Preview

Труды Института системного программирования РАН

Расширенный поиск

Агрегация и нормализация гетерогенных данных в системах мониторинга информационной безопасности и обнаружения вторжений крупномасштабных промышленных КФС

https://doi.org/10.15514/ISPRAS-2020-32(5)-10

Аннотация

Мониторинг информационной безопасности промышленных киберфизических систем (КФС) является постоянным процессом, необходимым для обеспечения их безопасности. Эффективность мониторинга зависит от качества и скорости сбора, обработки и анализа гетерогенных данных КФС. Сегодня существует много методов анализа для решения задач безопасности распределенных промышленных киберфизических систем. У этих методов разные требования к характеристикам входных данных, но есть общие особенности, обусловленные предметной областью. Работа посвящена предварительной обработке данных при мониторинге безопасности промышленных КФС в современных условиях. Задача рассматривается от требований к системе предварительной обработки данных и особенностей предметной области, до специфических методов агрегации, основанных на PCr – связях между структурами данных. Разработана архитектура обработки данных сочетающая методы агрегации и нормализации информации в системе мониторинга.


Об авторе

Мария Анатольевна ПОЛТАВЦЕВА
Санкт-Петербургский политехнический университет Петра Великого
Россия
Кандидат технических наук, доцент, доцент Института кибербезопасности и защиты информации


Список литературы

1. ISA/IEC 62443 Security for Industrial Automation and Control Systems. IEC technical committee 65: Industrial-process measurement, control and automation.

2. APT attacks on industrial companies in Russia: a review of tactics and techniques. URL: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/apt-attacks-industry-2019-rus.pdf, accessed 10.10.2020.

3. Kalinin M.O. Permanent Protection of Information Systems with Method of Automated Security and Integrity Control. In Proc. of the 3rd International Conference on Security of Information and Networks, 2010. pp. 118-123.

4. Knapp E.D., Langill J.T. Security Monitoring of Industrial Control Systems. Lecture Notes in Computer Science, vol. 9588, 2015, pp. 351-386.

5. Lavrova D.S., Zaitseva E.A., Zegzhda D.P. Approach to Presenting Network Infrastructure of Cyberphysical Systems to Minimize the Cyberattack Neutralization Time. Automatic Control and Computer Sciences, vol. 53, no. 5, 2019, pp. 387–392.

6. Dymora P., Mazurek M. An Innovative Approach to Anomaly Detection in Communication Networks Using Multifractal Analysis. Applied Sciences, vol. 10, 2020, article no. 3277.

7. De La Torre Parra G., Rad P., Choo K.-K. R. Implementation of deep packet inspection in smart grids and industrial Internet of Things: Challenges and opportunities. Journal of Network and Computer Applications, vol. 135. 2019, pp. 32-46.

8. Kalinin M.O., Lavrova D.S., Yarmak A.V. Detection of Threats in Cyberphysical Systems Based on Deep Learning Methods Using Multidimensional Time Series. Automatic Control and Computer Sciences, vol. 52, no. 8, 2018, pp. 912–917.

9. Coletta A., Armando A. Security Monitoring for Industrial Control Systems. Security of Industrial Control Systems and Cyber Physical Systems. Lecture Notes in Computer Science, vol. 9588, 2015, pp. 48–62.

10. Zegzhda D., Lavrova D., Khushkeev A. Detection of information security breaches in distributed control systems based on values prediction of multidimensional time series. In Proc. of the International Conference on Industrial Cyber Physical Systems (ICPS), 2019, pp. 780-784.

11. Burska K. Oslejsek R. Visual Analytics for Network Security and Critical Infrastructures. Lecture Notes in Computer Science, vol 10356, 2017. pp. 149-152.

12. Kalinin M.O., Minin A.A. Security Evaluation of a Wireless Ad-Hoc Network with Dynamic Topology. Automatic Control and Computer Sciences, vol. 51, no. 8, 2017, pp. 899-901.

13. Lavrova D.S., Alekseev I.V., Shtyrkina A.A. Security Analysis Based on Controlling Dependences of Network Traffic Parameters by Wavelet Transformation. Automatic Control and Computer Sciences, vol. 52, no. 8, 2018, pp. 931–935.

14. Cejka T., Zadnik M. Preserving Relations in Parallel Flow Data Processing. Security of Networks and Services in an All-Connected World. Lecture Notes in Computer Science, vol. 10356, 2017. pp. 153-156.

15. Bar A., Finamore A., Casas P., Golab L., Mellia M. Large-scale network traffic monitoring with DBStream, a system for rolling big data analysis. In Proc. of the International Conference on Big Data, 2014, pp. 165-170.

16. Mohapatra S.K., Sahoo P.K., Wu S.-L. Big data analytic architecture for intruder detection in heterogeneous wireless sensor networks. Journal of Network and Computer Applications, vol. 66, 2016, pp. 236-249.

17. Joshi M., Hassn Hadi T.A Review of Network Traffic Analysis and Prediction Techniques. arXiv preprint 1507.05722, 2015.

18. Fahad A., Tari Z., Khalil I., Habibb I., Alnuweiric H. Toward an efficient and scalable feature selection approach for internet traffic classification. Computer Networks, vol. 57, no. 9, 2013, pp. 2040-2057.

19. Trihinas D., Pallis G., Dikaiakos M. Low-Cost Adaptive Monitoring Techniques for the Internet of Things. IEEE Transactions on Services Computing, 2018, 14 p. DOI: 10.1109/TSC.2018.2808956.

20. Lv F., Wen Ch., Liu M. Representation learning based adaptive multimode process monitoring. Chemometrics and Intelligent Laboratory Systems, vol. 181, 2018, pp. 95-104.

21. Lavrova D.S., Popova, E.A., Shtyrkina, A.A. Prevention of DoS Attacks by Predicting the Values of Correlation Network Traffic Parameters. Automatic Control and Computer Sciences, vol. 53, no. 8, 2019, pp. 1065–1071.

22. Shang C., Yang F., Huang B., Huang D. Recursive Slow Feature Analysis for Adaptive Monitoring of Industrial Processes. IEEE Transactions on Industrial Electronics, vol. 65, no. 11, 2018, pp. 8895-8905.

23. Jiang Y., Yin S., Kaynak O. Data-Driven Monitoring and Safety Control of Industrial Cyber-Physical Systems: Basics and Beyond. IEEE Access, vol. 6, 2018, pp. 47374–47384.

24. Karthick N.G., Kalrani A.X. A Survey on Data Aggregation in Big Data and Cloud Computing. International Journal of Computer Trends and Technology (IJCTT), vol. 17, no 1, 2014, pp 28-32.

25. Pearson K. On lines and planes of closest fit to systems of points in space. Philosophical Magazine, vol. 2, 1901, pp. 559-572

26. Golub G.H., Van Loan C.F. Matrix Computations. Johns Hopkins University Press, 1996, 728 p.

27. Leonard M. J., Crowe K.E., Christian S.M., Jennifer Leigh Sloan Beeman, David Bruce Elsheimer, Edward Tilden. Computer-implemented systems and methods for efficient structuring of time series data. United States Patent US009244887B2, 2016.

28. David Anthony Hudhes, Pawan Kumar Singh. Hierarchical aggregation of select network traffic statistics. United States Patent US20200021506A1, 2020.

29. Poltavtseva M.A., Lavrova D.S., Pechenkin, A.I. Planning of aggregation and normalization of data from the Internet of Things for processing on a multiprocessor cluster. Automatic Control and Computer Sciences, vol. 50, no. 8, 2016, 703–711.

30. Poltavtseva M.A., Zegzhda P.D., Pankov I.D. The Hierarchial Data Aggregation Method in Backbone Traffic Streaming Analyzing to Ensure Digital Systems Information Security. In Proc. of the 2018 Eleventh International Conference on Management of Large-Scale System Sevelopment, 2018, pp. 1-5.

31. Sheluhin O., Atayero A., Garmashev A. Detection of Teletraffic Anomalies Using Multifractal Analysis. International Journal of Advancements in Computing Technology, vol. 3, no. 4, 2011, pp. 174-182.

32. Kleppmann M. Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems. O'Reilly Media, 2017, 640 p.


Рецензия

Для цитирования:


ПОЛТАВЦЕВА М.А. Агрегация и нормализация гетерогенных данных в системах мониторинга информационной безопасности и обнаружения вторжений крупномасштабных промышленных КФС. Труды Института системного программирования РАН. 2020;32(5):131-142. https://doi.org/10.15514/ISPRAS-2020-32(5)-10

For citation:


POLTAVTSEVA M.A. Heterogeneous Data Aggregation and Normalization in Information Security Monitoring and Intrusion Detection Systems of Large-scale Industrial CPS. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2020;32(5):131-142. https://doi.org/10.15514/ISPRAS-2020-32(5)-10



Creative Commons License
Контент доступен под лицензией Creative Commons Attribution 4.0 License.


ISSN 2079-8156 (Print)
ISSN 2220-6426 (Online)