大数据 (Jul 2023)
Argus: multi-source data-driven industrial control security situational awareness system
Abstract
Industrial control system (ICS) is the brain of national industrial manufacturing and civil infrastructure.However, the security risks associated with ICS have become increasingly prominent, making it a significant target for cybersecurity protection.This paper proposed a solution for the issues associated with ICS security data dispersion and delayed threat perception.Specifically, the paper presented a multi-source data-driven ICS security situational awareness system named Argus, which incorporated an awareness chain for ICS security.Furthermore, the paper developed autonomous situational awareness technologies for ICS security, such as stateless high-speed device scanning, precise threat intelligence extraction, and suspicious attack behavior detection, to achieve multi-channel and three-dimensional ICS security monitoring and situational awareness.The experimental results indicated that, compared with conventional ICS situational awareness methods, the perception accuracy of the Argus system has improved by over 10%, with efficiency improvements by two orders of magnitude.Additionally, Argus allows for proactive warning and mitigation of potential security risks.
