Professor
Supervisor of Doctorate Candidates
Supervisor of Master's Candidates
E-Mail:
Administrative Position:复杂网络系统安全保障技术教育部工程研究中心主任
Education Level:With Certificate of Graduation for Doctorate Study
Gender:Male
Contact Information:yaoyu@mail.neu.edu.cn
Degree:博士
Alma Mater:东北大学
Discipline:Computer Applications Technology
Computer Software and Theory
Computer Architecture
Academic Honor:
2013 Excellent talents of the Ministry of education in the new century
The Last Update Time: ..
Hits:
Journal:IEEE Internet of Things Journal
Impact Factor:8.2
DOI number:10.1109/JIOT.2025.3526599
Abstract:Anomaly detection has proven effective in detecting cyber-attacks in Industrial Control Systems (ICS). However, most existing anomaly detection methods suffer from low accuracy because they ignore the effects of packet loss and network delay on time features, the sequential nature of transition time, masquerade transitions, and system recovery. Meanwhile, current Cyber-Physical Model (CPM) construction methods struggle to effectively address the state explosion problem and properly balance the removal and retention of low frequency states (LFS). In this paper, we propose a novel baseline model for ICS to detect anomalies through learning device-level polling time patterns and system-level CPM. The polling time pattern learning method reduces the effects of packet loss and network delay on time features by extracting only matching packets and replacing outliers. The CPM construction method mitigates state explosion through mixed-event discretisation, reduces the effects of network delay on transition/action times through outlier replacement, and captures the sequential nature of transition times with circular permutation sets. CPM model optimisation uses a post-pruning algorithm to balance the removal and retention of LFSs, and a CPM periodicity detection method that mitigates the effects of network delay to ensure that all industrial process periods are detected. A real-time anomaly detection method with a two-layer defence mechanism is proposed using the baseline model. Experimental results from two lab-scale ICSs with six process-related attacks confirm the effectiveness and superiority of the proposed method. It achieves average F1 scores of 98.81% and accuracy of 99.24%, outperforming the state-of-the-art work by 18.51% and 13.96% respectively.
Key Words:Industrial Control System, SCADA System, Anomaly Detection, Cyber-physical Model, Deterministic Finite Automaton.
Indexed by:SCI JCR Q1
Note:https://ieeexplore.ieee.org/document/10856846
Document Type:JCR 一区
First-Level Discipline:Computer Science and Technology
Translation or Not:no
Current position: