi:10.3969/j.issn.1671-1122.2014.09.019

Abstract

Abstract: Industrial control network systems are popularly used in national infrastructure, such as metallurgy, coal, electric power, petrochemical, nuclear energy, aviation, railway, water treatment, Metro et.al. There are many characteristics in these networks, such as multi-network layers (device net, control net and manager net), multi-type network links (online/wireless link, local/remote link, long time/temporary link), multi-type link devices (intelligent instrument, computers of process control system, computers of management execution system) and multi-level users (operational workers in practice, hard-device engineer, soft ware engineer, official manager staff). How to effective protect such network system has been a focus in information security domain. In this paper, we analyze the technologies of information security and intrusion prevention for industrial control network system. How to develop artificial intelligence based on-line adaptive intrusion prevention model is the further research direction. Then, the on-line ensemble modeling technology is reviewed. Finally, the research problem about how to integrate on-line ensemble leaning with industry control network intrusion prevention system is presented.

Key words: industrial control network system, information security, intrusion prevention, ensemble learning, on-line updating

TANG Jian, SUN Chun-lai, LI Dong. Discussion about the Industrial Control Network Intrusion Prevention Technology based on On-line Ensemble Learning[J]. 信息网络安全, 2014, 14(9): 86-91.

References

[1] 石勇, 刘巍伟, 刘博. 工业控制系统(ICS)的安全研究[J]. 网络安全技术与应用, 2008, (4): 40-41.
[2] 彭勇,江常青,谢丰,等. 工业控制系统信息安全研究进展[J]. 清华大学学报(自然科学版), 2012, 52(10): 1396-1408.
[3] 张延. 工业控制系统信息安全动向及发展对策研究[J]. 电子产品可靠性与环境试验, 2012, 30(6): 48-53.
[4] 程鹏, 工业控制系统信息安全[J]. 信息安全与通信保密, 2014, (1): 31-32.
[5] Dietterieg, T．Machine-learning research：Four current directions [J].The AI Magazine, 1998, (18): 97-136.
[6] 朱世顺,黄益彬,朱应飞,等. 工业控制系统信息安全防护关键技术研究[J]. ELECTRIC POWER ICT, 2013, 11(11): 106-109.
[7] 于立业,薛向荣,张云贵,等. 工业控制系统信息安全解决方案[J]. 冶金自动化, 2013, 37(1): 5-11.
[8] Jay B, James C F, JeIIrey P, et al. Snort 2.0 Intrusion Detection Syngress, Feb 2003 [EB/OL]. http:// security, frost, org/ebooks/,2012-06-18.
[9] Peterson D. Quickdraw: Generating security log events for legacy SCADA and control system devices[C]. In: Conlerence for Homeland Security on Cybersecurity Applications & Technology, 2009,CATCH&apos;09. Washington DC, USA: IEEE Press, 2009, pp. 227-229.
[10] Morris T, Vaughn R, Dandass Y. A retrofit network intrusion detection system for MODBUS RTU and ASCII industrial control systems[C]. In: HICSS 2012. Kauai, USA Institute oI Electrical and Electronics Engineers Computer Society, 2012, pp. 2338-234.
[11] Roosta T, Nilsson D, Lindqvist U, et al. An intrusion detection system for wireless process control systems[C]. In: The 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems. Atlanta, USA: IEEE Press, 2008, pp. 866-872.
[12] Cheung S,Valdes A. Communication pattern ano-maly detection in process control systems[C]. In: IEEE International Conference on Technologies for Homeland Security.Waltham, USA: IEEE Press, 2009:1-8.
[13] Valdes A, Cheung S. Intrusion monitoring in process control systems[C]. In: Proceedings of the 42nd Hawaii International Conference on System Sciences. Big Island, USA; IEEE Computer Society Press, 2009, pp. 21-28.
[14] Rrushi J,Kang K. Detecting anomalies in process control networks[C]. In: Critical Infrastructure Protection III. IFIP Advances in Information and Communication Technology. Heisenberg, Uermany; Springer, 2009, pp. 151-165.
[15] Gao W, Morris T, Reaves B, et al. On SCADA control system command and response injection and intrusion detection [C]. In: Proceedings of 2010 IEEE eCrime Researchers Summit. Dallas, USA: IEEE Press, 2010, pp. 1-8.
[16] Zhu B, Joseph A, Sastry S. A taxonomy of cyber attacks on SCADA systems[C]. In: Proceedings of the 2011 International Conference on Internet of Things and the 4th International Conference on C&apos;yber, Physical and Social Computing (ITHINUSC&apos;PSC&apos;OM&apos;11). Washington DC, USA: IEEE Computer Society, 2011, pp. 380-388.
[17] M. P. Perrone, L. N. Cooper, When networks disagree: ensemble methods for hybrid neural networks[R], Tech. Rep. A121062, Brown University, Institute for Brain and Neural Systems (Jan. 1993).
[18] Granitto, P. M., Verdes, P. F., Ceccatto, H. A. Neural networks ensembles: evaluation of aggregation algorithms [J]. Artificial Intelligence, 2005, 163(2): 139-162.
[19] Z.H. Zhou, J. Wu, W. Tang. Ensembling neural networks: many could be better than all[J], Artificial Intelligence, 2002, 137(1-2): 239-263.
[20] Chandra, A., Chen, H. H., Yao, X. Trade-off between diversity and accuracy in ensemble generation[J]. Studies in Computational Intelligence, 2006, (16): 429-464.
[21] G. Brown, J.L. Wyatt, P. Tino. Managing diversity in regression ensembles, Journal of Machine Learning Research, 2005, (6): 1621-1650.
[22] Ioannis Partalas, Grigorios Tsoumakas, Evaggelos V,et al. Greedy regression ensemble selection: Theory and an application to water quality prediction [J], Information Sciences, 2008, (178): 3867-3879.
[23] Shasha Mao, L.C. Jiao, LinXiong, et al. Greedy optimization classifiers ensemble based on diversity [J]. Pattern Recognition, 2011,(44): 1245-1261.
[24] Wang., D. H., Alhamdoosh, M. Evolutionary Extreme Learning Machine Ensembles with Size Control[J], Neurocomputing, 2013,(102): 98-110.
[25] Canuto, A. M., Abreu, M. C. C., Oliveira, L. M. J., et al. Investigating the influence of the choice of the ensemble members in accuracy and diversity of selection-based and fusion-based methods for ensembles [J]. Pattern Recognition Letters, 2007, 28(4): 472-486.
[26] Tang, J., Chai, T. Y., Yu, W., et al. Modeling Load Parameters of Ball Mill in Grinding Process Based on Selective Ensemble Multisensor Information [J]. IEEE Transactions on Automation Science and Engineering, 10.1109/TASE.2012.2225142.
[27] Symone Soares, CarlosHenggelerAntunes, RuiAraújo. Comparison of a genetic algorithm and simulated annealing for automatic neural network ensemble development [J]. Neurocomputing (2013), http://dx.doi.org/10.1016/j.neucom.2013,(05):024.
[28] Cauwenberghs, G., Poggio, T. Incremental and decremental support vector machine learning [C]. in Advances in Neural Information Processing Systems (NIPS 2000), 2001, pp. 409-415.
[29] Laskov, P., Gehl, C., Kruger, S., et al. Incremental support vector learning: Analysis, implementation and applications [J]. J. Mach.Learning Res., 2006, (7): 1909-1936.
[30] Karasuyama, M., Takeuchi, I. Multiple incremental decremental learning of support vector machines[J]. IEEE Transations on Neural Networks, 2010, 21(7): 1048-1059.
[31] Yu, W. Nonlinear system identification using discrete-time recurrent neural networks with stable learning algorithms[J]. Information Sciences, 2004, 158(1): 131-147.
[32] Engel, Y., Mannor, S., Meir, R. The kernel recursive least-squares algorithm[J]. IEEE Transactions on Signal Processing, 2004, 52(8): 2275-2285.
[33] Yu, W. Fuzzy modelling via on-line support vector machines[J].International Journal of Systems Science, 2010, 41(11):1325-1335.
[34] Francesco, O., Claudio, C., Barbara, C., et al. On-line independent support vector machines [J]. Pattern Recognition, 2010, 43(4): 1402-1412.
[35] Li, L. J., Su, H. Y., Chu, J. Modeling of isomerization of C8 aromatics by online least squares support vector machine [J]. Chinese Journal of Chemical Engineering, 2009, 17(3): 437-444.
[36] Tang, J., Yu, W., Zhao, L. J., et al. Modeling of operating parameters for wet ball mill by modified GA-KPLS [C]. The Third International Workshop on Advanced Computational Intelligence, 2010, pp. 107-111.
[37] Qin, Z. M., Liu, J. Z., Zhang, L. Y., et al. Online learning algorithm for sparse kernel partial least squares [C]. The 5th IEEE Conference on Industrial Electronics and Applications (ICIEA), 2010, pp. 1790-1794.
[38] Tang J, Yu W, Chai T Y, et al. On-line principal component analysis with application to process modeling[J]. Neurocomputing, 2012, 82(1): 167-178.
[39] Tang J, Zhao L J, Yu W, et al. Modied recursive partial least squares algorithm with application to modeling parameters of ball mill load[C]. In: Proceedings of the 30th Chinese Control Conference. Yantai, China: IEEE, 2011:5277-5282.
[40] 汤健,柴天佑,余文,等. 在线KPLS建模方法及在磨机负荷参数集成建模中的应用 [J]. 自动化学报,2013,6（7）： 111-122.
[41] Kadlec, P., Grbic, R., Gabrys, B. Review of adaptation mechanisms for data-driven soft sensors [J]. Computers & Chemical Engineering, 2011, 35(1): 1-24.
[42] KeTang, MinlongLin, FernandaL.Minku, et al. Selective negative correlation learning approach to incremental learning[J], Neurocomputing, 2009,(72): 2796-2805.
[43] M. Heeswijk, Y. Miche, T. Lindh-Knuutila, et al. Adaptive ensemble models of extreme learning machines for time series prediction[C]. in: Proceedings of the 19th International Conference on Artificial Neural Networks, Springer-Verlag, 2009, pp. 305-314.
[44] H.-X. Tian, Z.-Z. Mao, An ensemble ELM based on modified Adaboost. RT algorithm for predicting the temperature of molten steel in ladle furnace[J]. IEEE Trans. Autom. Sci. Eng. , 2010, 7 (1): 73-80.
[45] 郝红卫,王志彬,殷绪成,等. 分类器的动态选择与循环集成方法[J]. 自动化学报,2011,37（11）： 1290-1295.
[46] Qun Dai. A competitive ensemble pruning approach based on cross-validation technique [J]. Knowledge-Based Systems, 2013, （37）: 394-414.