网络与信息安全学报2025,Vol.11Issue(1):178-188,11.DOI:10.11959/j.issn.2096-109x.2025013
工业控制系统物理层报警量关联算法
Physical layer alarm correlation algorithm for industrial control system
摘要
Abstract
Malfunctions of some industrial control equipment may be caused by attacks on industrial control sys-tems,and alarm data was generated at the physical layer by sensors responsible for monitoring the equipment's working status.These sensor variables,referred to as alarm quantities,reflected the operating conditions of the equipment.However,the volume of alarm data was massive,and its correlation was difficult to determine.Simulta-neously,tracing the source of the alarm data was also challenging.To address these issues,an algorithm for physi-cal layer alarm correlation in industrial control systems was proposed.The correlation between alarm variables was quantified by analyzing the alarm start time and alarm end time in alarm records.Alarm variables were classified and correlated under the guidance of relevance,and potential global alarm correlation structures were constructed.Finally,the potential global alarm correlation structure was evaluated using the K2 algorithm.Additionally,the scor-ing function of the K2 algorithm was improved to ensure the interpretability of the global alarm correlation struc-ture.Experimental results demonstrate that the global alarm correlation structure obtained by this algorithm exhib-its good interpretability and is more consistent with the real process flow.This structure is helpful in analyzing the correlation between alarm variables at the physical layer and is of significant importance in guiding the security re-sponse of industrial control systems.关键词
工业控制系统安全/报警关联/追溯报警源头/K2算法Key words
industrial control system security/alarm correlation/tracing the source of alarm/K2 algorithm分类
计算机与自动化引用本文复制引用
王英州,张耀方,徐有方,赵若菡,郭舒畅,刘红梅,张永铮,王佰玲,刘红日..工业控制系统物理层报警量关联算法[J].网络与信息安全学报,2025,11(1):178-188,11.基金项目
国家重点研发计划(2021YFB2012400) The Nationai Key R&D Program of China(2021YBF2012400) (2021YFB2012400)
