信息安全研究 ›› 2017, Vol. 3 ›› Issue (7): 633-637.

• 赛博物理系统(CPS) 专题 • 上一篇    下一篇

基于贝叶斯假设检验的CPS 控制层攻击检测方法

王卯宁   

  1. 中央财经大学 信息学院
  • 收稿日期:2017-07-19 出版日期:2017-07-15 发布日期:2017-07-18
  • 通讯作者: 王卯宁
  • 作者简介:王卯宁 博士后,主要研究方向为信息安全.

Research on Bayesian Hypothesis Test-Based Detection Method of CPS Control Layer Attacks

  • Received:2017-07-19 Online:2017-07-15 Published:2017-07-18

摘要: 物理系统(cyber-physical systems, CPS)将通信网络的概念和方法引入到传统工业过程中,实现了信息流对物理过程的控制,为国防军事和工业生产中的很多应用问题提供了解决方案.但是,这也使得原本单纯的工业系统环境面临更多的安全风险.考虑CPS控制层的安全性,基于贝叶斯假设检验原理,给出了一种针对控制层测量数据篡改攻击的检测方法.该方法利用参数的先验知识,使得模型在小样本数据量条件下仍具有可用性,同时所做的判断结论能够精确给出攻击行为发生的概率值,从而能够更直观地解释当前状态出现的可能性.较之前传统假设检验方法,该方法符合CPS攻击背景,故具有实际优势.

关键词: 信息物理系统, 信息安全, 攻击检测, 贝叶斯假设检验, 先验概率分布

Abstract: Cyber-physical systems (CPS) are physical processing systems in which the concepts of communication network are introduced. In such systems, physical processes are monitored and controlled by computer-based technology. And these provide solutions for many applications in national defense and industrial production. However, this also makes the original industrial system environment face more security risks. In this paper, we consider the security of CPS control layer. Based on the Bayesian hypothesis test principle, this paper presents a detection method for tamper attacks to measurement data in the control layer. This method makes use of the prior knowledge of parameters so that the model's judgment is still available under small sample size. At the same time, the conclusion computes the probability of attack behaviors exactly, which can explain the possibility of the current state more intuitively. Compared with the traditional hypothesis test method, this method conforms to the background of CPS attacks, so it is practically advantageous.

Key words: cyber-physical systems (CPS), information security, detection method, Bayesian hypothesis test, prior distribution