With the rapid advancement of national strategies such as "Internet+" and "Made in China 2025", industrial control systems have been widely used in various industries such as energy, municipalities, transportation, water conservancy and aerospace, etc. The security of industrial control networks is always affecting the lifeline of the national economy. Therefore, the security of industrial control networks has not been given enough attention, resulting in frequent industrial control network security incidents, which makes us realize the importance of creating an industrial control network situational awareness system that integrates assessment and prediction. In this paper, we study the situational awareness technology of industrial control network based on big data, and integrate situational extraction as the premise, situational assessment as the core, and situational prediction as the goal to comprehensively sense the situational awareness of industrial control network system. Firstly, we adopt two ways of industrial control network data collection in the situational extraction, one is the use of traffic mirroring bypass access to sensor-aware terminals, without affecting the original production services on the premise of network traffic data collection. The second is the use of WireShark tools to achieve industrial control network traffic packet collection and statistics of traffic packets per second, analysis of the current network state, build Hadoop big data platform to achieve offline data pre-processing and feature extraction, and build Flink and TensorFlow model for graph neural network model training and complete prediction. Secondly, we use a combination of hierarchical analysis and correlation analysis to evaluate the situation, and use the evaluation graph to show the current network security state. Thirdly, the situation prediction is done by training the graph neural network model offline. We use the Flink real-time computation engine to read the data of the industrial control network into the graph neural network model in real time, which is used to enhance the feature representation of each node and to predict the probability of anomaly occurrence of the industrial control network in the future period. Finally, the graph neural network model of this paper is compared with traditional neural networks and machine learning models, and the accuracy and false alarm rate indexes are used to demonstrate the high accuracy and robustness of this model.
Read full abstract