Digital Twin Framework for the Generation and Optimization of Security Policies for TSN Industrial Control Systems

doi:10.16182/j.issn1004731x.joss.23-1589

Abstract

Abstract:

The characteristic of multi-service flow integration in TSN industrial control systems makes it very difficult to establish an accurate mathematical model. In order to ensure the coordination between the security policy and the real-time operation of the system, a four-layer double-closed-loop digital twin framework of "physical layer-data layer-twin layer-service layer" serving the generation and optimization of security policies is proposed. The optimal security policy generation is achieved through the internal closed loop composed of iterative optimization between the initial security policy generation at the service layer and the deployment verification at the twin layer. The deterministic communication process between the controller and the motor in the industrial field is taken as the experimental object to verify the effectiveness of the framework.

Key words: digital twin framework, TSN industrial control system, security policy decision-making, adaptive optimization, modeling and simulation

CLC Number:

TP391.9

Zhang Huimai, Hu Xiaoya, Zhou Chunjie. Digital Twin Framework for the Generation and Optimization of Security Policies for TSN Industrial Control Systems[J]. Journal of System Simulation, 2025, 37(4): 861-874.

Figures/Tables 19

Fig. 1

Fig. 2

Fig. 3

Fig. 4

Fig. 5

Fig. 6

Table 1

Bayesian game model parameters

参数	表达式
博弈参与者	$P = {P A, P D}$ ，其中， $P A$ 是攻击者， $P D$ 是防御者
状态节点	$S = {s 1, s 2, ⋯, s n}$
防御者类型	$T D = {T D, 1, T D, 2}$ (根据时间敏感度分类)
攻击者类型	$T A = {T A, 1, T A, 2}$ (网络破坏和数据破坏)
防御者视角预测	$P A : P (T A \| T D)$
攻击者策略	$G A = {G A, 1, G A, 2, ⋯, G A, L}$
防御者策略	$G D = {G D, 1, G D, 2, ⋯, G D, M}$
攻击者收益	$U A = U A (T D, T A, G D, G A)$
防御者收益	$U D = U D (T D, T A, G D, G A)$

Table 1

Fig. 7

Fig. 8

Table 2

Fig. 9

Fig. 10

Table 3

Table 4

Fig. 11

Fig. 12

Fig. 13

Fig. 14

Fig 15

References 19

1	Petnga L, Austin M. An Ontological Framework for Knowledge Modeling and Decision Support in Cyber-physical Systems[J]. Advanced Engineering Informatics, 2016, 30(1): 77-94.
2	Hao Jianye, Kang E, Sun Jun, et al. An Adaptive Markov Strategy for Defending Smart Grid False Data Injection from Malicious Attackers[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 2398-2408.
3	Huang Kaixing, Zhou Chunjie, Qin Yuanqing, et al. A Game-theoretic Approach to Cross-layer Security Decision-making in Industrial Cyber-physical Systems[J]. IEEE Transactions on Industrial Electronics, 2020, 67(3): 2371-2379.
4	李洋, 刘天莺, 朱建明, 等. 基于Q学习与贝叶斯博弈的物联网安全[J]. 计算机工程与设计, 2022, 43(4): 901-906.
	Li Yang, Liu Tianying, Zhu Jianming, et al. Security of Internet of Things Based on Q-learning and Bayesian Game[J]. Computer Engineering and Design, 2022, 43(4): 901-906.
5	Hu Bowen, Zhou Chunjie, Tian Yuchu, et al. Decentralized Consensus Decision-making for Cybersecurity Protection in Multimicrogrid Systems[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2021, 51(4): 2187-2198.
6	朱美潘, 杨健晖, 李欣格, 等. 云环境下工业信息物理系统现场层安全策略决策方法[J]. 控制与决策, 2024, 39(1): 281-290.
	Zhu Meipan, Yang Jianhui, Li Xinge, et al. A Security Decision-making Approach for Field Layer of Cloud-integrated Industrial Cyber-physical Systems[J]. Control and Decision, 2024, 39(1): 281-290.
7	Grieves M, Vickers J. Digital Twin: Mitigating Unpredictable, Undesirable Emergent Behavior in Complex Systems[M]//Franz-Josef Kahlen, Flumerfelt S, Anabela Alves. Transdisciplinary Perspectives on Complex Systems: New Findings and Approaches. Cham: Springer International Publishing, 2017: 85-113.
8	陶飞, 刘蔚然, 张萌, 等. 数字孪生五维模型及十大领域应用[J]. 计算机集成制造系统, 2019, 25(1): 1-18.
	Tao Fei, Liu Weiran, Zhang Meng, et al. Five-dimension Digital Twin Model and Its Ten Applications[J]. Computer Integrated Manufacturing Systems, 2019, 25(1): 1-18.
9	孙滔, 周铖, 段晓东, 等. 数字孪生网络(DTN): 概念、架构及关键技术[J]. 自动化学报, 2021, 47(3): 569-582.
	Sun Tao, Zhou Cheng, Duan Xiaodong, et al. Digital Twin Network (DTN): Concepts, Architecture, and Key Technologies[J]. Acta Automatica Sinica, 2021, 47(3): 569-582.
10	张仁斌, 赵季翔, 杨戬, 等. 基于容器的轻量级工业控制系统网络安全测试床研究[J]. 计算机应用研究, 2021, 38(2): 506-509.
	Zhang Renbin, Zhao Jixiang, Yang Jian, et al. Research on Lightweight ICS Cyber Security Testbed Based on Container[J]. Application Research of Computers, 2021, 38(2): 506-509.
11	Pfister P, Wymore M L, Jacobson D, et al. Design and Implementation of a Cyber Physical Testbed for Security Training[C]///Proceedings of the 12th USENIX Conference on Cyber Security Experimentation and Test. USA: USENIX Association, 2019: 1.
12	孙健, 翟健宏. 工控网络仿真靶场虚拟化场景的构建[J]. 智能计算机与应用, 2021, 11(9): 191-195, 199.
	Sun Jian, Zhai Jianhong. A Virtual Scene Construction of Industrial Control Network Simulated Range[J]. Intelligent Computer and Applications, 2021, 11(9): 191-195, 199.
13	Ayyalusamy V, Sivaneasan B, Kandasamy N K, et al. Hybrid Digital Twin Architecture for Power System Cyber Security Analysis[C]//2022 IEEE PES Innovative Smart Grid Technologies - Asia (ISGT Asia). Piscataway: IEEE, 2022: 270-274.
14	Francia Guillermo, Hall Gregory. Digital Twins for Industrial Control Systems Security[C]//2021 International Conference on Computational Science and Computational Intelligence (CSCI). Piscataway: IEEE, 2021: 801-805.
15	Murillo Andrés F, Rueda Sandra. Access Control Policies for Network Function Virtualization Environments in Industrial Control Systems[C]//2020 4th Conference on Cloud and Internet of Things (CIoT). Piscataway: IEEE, 2020: 17-24.
16	徐博, 杜鑫, 周纯杰. 数字孪生视角下基于LSTM的工控系统异常检测方法[J]. 信息安全研究, 2022, 8(6): 578-585.
	Xu Bo, Du Xin, Zhou Chunjie. Anomaly Detection Method of Industrial Control System Based on LSTM from the Perspective of Digital Twins[J]. Journal of Information Security Research, 2022, 8(6): 578-585.
17	Falk Jonathan, Hellmanns David, Carabelli Ben, et al. NeSTiNg: Simulating IEEE Time-sensitive Networking (TSN) in OMNeT++[C]//2019 International Conference on Networked Systems (NetSys). Piscataway: IEEE, 2019: 1-8.
18	Hang Nianzhi, Ye Feng, Cheng Zheyuan, et al. Simulating and Evaluating Privacy Issues in Distributed Microgrids: A Cyber-physical Co-simulation Platform[C]//IECON 2021-47th Annual Conference of the IEEE Industrial Electronics Society. Piscataway: IEEE, 2021: 1-6.
19	Allaoua Ammar, Toufik Madani Layadi, Colak Ilhami, et al. Design and Simulation of Smart-grids Using OMNeT++/Matlab-simulink Co-simulator[C]//2021 10th International Conference on Renewable Energy Research and Application (ICRERA). Piscataway: IEEE, 2021: 141-145.

业务流	优先级	描述
网络控制流	P₇	CNC与交换机间网络探测、配置下发
等时流	P₆	控制器到电机之间传输的业务流
音视频流	P₄	摄像机产生的音视频传输给服务器和监控工作站
突发事件流	P₂	工程师站或操作员站下发的参数配置流或运行控制流
尽力而为流	P₀	数据服务器和传感器、控制器间的业务流

状态描述	攻击手段	描述	防御手段	描述
S₁系统正常运行	a₁	获取AH1用户权限	d₁	AH1设置登录验证
	a₂	获取AH2用户权限	d₂	AH2设置登录验证
	a₃	获取AH2管理权限
S₂获取AH1用户权限/S₃获取AH2用户权限	a₄	获取监控工作站权限	d₃	工程师站数字认证
	a₅	获取操作员站权限	d₄	操作员站数字认证
	a₆	获取工程师站权限	d₅	监控工作站数字认证
	a₇	获取CNC权限	d₆	CNC数据包过滤
			d₇	数据包过滤
			d₈	断开连接
S₄获取监控工作站权限	a₈	实施DDos攻击	d₉	视频监控服务器访问控制
S₄获取监控工作站权限	a₉	利用漏洞操作现场监控设备	d₁₀	重启设备
S₅获取CNC权限	a₁₀	篡改数据库数据	d₁₁	重启设备
S₅获取CNC权限	a₁₁	篡改下发配置信息	d₁₂	断开连接
S₆获取工程师站用户权限/S₇获取操作员站根权限	a₁₂	伪装主时钟	d₁₃	控制器与电机间数据加密RSA
	a₁₃	篡改控制器数据	d₁₄	控制器与电机间数据加密AES
	a₁₄	实施DDos攻击	d₁₅	工程师站与控制器间数据加密RSA
	a₁₅	篡改业务流优先级	d₁₆	工程师站与控制器间数据加密AES
	a₁₆	中间人攻击伪装控制器

[1]	Xie Xu, Qiu Xiaogang, Bao Yizheng, Xu Kai. Dynamic Data Driven Simulation: An Overview [J]. Journal of System Simulation, 2024, 36(8): 1832-1842.
[2]	Ren Qiankun, Xiong Xinli, Liu Jingju, Yao Qian. Reserach on Digital Twins Technology in Cyberspace Security [J]. Journal of System Simulation, 2024, 36(8): 1944-1957.
[3]	Han Lu, Lin Zhang, Kunyu Wang, Zejun Huang, Hongbo Cheng, Jin Cui. A Framework on Equipment Digital Twin Credibility Assessment [J]. Journal of System Simulation, 2023, 35(7): 1455-1471.
[4]	Mingyuan Liu, Jiaxiang Xie, Hao Wu, Jianlin Fu, Guofu Ding. Research on Workshop Logic Modeling and Simulation Based on Finite State Machine [J]. Journal of System Simulation, 2023, 35(4): 853-861.
[5]	Li Liuzhen, Jin Chao, Lin Tingyu, Zhu Yaoqin. Modeling and Simulation on Production Logistics of Intelligent Workshop Manufacturing System Based on EFSM [J]. Journal of System Simulation, 2023, 35(12): 2655-2668.
[6]	Wang Can, Ji Haoran, Guo Qisheng, Dong Zhiming, Tan Yaxin, Mu Ge. Development of Combat Concept of Intelligent Land Assault System Based on DoDAF [J]. Journal of System Simulation, 2023, 35(11): 2397-2409.
[7]	Guowei Lu, Xueqiang Tao, Deguang Duan, Hao Li, Zerui Zhang, En Chen. Research on Modeling and Simulation of Application Efficiency of Tactical Medical Equipment [J]. Journal of System Simulation, 2023, 35(1): 190-201.
[8]	Guoqiang Shi, Zewei Liu, Tingyu Lin, Zhao Xu, Xingyi Yang, Liqin Guo, Zhengxuan Jia. Open Cloud Architecture Design for Complex Product Modeling and Simulation System [J]. Journal of System Simulation, 2022, 34(3): 442-451.
[9]	Feng Li, Ying Wei. Product Decisions in Presence of Social Learning and Reference Point Effect [J]. Journal of System Simulation, 2022, 34(2): 234-246.
[10]	Gongguo Xu, Libing Cai, Peibing Du, Yu Liu. Research on Modeling and Simulation of Optimization Deployment for Cooperative Localization by Multiple Detection Sensors in Complex Environment [J]. Journal of System Simulation, 2022, 34(10): 2171-2180.
[11]	Fan Changjia, Du Yanqiu, Liang Di, Hu Kai, Huang Jiayan. Modeling and Simulation of Emergency Medical Resources Allocation in Shanghai during COVID-19 [J]. Journal of System Simulation, 2022, 34(1): 93-103.
[12]	Si Guangya, Wang Yanzheng. Challenges and Reflection on Next-generation Large-scale Computer Wargame System [J]. Journal of System Simulation, 2021, 33(9): 2010-2016.
[13]	Cao Qi, Xiang Qun, Wang Wenzheng. Research on Component-based Modeling of Simulation Entity for Logistics and Equipment Support [J]. Journal of System Simulation, 2021, 33(6): 1233-1240.
[14]	Li Wenxiang, Li Ye, Dong Jieshuang, Li Yiming. Development Paths of New Energy Vehicles Incorporating CO₂ Emissions Trading Scheme [J]. Journal of System Simulation, 2021, 33(6): 1451-1465.
[15]	Zheng Lingsha, Jiang Bing, Zhao Zhe, Yang Zhaoxu. Research on Time Performance Simulation and Analysis Technology of Aviation Complex Embedded System [J]. Journal of System Simulation, 2021, 33(6): 1489-1499.