您的检索:
学者姓名:赖英旭
精炼检索结果:
年份
成果类型
收录类型
来源
综合
合作者
语言
清除所有精炼条件
摘要 :
Industrial control systems (ICSs) have many vulnerabilities owing to the lack of protective measures. Once exploited, such vulnerabilities can result in significant economic loss and security concerns because an ICS controls the entire production process. Although fuzzing is a prevalent technique for finding potential vulnerabilities, current approaches have the disadvantages of blind mutations and low efficiency in vulnerability mining. In this study, we propose a personalized fuzzing method for ICS protocols based on non-critical field mutations and test case combinations. In our approach, we select appropriate protocol fields for personalized mutations based on the information entropy of each output, which can increase the diversity of test cases while preserving their availability. We developed a novel test case sending method that improves the efficiency of finding specific vulnerabilities by grouping related test cases. Our approach also introduces a detection method based on expected message validation to locate triggered vulnerabilities quickly. Compared to Peach and Boofuzz, our method improved the test target anomaly rate by 63.53% and 34.95%, respectively, and found one 0-day vulnerability and five n-day vulnerabilities.
关键词 :
Modbus TCP Modbus TCP Industrial control system Industrial control system Fuzzing Fuzzing Generative adversarial network Generative adversarial network Deep learning Deep learning
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Wanyan, Hanxiao , Lai, Yingxu , Liu, Jing et al. NCMFuzzer: Using non-critical field mutation and test case combination to improve the efficiency of ICS protocol fuzzing [J]. | COMPUTERS & SECURITY , 2024 , 141 . |
| MLA | Wanyan, Hanxiao et al. "NCMFuzzer: Using non-critical field mutation and test case combination to improve the efficiency of ICS protocol fuzzing" . | COMPUTERS & SECURITY 141 (2024) . |
| APA | Wanyan, Hanxiao , Lai, Yingxu , Liu, Jing , Chen, Hao . NCMFuzzer: Using non-critical field mutation and test case combination to improve the efficiency of ICS protocol fuzzing . | COMPUTERS & SECURITY , 2024 , 141 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
Owing to the increasing number of cybersecurity threats targeting industrial control systems (ICSs), intrusion response systems (IRSs) have become essential. However, the current IRSs exhibit several limitations, such as neglecting physical domain security policies and relying significantly on expert input. While deep reinforcement learning (DRL) methods yield superior outcomes, they suffer from low interpretability and unreliability. This study introduces an interpretable cross-layer intrusion response system (ICL-IRS), which is a decision-tree-based IRS. It offers a robust understanding of cyberattacks and industrial control logic specific to ICSs. ICL-IRS employs a DRL model, tailored to the characteristics of physical process control, to refine policies. It then scrutinizes the optimized intrusion response policy and generates decision trees. Our experimental results reveal a 21% enhancement in the success rate of the proposed ICL-IRS over competing methods. The effectiveness of ICL-IRS was further validated through a case study on a simulated process-control system.
关键词 :
Cybersecurity Cybersecurity intrusion response system (IRS) intrusion response system (IRS) deep reinforcement learning (DRL) deep reinforcement learning (DRL) imitation learning imitation learning industrial control systems (ICSs) industrial control systems (ICSs)
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Chen, Hao , Lai, Yingxu , Liu, Jing et al. Interpretable Cross-Layer Intrusion Response System Based on Deep Reinforcement Learning for Industrial Control Systems [J]. | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS , 2024 , 20 (7) : 9771-9781 . |
| MLA | Chen, Hao et al. "Interpretable Cross-Layer Intrusion Response System Based on Deep Reinforcement Learning for Industrial Control Systems" . | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS 20 . 7 (2024) : 9771-9781 . |
| APA | Chen, Hao , Lai, Yingxu , Liu, Jing , Wanyan, Hanxiao . Interpretable Cross-Layer Intrusion Response System Based on Deep Reinforcement Learning for Industrial Control Systems . | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS , 2024 , 20 (7) , 9771-9781 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
As security threats to industrial control systems become more prevalent, it is imperative to deploy effective intrusion-detection systems. However, the existing methods are insufficient for addressing contemporary attacks. Rule-based methods are heavily dependent on manual settings, and the covertness of attacks poses challenges to rule effectiveness. Machine and deep learning methods exhibit low interpretability owing to their complex designs, and the semantic gap between the model and the actual operational interpretation limits their applicability. To mitigate these shortcomings, we propose an abnormal logical representation learning (ALRL) intrusion detection method for industrial control systems. ALRL contains a specific lightweight neural network and employs knowledge distillation to achieve high classification ability. More importantly, it can generate effective and concise intrusion detection rules directly from the learned knowledge of the model. The hierarchical model structure and residual connections ensure high interpretability of the rules. Experiments conducted on two publicly available industrial control datasets demonstrate that ALRL can classify attacks with an excellent performance. In addition, the logical rules generated by ALRL can effectively detect all types of attacks and exhibit good interpretability.
关键词 :
model interpretability model interpretability Computational modeling Computational modeling Encoding Encoding Neural networks Neural networks industrial control system (ICS) industrial control system (ICS) Control logic Control logic Representation learning Representation learning intrusion detection intrusion detection Intrusion detection Intrusion detection Actuators Actuators Feature extraction Feature extraction rule generation rule generation
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Xu, Xinyu , Lai, Yingxu , Zhang, Xiao et al. Abnormal Logical Representation Learning for Intrusion Detection in Industrial Control Systems [J]. | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS , 2024 , 20 (8) : 10624-10635 . |
| MLA | Xu, Xinyu et al. "Abnormal Logical Representation Learning for Intrusion Detection in Industrial Control Systems" . | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS 20 . 8 (2024) : 10624-10635 . |
| APA | Xu, Xinyu , Lai, Yingxu , Zhang, Xiao , Dong, Xinrui . Abnormal Logical Representation Learning for Intrusion Detection in Industrial Control Systems . | IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS , 2024 , 20 (8) , 10624-10635 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
In the modern interconnected world, intelligent networks and computing technologies are increasingly being incorporated in industrial systems. However, this adoption of advanced technology has resulted in increased cyber threats to cyber-physical systems. Existing intrusion detection systems are continually challenged by constantly evolving cyber threats. Machine learning algorithms have been applied for intrusion detection. In these techniques, a classification model is trained by learning cyber behavior patterns. However, these models typically require considerable high-quality datasets. Limited attack samples are available because of the unpredictability and constant evolution of cyber threats. To address these problems, we propose a novel federated Execution & Evaluation dual network framework (EEFED), which allows multiple federal participants to personalize their local detection models undermining the original purpose of Federated Learning. Thus, a general global detection model was developed for collaboratively improving the performance of a single local model against cyberattacks. The proposed personalized update algorithm and the optimizing backtracking parameters replacement policy effectively reduced the negative influence of federated learning in imbalanced and non-i.i.d distribution of data. The proposed method improved model stability. Furthermore, extensive experiments conducted on a network dataset in various cyber scenarios revealed that the proposed method outperformed single model and state-of-the-art methods.
关键词 :
intrusion detection intrusion detection cyber-physical system (CPS) cyber-physical system (CPS) Federated learning Federated learning personalized model personalized model cyber security cyber security
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Huang, Xianting , Liu, Jing , Lai, Yingxu et al. EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection [J]. | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2023 , 18 : 41-56 . |
| MLA | Huang, Xianting et al. "EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection" . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 18 (2023) : 41-56 . |
| APA | Huang, Xianting , Liu, Jing , Lai, Yingxu , Mao, Beifeng , Lyu, Hongshuo . EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2023 , 18 , 41-56 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
Controller area networks (CANs) are the de-facto standard for in-vehicle networks and enable real-time data communication between the electronic control units in a vehicle. However, owing to inadequate security mechanisms, CANs are vulnerable to cyberattacks. The sophistication of these attacks evolves constantly and new types of attacks emerge over time. Most existing intrusion detection systems (IDSs) can handle known attacks, but their ability to detect unknown attacks requires urgent improvements. Although IDSs can be updated via the Internet of Vehicles cloud to improve their detection performance, an unacceptable amount of time is required to collect enough labeled data and the updates are slow. Considering these problems, we propose a transfer learning-based self-learning IDS (TLSIDS) for CANs. The proposed TLSIDS uses a cascade detection approach that is capable of detecting both known and unknown attacks with high performance, and the self-learning function can solve the problem of slow updates, thus improving the speed and performance of the TLSIDS in detecting unknown attacks. The TLSIDS consists of four modules, namely the basic detection module (BDM), the advanced detection module (ADM), the unknown attacks classification module (UACM), and the self-learning module (SLM). The efficacy of the TLSIDS was evaluated using a public dataset provided by the Hacking and Countermeasure Research Lab (HCRL). The results revealed that our proposed TLSIDS has effectiveness and robustness in distinct scenarios.
关键词 :
Transfer learning Transfer learning Intrusion detection system (IDS) Intrusion detection system (IDS) Controller area networks (CANs) Controller area networks (CANs) Cascade detection Cascade detection
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Wang, Yuhang , Lai, Yingxu , Chen, Ye et al. Transfer learning-based self-learning intrusion detection system for in-vehicle networks [J]. | NEURAL COMPUTING & APPLICATIONS , 2023 , 35 (14) : 10257-10273 . |
| MLA | Wang, Yuhang et al. "Transfer learning-based self-learning intrusion detection system for in-vehicle networks" . | NEURAL COMPUTING & APPLICATIONS 35 . 14 (2023) : 10257-10273 . |
| APA | Wang, Yuhang , Lai, Yingxu , Chen, Ye , Wei, Jingwen , Zhang, Zhaoyi . Transfer learning-based self-learning intrusion detection system for in-vehicle networks . | NEURAL COMPUTING & APPLICATIONS , 2023 , 35 (14) , 10257-10273 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
The integration of industrialization and informatization has exposed industrial control systems (ICSs) to increasingly serious security challenges. Currently, the mainstream method to protect the security of ICSs is intrusion detection system (IDS) based on deep-learning. However, these methods depend on a massive amount of high-quality data. Owing to the characteristics and protocol limitations, ICSs data usually experience low-quality and data imbalance problems, which significantly affects the accuracy of IDS. In this study, an IDS for ICS that combines data expansion algorithm and CNN was proposed. A novel normalized neighborhood weighted convex combined random sample (NNW-CCRS) oversampling algorithm was designed, which automatically attenuates the effects of noise and expanding imbalanced data to produce balanced ICS datasets. By reducing the impact of imbalanced ICS data on IDSs, our system effectively protects the security of ICS. Secure Water Treatment dataset (SWaT) was used for experimental validation. The experimental results confirmed that the accuracy of the proposed system improved by approximately 20%, compared to the ICS without data expansion.
关键词 :
oversampling algorithm oversampling algorithm industrial control system industrial control system imbalanced data imbalanced data
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Dong, Xinrui , Lai, Yingxu . Intrusion Detection System for Industrial Control Systems Based on Imbalanced Data [J]. | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS , 2023 : 197-202 . |
| MLA | Dong, Xinrui et al. "Intrusion Detection System for Industrial Control Systems Based on Imbalanced Data" . | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS (2023) : 197-202 . |
| APA | Dong, Xinrui , Lai, Yingxu . Intrusion Detection System for Industrial Control Systems Based on Imbalanced Data . | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS , 2023 , 197-202 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
Industrial Control System(ICS) security is one of the lifebloods of national development. Fully understanding of its vulnerabilities plays an important role in the actual application scenarios. Meanwhile, an attacker may also exploit multiple vulnerabilities to achieve the final malicious purpose, such as the Stuxnet worm. In order to solve the above problems, we construct a Knowledge Graph(KG) of heterogeneous ICSs, and propose a potential relationship mining method (R-HetGNN) based on this graph. The method solves the multi-modality problem in KG aggregation and KG-heterogeneity problem. Besides, we use random walk algorithm to solve the ulti-level neighbor problem. Experimental results on a real-world dataset show that R-HetGNN achieved 83.0% on the F1 score, superior to other knowledge reasoning modules, such as GAT and TransE.
关键词 :
knowledge reasoning knowledge reasoning knowledge graph knowledge graph graph neural network graph neural network
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Zhang, Xiao , Lai, Yingxu . Mining of Potential Relationships based on the Knowledge Graph of Industrial Control Systems [J]. | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS , 2023 : 183-188 . |
| MLA | Zhang, Xiao et al. "Mining of Potential Relationships based on the Knowledge Graph of Industrial Control Systems" . | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS (2023) : 183-188 . |
| APA | Zhang, Xiao , Lai, Yingxu . Mining of Potential Relationships based on the Knowledge Graph of Industrial Control Systems . | 2023 IEEE 15TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEM, ISADS , 2023 , 183-188 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
Sybil attacks in Vehicular Ad-Hoc Networks (VANETs) conduct malicious behavior by falsifying and faking messages between vehicles. It poses a significant threat to the safety of vehicle movement. Meanwhile, because Sybil attacks often hide the real identity of the attacker with the help of a legitimate pseudonym, making it very difficult to detect them. Most existing detection schemes use a single data source, which is not enough to describe the specific characteristics of the attack behavior accurately, while their detection performance is also affected by real scenario factors such as traffic flow and attacker density. Therefore, we propose a multi -source data fusion detection framework for Sybil attacks based on the study of the behavior characteristics of Sybil attacks and the impact of the attacks on the traffic flow state. We get basic safety messages data, map data and sensor data and then obtain multi-dimensional data fusion features from four aspects: spatio-temporal location relationship, traffic flow state change, vehicle behavior characteristics and sensor data verification, and finally use machine learning classification model to complete the detection of attack behavior. Experimental results show that our proposed attack detection framework is able to locate the specific road section where the attack occurred in a realistic and complex traffic scenario containing different road types without using trusted vehicles as observation nodes, and has good generalization capability. the average detection accuracy of the MDFD framework for four types of compound attacks is as high as 97.69%.
关键词 :
Multi-source data fusion Multi-source data fusion Attack detection Attack detection Traffic flow state Traffic flow state Sybil attacks Sybil attacks Vehicular networks Vehicular networks
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Chen, Ye , Lai, Yingxu , Zhang, Zhaoyi et al. MDFD: A multi-source data fusion detection framework for Sybil attack detection in VANETs [J]. | COMPUTER NETWORKS , 2023 , 224 . |
| MLA | Chen, Ye et al. "MDFD: A multi-source data fusion detection framework for Sybil attack detection in VANETs" . | COMPUTER NETWORKS 224 (2023) . |
| APA | Chen, Ye , Lai, Yingxu , Zhang, Zhaoyi , Li, Hanmei , Wang, Yuhang . MDFD: A multi-source data fusion detection framework for Sybil attack detection in VANETs . | COMPUTER NETWORKS , 2023 , 224 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
Vehicles in Internet of Vehicles must constantly broadcast basic safety messages to keep other vehicles informed of their location, speed, and other parameters. Attackers can use the content of these messages to follow the path of the vehicle and invade vehicle owner privacy. Vehicle location privacy was ensured by broadcasting these messages using pseudonyms and periodically changing these pseudonyms. However, in mix-zone-based strategies, vehicles are frequently restricted from changing their pseudonyms in specific places. Furthermore, most previous change strategies only safeguarded against the syntactic linking attack and did not account for the semantic linking attack. Thus, in this study, we proposed a broadcast and silence period pseudonym change strategy to overcome these difficulties. Mix zones were obtained by analyzing the locations where vehicles frequently stop. The vehicle broadcasts or silences in a mix zone according to our broadcast and silence period strategy and changes to the pseudonym assigned by the road side unit during the silence phase until it leaves the zone. Our safety analysis and experimental results indicate that the broadcast and silence period prevent both linking attacks while reducing the impact of radio silence on vehicle safety by limiting the silent time, thereby providing better location privacy protection for vehicles compared with the existing schemes. In addition, the number of signatures required to be verified each time it receives messages and the overhead incurred in changing pseudonyms for vehicles is acceptable.
关键词 :
location privacy location privacy pseudonym change pseudonym change Internet of vehicles Internet of vehicles mix zone mix zone
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Li, Hanmei , Lai, YingXu , Chen, Ye . Broadcast and Silence Period (BSP): A Pseudonym Change Strategy [J]. | IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY , 2023 , 72 (10) : 13618-13630 . |
| MLA | Li, Hanmei et al. "Broadcast and Silence Period (BSP): A Pseudonym Change Strategy" . | IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY 72 . 10 (2023) : 13618-13630 . |
| APA | Li, Hanmei , Lai, YingXu , Chen, Ye . Broadcast and Silence Period (BSP): A Pseudonym Change Strategy . | IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY , 2023 , 72 (10) , 13618-13630 . |
| 导入链接 | NoteExpress RIS BibTex |
摘要 :
A Sybil attack is caused by a malicious vehicle node stealing fake identities and continuously generating fake vehicles on the road to create the illusion of congestion, which endangers normal vehicles on the road. Because Sybil vehicle nodes have trajectories and motion states similar to those of normal vehicles, they are more difficult to detect in high-density traffic environments. The real-time authentication of vehicles is impossible in the existing traffic environment; thus, malicious vehicle nodes with a high degree of stealth can continuously attack and are difficult to stop. In this paper, we propose a Sybil attack detection method based on basic security message (BSM) packets, which exploits the characteristic that BSM packets have a unique sending source and uses the spatiotemporal relationship of dynamic vehicle location changes to detect and trace Sybil attacks. A weighted integration strategy is proposed for increasing the detection precision without machine-learning model prediction. Experimental results indicated that the proposed method can detect Sybil attacks in real time and is not affected by the attack density or traffic density. Moreover, it can detect Sybil nodes and trace malicious nodes simultaneously, with precisions of >98% and >94%, respectively, resolving the difficulties of existing detection schemes.
关键词 :
Position verification Position verification Attack traceability Attack traceability Sybil detection Sybil detection VANETs VANETs ITS ITS
引用:
复制并粘贴一种已设定好的引用格式,或利用其中一个链接导入到文献管理软件中。
| GB/T 7714 | Zhang, Zhaoyi , Lai, Yingxu , Chen, Ye et al. Detection method to eliminate Sybil attacks in Vehicular Ad-hoc Networks [J]. | AD HOC NETWORKS , 2023 , 141 . |
| MLA | Zhang, Zhaoyi et al. "Detection method to eliminate Sybil attacks in Vehicular Ad-hoc Networks" . | AD HOC NETWORKS 141 (2023) . |
| APA | Zhang, Zhaoyi , Lai, Yingxu , Chen, Ye , Wei, Jingwen , Wang, Yuhang . Detection method to eliminate Sybil attacks in Vehicular Ad-hoc Networks . | AD HOC NETWORKS , 2023 , 141 . |
| 导入链接 | NoteExpress RIS BibTex |
导出
| 数据: |
选中 到 |
| 格式: |
