MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis

Shilong Zhang; Hui Zhang; Guo Chen; He Luo; Meiqi Wu; Hongxiang Chen; Zehua Ren; Zijun Wang; Yang Liu

doi:10.1109/CASE59546.2024.10711716

MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis

Shilong Zhang
, Hui Zhang
, Guo Chen
, He Luo
, Meiqi Wu
, Hongxiang Chen
, Zehua Ren
, Zijun Wang
, Yang Liu

电子与信息学部

Xi'an Jiaotong University
Digital Management Center
Polytechnic University of Milan

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial control systems (ICSs). However, it is a big burden for security analysts to handle numerous alarms in real time. Also, most alarms are falsely triggered by normal operations, which makes the real attack risks hard to find. In this paper, we propose MNSSA, a meso-level network security situation awareness method that conducts graph evolution analysis on the ICS alarms. MNSSA can semi-automatically filter low-risk false alarms in bulk and detect attack events. It can better analyze the network security situation and improve alarm processing efficiency.

源语言	英语
主期刊名	2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024
出版商	IEEE Computer Society
页	3628-3634
页数	7
ISBN（电子版）	9798350358513
DOI	https://doi.org/10.1109/CASE59546.2024.10711716
出版状态	已出版 - 2024
活动	20th IEEE International Conference on Automation Science and Engineering, CASE 2024 - Bari, 意大利期限: 28 8月 2024 → 1 9月 2024

出版系列

姓名	IEEE International Conference on Automation Science and Engineering
ISSN（印刷版）	2161-8070
ISSN（电子版）	2161-8089

会议

会议	20th IEEE International Conference on Automation Science and Engineering, CASE 2024
国家/地区	意大利
市	Bari
时期	28/08/24 → 1/09/24

访问文件

10.1109/CASE59546.2024.10711716

其它文件与链接

链接到 Scopus 的出版物

引用此

Zhang, S., Zhang, H., Chen, G., Luo, H., Wu, M., Chen, H., Ren, Z., Wang, Z., & Liu, Y. (2024). MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis. 在 2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024 (页码 3628-3634). (IEEE International Conference on Automation Science and Engineering). IEEE Computer Society. https://doi.org/10.1109/CASE59546.2024.10711716

@inproceedings{0046ec3a7d5344968df4d2ecaad390aa,

title = "MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis",

abstract = "Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial control systems (ICSs). However, it is a big burden for security analysts to handle numerous alarms in real time. Also, most alarms are falsely triggered by normal operations, which makes the real attack risks hard to find. In this paper, we propose MNSSA, a meso-level network security situation awareness method that conducts graph evolution analysis on the ICS alarms. MNSSA can semi-automatically filter low-risk false alarms in bulk and detect attack events. It can better analyze the network security situation and improve alarm processing efficiency.",

author = "Shilong Zhang and Hui Zhang and Guo Chen and He Luo and Meiqi Wu and Hongxiang Chen and Zehua Ren and Zijun Wang and Yang Liu",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 20th IEEE International Conference on Automation Science and Engineering, CASE 2024 ; Conference date: 28-08-2024 Through 01-09-2024",

year = "2024",

doi = "10.1109/CASE59546.2024.10711716",

language = "英语",

series = "IEEE International Conference on Automation Science and Engineering",

publisher = "IEEE Computer Society",

pages = "3628--3634",

booktitle = "2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024",

}

Zhang, S, Zhang, H, Chen, G, Luo, H, Wu, M, Chen, H, Ren, Z, Wang, Z & Liu, Y 2024, MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis. 在 2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024. IEEE International Conference on Automation Science and Engineering, IEEE Computer Society, 页码 3628-3634, 20th IEEE International Conference on Automation Science and Engineering, CASE 2024, Bari, 意大利, 28/08/24. https://doi.org/10.1109/CASE59546.2024.10711716

MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis. / Zhang, Shilong; Zhang, Hui; Chen, Guo 等.
2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024. IEEE Computer Society, 2024. 页码 3628-3634 (IEEE International Conference on Automation Science and Engineering).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - MNSSA

T2 - 20th IEEE International Conference on Automation Science and Engineering, CASE 2024

AU - Zhang, Shilong

AU - Zhang, Hui

AU - Chen, Guo

AU - Luo, He

AU - Wu, Meiqi

AU - Chen, Hongxiang

AU - Ren, Zehua

AU - Wang, Zijun

AU - Liu, Yang

PY - 2024

Y1 - 2024

N2 - Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial control systems (ICSs). However, it is a big burden for security analysts to handle numerous alarms in real time. Also, most alarms are falsely triggered by normal operations, which makes the real attack risks hard to find. In this paper, we propose MNSSA, a meso-level network security situation awareness method that conducts graph evolution analysis on the ICS alarms. MNSSA can semi-automatically filter low-risk false alarms in bulk and detect attack events. It can better analyze the network security situation and improve alarm processing efficiency.

AB - Intrusion detection systems (IDSs) are widely used for generating alarms indicating potential network security risks based on network traffic monitoring in industrial control systems (ICSs). However, it is a big burden for security analysts to handle numerous alarms in real time. Also, most alarms are falsely triggered by normal operations, which makes the real attack risks hard to find. In this paper, we propose MNSSA, a meso-level network security situation awareness method that conducts graph evolution analysis on the ICS alarms. MNSSA can semi-automatically filter low-risk false alarms in bulk and detect attack events. It can better analyze the network security situation and improve alarm processing efficiency.

UR - https://www.scopus.com/pages/publications/85208248187

U2 - 10.1109/CASE59546.2024.10711716

DO - 10.1109/CASE59546.2024.10711716

M3 - 会议稿件

AN - SCOPUS:85208248187

T3 - IEEE International Conference on Automation Science and Engineering

SP - 3628

EP - 3634

BT - 2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024

PB - IEEE Computer Society

Y2 - 28 August 2024 through 1 September 2024

ER -

Zhang S, Zhang H, Chen G, Luo H, Wu M, Chen H 等. MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis. 在 2024 IEEE 20th International Conference on Automation Science and Engineering, CASE 2024. IEEE Computer Society. 2024. 页码 3628-3634. (IEEE International Conference on Automation Science and Engineering). doi: 10.1109/CASE59546.2024.10711716

MNSSA: Meso-level Network Security Situation Awareness for ICS via Graph Evolution Analysis

摘要

出版系列

会议

访问文件

其它文件与链接

学术指纹

引用此