Tongxin xuebao (Jun 2024)
Research on industrial Internet security detection and response based on digital twin
Abstract
Considering that traditional network security defense methods cannot meet the strict requirements of industrial Internet for reliability and stability, a method for anomaly detection and response in digital space was studied based on the idea of digital twins by collecting on-site data and using twin model security cognition. Firstly, four types of modeling methods were summarized and integrated into the multi module digital twin (DT) architecture by analyzing the digital twin modeling solutions. Secondly, the cognition of different twin models was transformed into a standard signal temporal logic (STL) specification set by introducing signal temporal logic technology, and anomaly detection was achieved by monitoring system behavior based on the specification set, by the reliability of detection results was increased. Finally, anomaly localization was achieved through the analysis of violations of the STL specification set, and corresponding STL weak specifications were designed through the analysis of known device faults to achieve anomaly classification. Two aspects of response to anomalies were beneficial for helping the system restore normal operation. The case study demonstrates that the effectiveness of the proposed method in anomaly detection and response. Comparing the proposed method with the intrusion detection system based on deep learning, the experimental results show that the detection rate of the proposed method increases by 25%~40.9% in detecting anomalies.
