Research On Security Technology Of Industrial Internet Of Things Based On Edge Computing

With the in-depth integration of 5G and the industrial Internet of things(IIo T),it is possible to leverage the advantages of the 5G network’s large bandwidth and low latency to ensure high-speed transmission of massive data.By transforming equipment with sensor technology,industrial equipment can be connected to the cloud and online,enabling remote equipment manipulation,unmanned intelligent inspection,machine vision quality inspection,equipment failure detection,and other scenarios that are difficult for human workers to reach.This greatly improves production efficiency,safety,and product quality,and helps enterprises reduce costs and increase benefits.However,the introduction of a large number of wireless terminals has broken the relatively closed and trusted production environment of traditional IIo T.The network attack surface is constantly expanding,and IIo T is facing alarming security issues that cannot be ignored due to factors such as large-scale network dynamic topology,resource-constrained terminal devices,frequent data interactions,and open network environments.The attacks imposed on the IIo T are endless,and traditional attack detection methods present disadvantages such as low detection accuracy and time extension.Faced with the reality that cyber security incidents extend from computer networks to the IIo T,traditional security awareness efforts are more complex and challenging to deploy.For industrial organizations that generally consider the zero-trust security(ZTA)concept applicable to solve industrial security problems,there are still challenges of imperfect security architecture and insufficient technical support for specific implementation.To address the security issues faced by IIo T,which were mentioned above,this dissertation fully utilizes the advantages of easy deployment,distribution,and additional computing resources of edge computing(EC)to study the security technology of IIo T.This allows for security to be implemented at the IIo T’s edge.The main body of this dissertation,along with its improvements,can be summarized as follows.In the context of the high hazards and difficulty in detecting typical attacks in IIo T,a false data injection(FDI)detection scheme based on EC with the classification of predicted residuals(CPRs)is proposed.The scheme is deployed at the edge of the industrial control network to perform data collection and attack detection while ensuring data integrity.An accurate real-time prediction model is designed using the temporal correlation of measured data streams.Predicted residuals independent of false data are classified with the computational support of edge devices.Unlike existing studies,the proposed scheme adds a low-complexity classification process after the prediction phase to improve detection accuracy significantly.Finally,the detection sensitivity of the proposed scheme is verified under an unusually harsh attack injection environment through extensive experiments in a real built power network scenario,and the applicability of the proposed scheme to the IIo T edge is discussed.To address the problem of traditional computing resource-constrained industrial terminal devices that are vulnerable to attacks and lack the ability to sense threats and defend against attacks,a complex network industrial device-level security stateawareness model based on EC is proposed.The proposed model is inspired by the idea that attack behavior inevitably leads to changes in performance indicator data at the device level.Leveraging the advantages of edge computing,the model clusters and transforms the massive data collected by traditional industrial devices into states.The state sequences,which imply rich security information,are modeled by complex network theory,and a complex network-based security state awareness model is presented.The proposed model is executed based on EC to achieve non-intrusive awareness without affecting the complete operation of industrial processes.Finally,the awareness performance of the proposed model and its real-time capabilities to IIo T under EC are discussed through sufficient experiments conducted on actual industrial devices.To tackle the challenges posed by the high complexity of security situational awareness(SSA)and delayed transmission of fault information caused by large-scale heterogeneity of IIo T terminals and dynamic and continuous situational space,an industrial system-level SSA scheme based on deep reinforcement learning of multiple intelligences under EC is proposed.The proposed scheme constructs a wide-area situational awareness-based SSA model under EC for dynamic and continuous situational spaces.The multi-agent deep deterministic policy gradient(MADDPG)algorithm is designed to solve the optimization problem based on the constructed model.The proposed scheme considers multi-edge agent cooperative perception,adaptively learns and performs optimal perceptual actions from environmental elements,and maximizes the long-term expected returns of the system.Finally,the proposed scheme is verified through extensive real-world scenario testing and simulation,and achieve adaptive learning of situational elements and real-time system-level protection in complex industrial environments.In response to the rise of the zero-trust(ZT)security concept and its inadequate technical support in the IIo T domain,this dissertation extends the value of the ZT security concept and the application of ZT security architecture in the IIo T industry.Based on the industrial system-level SSA,an EC-enabled ZT architecture for the IIo T at temporal and spatial granularity is proposed,along with a physical layer security-enhanced wireless industrial ZT technology roadmap.The proposed architecture utilizes EC to assist in generating and enforcing security policies and further refines the granularity of resource protection from the perspective of time and space.A three-step ZT technology roadmap from security zone formation to device authentication to cryptographic negotiation is proposed for wireless IIo T scenarios,supplemented with physical layer security technologies to support the specific technical implementation of the proposed roadmap.Finally,the feasibility of the proposed architecture and technical roadmap is discussed through security evaluation and experimental verification in real industrial scenarios.