Anomaly Detection And Resilient Control For Industrial Cyber-physical Systems Based On Graph Neural Networks

The industrial cyber-physical system is a networked control system that deeply integrates sensing,computing,control,internet networks,and physical objects.It is an important component of national economic construction.However,there are some obstacles to the promotion of ICPS,such as the complexity of the system topology,the variations of abnormal threats,or the low efficiency of the recovery of the attacked system.Therefore,it is important to solve the problems above and keep ICPS running safely.This thesis proposes an anomaly detection and resilient control method for ICPSs based on graph neural networks by fully analyzing the system architecture,operation mode,security requirements,etc.Then,it conducts in-depth research around structure identification,abnormal detection,and resilient control.System identification provide the structure information for anomaly detection and resilient control.Anomaly detection analyzes the structure variance and system running actions to provide the detection evidence for resilient control.Resilient control uses the structure information to establish the system model and uses detection evidence to guide the resilient mechanism intervention.In this way,these three parts integrate together to ensure the safe and stable operation of the industrial cyber-physical system.The main innovations of the thesis are as follows:(1)To address the difficulties of time-varying features of system structures and information capturing,a robust identification method for timevarying system topology is proposed.It fully uses spatiotemporal sparsity and satisfies the requirement of accurate identification of the system structure with slowly varying characteristics in both the time and spatial domains.The method combines the system topology,system state observation,and system dynamics using the state space equation.Next,the potential changing characteristics of the topology adjacency matrix of the dynamic system structure are analyzed,and by reasonable transformation,the adjacency matrix at different times is stretched into an adjacency vector and arranged in chronological order as a spatiotemporal graph.Then,the total variance regularization term is used to accurately capture the sparse characteristics of the time-varying structure in both the time and spatial domains.The proposed method fully utilizes the relationship between observation data and the system structure with the time series.This method accurately identifies the system topology structure at every period.Meanwhile,to alleviate the computational pressure and improve computational efficiency,the ADMM method is used to break down the original complex optimization problem into independent and simple iterative optimization problems.(2)To address the problem of the variability of threats in industrial cyber-physical systems and the low accuracy of anomaly detection due to the scarcity of abnormal samples,a graph neural network based anomaly detection method is proposed to improve the utilization rate of small-class samples in imbalanced labeled data and enhance the abnormal data detection ability of industrial cyber-physical systems.A data network is first constructed effectively to establish connections between known samples and samples to be detected.Then,the node embeddings are generated using node data and network structure,and the local and global features of the data are fully extracted through multi-layer embedding.At the same time,to solve the problem of low precision of the k-nearest neighbor for constructing the data network,a network structure refining process with a multi-head attention mechanism is designed.By integrating network structure learning and network embedding learning into the same training framework,the proposed method improves the accuracy of abnormal detection at last.(3)To address the difficulties in system state reconstruction and system recovery under abnormal conditions in industrial cyber-physical systems,a resilient control method with a graph neural network model and signaldriven mechanism is proposed to effectively enhance the system state reconstruction and recovery ability of ICPS when it suffers from sensor anomalies or sensor-actuator channel signal attacks.A graph neural network model that integrates system structure and system operation data to accurately capture the system’s operating state is proposed.Then,a model predictive control method using the graph neural network model as the prediction model is proposed,and its stability is proven,ensuring the system stability when using the graph neural network model as a substitute feedback for a short time.Finally,this thesis proposes a model predictive resilient control framework,which uses evidence of anomaly detection as a system state feedback switch trigger signal to improve the system stability and increase the speed of convergence.The proposed method ensures the ability of industrial cyber-physical systems to maintain stable operation when suffering from network attacks and physical failures.(4)This thesis constructed a hard-in-the-loop platform for industrial cyber-physical systems experimental verification.First,this thesis analyzed the operational characteristics and composition characteristics of industrial cyber-physical systems,as well as the sources of threats they face in safe operation,and concluded the requirements for building a hard-in-the-loop platform for industrial cyber-physical systems.After that,a hard-in-theloop platform is constructed by using real PLC and other control devices as the cyber layer and using the simulation system as the physical layer.At the same time,corresponding attack scripts and fault logic were also developed for this platform.Finally,the method proposed in this thesis was tested on this hard-in-the-loop platform,and the results showed that the structure identification,anomaly detection,and resilient control methods proposed in this thesis are effective and efficient.