Yuanqing Qin

Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation

Industrial process automation is undergoing an increased use of information communication technologies due to high flexibility interoperability and easy administration. But it also induces new security risks to existing and future systems. Intrusion detection is a key technology for security protection. However, traditional intrusion detection systems for the IT domain are not entirely suitable for industrial process automation. In this paper, multiple models are constructed by comprehensively analyzing the multidomain knowledge of field control layers in industrial process automation, with consideration of two aspects: physics and information. And then, a novel multimodel-based anomaly intrusion detection system with embedded intelligence and resilient coordination for the field control system in industrial process automation is designed. In the system, an anomaly detection based on multimodel is proposed, and the corresponding intelligent detection algorithms are designed. Furthermore, to overcome the disadvantages of anomaly detection, a classifier based on an intelligent hidden Markov model, is designed to differentiate the actual attacks from faults. Finally, based on a combination simulation platform using optimized performance network engineering tool, the detection accuracy and the real-time performance of the proposed intrusion detection system are analyzed in detail. Experimental results clearly demonstrate that the proposed system has good performance in terms of high precision and good real-time capability.

Characteristic Model-Based Adaptive Discrete-Time Sliding Mode Control for the Swing Arm in a Fourier Transform Spectrometer

This paper aims to guarantee high-precision tracking of the desired optical path difference velocity for a Fourier transform spectrometer (FTS) in a space exploration system with time-varying parameters and nonlinear dynamics. A novel characteristic model-based adaptive discrete-time sliding mode control (ADSMC) scheme is proposed. The design of the ADSMC includes characteristic modeling, characteristic model-based discrete-time sliding mode control, and the estimator of the uncertain coefficients. The stability analysis of the ADSMC is also given in this paper. Simulation and experimental results demonstrate that the proposed characteristic model-based ADSMC can achieve high-precision control over a Michelson interferometer-based FTS. The significant advantages of the proposed ADSMC are its robustness and better control performance over the external disturbance and internal parameter uncertainty of the system.

A Class of General Transient Faults Propagation Analysis for Networked Control Systems

Transient faults are a dominant kind of threat to system safety in networked control systems (NCSs) due to their high occurrence rate and wide variety. However, they are hardly detected accurately in NCSs because of their unpredictable nature and short duration. Hence, fault propagation analysis (FPA) has become a bottleneck issue for fault-tolerant control in NCSs, which is used to analyze the fault effects and identify the approximate zone where transient fault occurred. In this paper, an innovative ontology-based FPA approach (ontologyFPA) is proposed to analyze transient fault propagation effects in NCSs. From the view of object-centered ontology, function, behavior, and structure models are built to reflect system abstraction hierarchies, and fault propagation effects and traces are identified from behaviors to functions through the mapping relationships of abstraction models. From the view of system-centered ontology, information-based workflows are employed to represent system independence in which fault propagation is investigated by excavating different effect traces among serial tasks in control loops. To illustrate the processes of propagation analysis, the application of ontologyFPA in a steam generator water level control system is presented. Finally, based on a unified simulation platform described by the architecture analysis and design language (AADL), two types of faults are injected to inspect the fault propagation processes between abstraction hierarchies, while another type is injected to investigate the processes in workflows. The results demonstrate that the proposed approach is effective in terms of identifying transient fault propagation effects and traces.

An Efficient Intrusion Detection Approach for Visual Sensor Networks Based on Traffic Pattern Learning

Visual sensor networks (VSNs) are highly vulnerable to attacks due to their open deployment in possibly unattended environments. To improve the network security of VSNs, an intrusion detection system (IDS) is an effective countermeasure. However, as visual sensors can produce big and dynamic video data, it is a tough task to rapidly and effectively detect attacks in VSNs. Moreover, attack samples in VSNs are generally too rare for IDSs to fully understand the behaviors of attacks. Facing these difficulties, in this paper, we propose an efficient intrusion detection approach for VSNs, which is based on traffic pattern learning. In the proposed approach, a traffic model is developed to describe the dynamic characteristics of network traffic in VSNs. Based on this model, the optimal feature set for traffic pattern learning can be extracted. Then a hierarchical self-organizing map (HSOM) is employed to learn traffic patterns and detect intrusions. Furthermore, an active learning strategy is devised to accelerate the training process of the HSOM and better learn the patterns of attacks. Experimental results show that the proposed approach has high detection accuracy and good real-time performance.

A distributed newton iteration based localization scheme in underground tunnels

One of the main concerns in underground working tunnels is ensuring the safety of the workers and their equipment. Being aware of the real-time position of personnel in such harsh environment is challenging and requires a sophisticated localization system. With traditional Received Signal Strength (RSS) failing to accurately estimate the distance between nodes due to multipath effect in such long and narrow space, Radio Frequency Time-of-Flight (RF-TOF) is proved to be an alternative method for more accurate distance estimation. To reduce the communication cost, a distributed localization scheme is proposed, where a simple Newton Iteration location estimation algorithm is embedded in the blind node. Linear least square estimation is used as the initial value to accelerate the convergence of the iteration. Experimental results show the effectiveness of the proposed scheme.

Transient fault tolerant control for vehicle brake-by-wire systems

Brake-by-wire (BBW) systems that have no mechanical linkage between the brake pedal and the brake mechanism are expected to improve vehicle safety through better braking capability. However, transient faults in BBW systems can cause dangerous driving situations. Most existing research in this area focuses on the brake control mechanism, but very few studies try to solve the problem associated with transient fault propagation and evolution in the brake control system hierarchy. In this paper, a hierarchical transient fault tolerant scheme with embedded intelligence and resilient coordination for BBW system is proposed based on the analysis of transient fault propagation characteristics. In this scheme, most transient faults are tackled rapidly by a signature-based detection method at the node level, and the remaining transient faults, which cannot be detected directly at the node level and could degrade the system performance through fault propagation and evolution, are detected and recovered through function and structure models at the system level. To jointly accommodate these BBW transient faults at the system level, a sliding mode control algorithm and a task reallocation strategy are designed. A simulation platform based on Architecture Analysis and Design Language (AADL) is established to evaluate the task reallocation strategy, and a hardware-in-the-loop simulation is carried out to validate the proposed scheme systematically. Experimental results show the effectiveness of this new approach to BBW systems.

Multimodel-Based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems

Currently, an increasing number of information/communication technologies are adopted into the industrial control systems (ICSs). While these IT technologies offer high flexibility, interoperability, and convenient administration of ICSs, they also introduce cybersecurity risks. Dynamic cybersecurity risk assessment is a key foundational component of security protection. However, due to the characteristics of ICSs, the risk assessment for IT systems is not completely applicable for ICSs. In this paper, through the consideration of the characteristics of ICSs, a targeted multilevel Bayesian network containing attack, function, and incident models is proposed. Following this proposal, a novel multimodel-based hazardous incident prediction approach is designed. On this basis, a dynamic cybersecurity risk assessment approach, which has the ability to assess the risk caused by unknown attacks, is also devised. Furthermore, to improve the accuracy of the risk assessment, which may be reduced by the redundant accumulation of overlaps amongst different consequences, a unified consequence quantification method is presented. Finally, to verify the effectiveness of the proposed approach, a simulation of a simplified chemical reactor control system is conducted in MATLAB. The simulation results can clearly demonstrate that the proposed approach has the ability to dynamically calculate the cybersecurity risk of ICSs in a timely manner. Additionally, the result of a different comparative simulation shows that our approach has the ability to assess the risk caused by unknown attacks.

A Distributed UWB-based Localization System in Underground Mines

The location of people, mobile terminals and equipment is highly desirable for operational enhancements in the mining industry. In an indoor environment such as a mine, the multipath caused by reflection, diffraction and diffusion on the rough sidewall surfaces are the main sources of range measurement errors. In this paper, a UWB time of flight based localization system is proposed to address the multipath effect in underground mines. To reduce the communication cost and time delay of localization in such a chain type wireless network, a distributed localization algorithm based on particle swarm optimization (PSO) is proposed and implemented on the blind node (the node to be localized). Without extra hardware needed, an accurate but low cost localization system has been achieved. Experimental results verify the proposed scheme

Asset-Based Dynamic Impact Assessment of Cyberattacks for Risk Analysis in Industrial Control Systems

With the evolution of information, communications, and technologies, modern industrial control systems (ICSs) face more and more cybersecurity issues. This leads to increasingly severe risks in critical infrastructure and assets. Therefore, risk analysis becomes a significant yet not well investigated topic for prevention of cyberattack risks in ICSs. To tackle this problem, a dynamic impact assessment approach is presented in this paper for risk analysis in ICSs. The approach predicts the trend of impact of cybersecurity dynamically from full recognition of asset knowledge. More specifically, an asset is abstracted with properties of construction, function, performance, location, and business. From the function and performance properties of the asset, object-oriented asset models incorporating with the mechanism of common cyberattacks are established at both component and system levels. Characterizing the evolution of behaviors for single asset and system, the models are used to analyze the impact propagation of cyberattacks. Then, from various possible impact consequences, the overall impact is quantified based on the location and business properties of the asset. A special application of the approach is to rank critical system parameters and prioritize key assets according to impact assessment. The effectiveness of the presented approach is demonstrated through simulation studies for a chemical control system.

Petri Net Modeling of the Reconfigurable Protocol Stack for Cloud Computing Control Systems

The Industrial Ethernet is promising for the implementation of a Cloud Computing based control system. However, numerous standard organizations and vendors have developed various Industrial Ethernets to satisfy the real-time requirements of field devices. This paper presents a real-time reconfigurable protocol stack to cope with this challenge, by introducing the architecture with a core of dynamic routing and autonomic local scheduling. It is based on the deterministic and stochastic Petri-Nets (DSPN) method to illustrate the performance of producer/consumer based application model, CSMA/CD based node accessing activities, and TDMA based resource allocation for real time and non-real time traffic. Furthermore, the predicted time distribution for evaluating the stability of a control system can be obtained from the proposed DSPN model. It is shown that the DSPN modeling yields good verification analysis and performance prediction results through a real experimentation.