Anomaly Intrusion Detection Methods Of User Behavior In Industrial IOT Based On Trust Evaluation

Industrial Control System (ICS) is widely used in critical infrastructure related to people’s livelihood; meanwhile it is an important part of the national security strategy. With the development of internet of things technology, the industrial control system closed originally has become more complex and open, so it is facing serious problem of information security. Since the user as an important participant in industrial control systems, whether the users’behaviors are credible is one of the most fundamental problems of system security. Therefore, the study of the credibility of the users’ behaviors in the Industrial Control System has important academic value and practical significance.This paper is based on the analysis of Industrial Control System with IOT characteristics. To evaluate the user behavior and detect the abnormal user behavior, in this paper, the users’ behaviors in the industrial control systems will be collected and analysed from the two aspects respectively. The main contents are as follows:(1) A general framework of Industrial Control System with IOT is proposed for the security issue existed in the industrial control systems currently. Increase a functional module of credibility in the traditional industrial control systems to assess the credible level of user behavior and detect the user abnormal operation.(2) A trust evaluation model of user behavior for the system platform is built for the credible stability issues of the users’ behaviors. The credibility of the users’behaviors are constituted by the accessing trust property, the integrity trust property, the performance trust property, which all can be represented by the credibility evidences of design and running. According to the weights of design credibility and running credibility, the single property can be calculated and the credibility of the user behavior can be assess from all the single properties based on the D-S evidence theory.(3) For user behavior intrusion detection problem of industrial control system under the IOT mode, based on the system platform, user behavior can be divided into user behavior operation level and user behavior system level two kinds of transactions, proceed from the operating level and system level respectively, get the user’s behavior credible evidence, based on sliding time window method to generate operation sequence and system affairs sequence, introduce frequent sequence mining algorithm GSP, get users accustomed operation sequence sets. Then, through the dictionary tree(Trie) to test the current user behavior analysis.Finally, based on the existing LED display control integrated platform under the IOT, a system user behavior module has been developed. According to the system attributes, level design standards of the accessing trust property, the integrity trust property, the performance trust property has been given. Design credibility of the system’s attributes are conform to the requirements of the high reliable. Then, based on the operation parameters to get the credibility, thus to calculate the platform reliability. The results show that the platform reliability is affected by the operating system configuration. The collection of the user behavior operation level and system level credible evidences is based on the additional trusted design module. To get the transaction sequence set based on sliding time window method. Then, get platform users accustomed operation sequence sets by constructing a GSP frequent pattern mining algorithm. Finally, when system is running, the system gets the probability of current user behavior by the design module of Trie. If user behavior is anomaly, the system will refuse to user actions.