Please wait a minute...
浙江大学学报(工学版)
浙江大学学报(工学版)  2022, Vol. 56 Issue (3): 419-435    DOI: 10.3785/j.issn.1008-973X.2022.03.001
机械工程、能源工程     
仿生视角的数字孪生系统信息安全框架及技术
李琳利1(),顾复1,*(),李浩2,顾新建1,罗国富2,武志强1,刚轶金3
1. 浙江大学 机械工程学院 浙江省先进制造技术重点实验室,浙江 杭州 310027
2. 郑州轻工业大学 河南省机械装备智能制造重点实验室,河南 郑州 450002
3. 机械工业第六设计研究院有限公司,河南 郑州 450007
Framework and key technologies of digital twin system cyber security under perspective of bionics
Lin-li LI1(),Fu GU1,*(),Hao LI2,Xin-jian GU1,Guo-fu LUO2,Zhi-qiang WU1,Yi-jin GANG3
1. Key Laboratory of Advanced Manufacturing Technology of Zhejiang Province, School of Mechanical Engineering, Zhejiang University, Hangzhou 310027, China
2. He’nan Key Laboratory of Intelligent Manufacturing of Mechanical Equipment, Zhengzhou University of Light Industry, Zhengzhou 450002, China
3. SIPPR Engineering Group Limited Company, Zhengzhou 450007, China
 全文: PDF(1417 KB)   HTML
摘要:

为了推动工业信息安全防御模式从静态的被动防御向主动防御转变,缓解安全专家严重不足与陡增的信息安全需求之间的矛盾,从仿生视角搭建数字孪生系统的信息安全主动防御体系框架,以数字孪生安全大脑为核心,提出以主动防御为目的的5类关键技术:基于云边协同的安全数据交互及协同防御技术、仿生的平行数字孪生系统主动防御技术、仿生的平行数字孪生系统安全态势感知技术、基于免疫系统的数字孪生系统主动防控技术、基于AI的数字孪生系统的反攻击智能识别技术. 给出数字孪生车间信息安全建设的应用案例,验证了数字孪生信息安全在智能制造中的适应性.
关键词: 数字孪生信息安全主动防御安全大脑智能制造免疫系统    
Abstract:

In order to promote the transformation of industrial cyber security defense mode from static passive defense to active defense, and alleviate the contradiction between the serious shortage of security experts and the sharp increase of cyber security demands, a cyber security active defense system framework of digital twin system was built from the perspective of bionics, and then five kinds of key technologies focusing on active defense were proposed based on the digital twin security brain (DTSB), including security data interaction and systems collaborative defense based on cloud-edge collaboration, cyber security active defense model of parallel digital twin system, situation awareness of parallel digital twin systems based on digital twin security brain, active defense and control technical framework for digital twin system based on immune system, and anti-attack intelligent recognition of digital twin system based on artificial intelligence. A case study of a digital twin workshop was given to demonstrate the successful application of digital twin cyber security in smart manufacturing.
Key words: digital twin    cyber security    active defense    security brain    smart manufacturing    immune system
收稿日期: 2021-08-24 出版日期: 2022-03-29
CLC:  TP 391  
基金资助: 国家自然科学基金资助项目(71901194, 51775517, 71832013, 52175256)
通讯作者: 顾复     E-mail: lilinli163@163.com;gufu@zju.edu.cn
作者简介: 李琳利(1982—),男,高级工程师,博士生,从事分布式智能制造、数字孪生、知识管理及相关方向的研究. orcid.org/0000-0003-2109-5718. E-mail: lilinli163@163.com,lilinli@zju.edu.cn
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
作者相关文章  
李琳利
顾复
李浩
顾新建
罗国富
武志强
刚轶金

引用本文:

李琳利,顾复,李浩,顾新建,罗国富,武志强,刚轶金. 仿生视角的数字孪生系统信息安全框架及技术[J]. 浙江大学学报(工学版), 2022, 56(3): 419-435.

Lin-li LI,Fu GU,Hao LI,Xin-jian GU,Guo-fu LUO,Zhi-qiang WU,Yi-jin GANG. Framework and key technologies of digital twin system cyber security under perspective of bionics. Journal of ZheJiang University (Engineering Science), 2022, 56(3): 419-435.

链接本文:

https://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2022.03.001        https://www.zjujournals.com/eng/CN/Y2022/V56/I3/419

图 1  仿生视角的数字孪生系统信息安全主动防御体系框架
图 2  基于云边协同的安全数据交互及系统协同防御
图 3  平行数字孪生系统信息安全主动防御模型
序号 环境 攻防模式
1 黑客 真人+安全大脑 真实 实战攻防对抗
2 检验方 真人+安全大脑 真实 实战演习训练
3 检验方 安全大脑 真实+靶场 模拟演习训练
4 黑客 安全大脑 真实+蜜罐 蜜罐诱敌对抗
5 黑客 真人+安全大脑 平行孪生 热备攻防对抗
6 检验方 真人+安全大脑 平行孪生 热备演习训练
7 检验方 安全大脑 平行孪生 全景模拟靶场
8 黑客 安全大脑 平行孪生 蜜罐诱敌防御
表 1  基于安全大脑的平行数字孪生系统攻防模式
图 4  基于安全大脑的平行数字孪生系统态势感知
图 5  基于免疫系统的数字孪生主动防控技术框架
图 6  基于AI的数字孪生系统的反攻击智能识别建模过程
图 7  基于“纵深防御”的数字孪生系统信息安全主动防御系统架构
1 TAO F, QI Q, WANG L, et al Digital twins and cyber–physical systems toward smart manufacturing and Industry 4.0: correlation and comparison[J]. Engineering, 2019, 5 (4): 653- 661
2 TAO F, QI Q Make more digital twins[J]. Nature, 2019, 573 (7775): 490- 491
doi: 10.1038/d41586-019-02849-1
3 陶飞, 刘蔚然, 张萌, 等 数字孪生五维模型及十大领域应用[J]. 计算机集成制造系统, 2019, 25 (1): 5- 22
TAO Fei, LIU Wei-ran, ZHANG Meng, et al Five-dimension digital twin model and its ten applications[J]. Computer Integrated Manufacturing Systems, 2019, 25 (1): 5- 22
4 李欣, 刘秀, 万欣欣 数字孪生应用及安全发展综述[J]. 系统仿真学报, 2019, 31 (3): 385- 392
LI Xin, LIU Xiu, WAN Xin-xin Overview of digital twins application and safe development[J]. Journal of System Simulation, 2019, 31 (3): 385- 392
5 李浩, 刘根, 文笑雨, 等 面向人机交互的数字孪生系统工业安全控制体系与关键技术[J]. 计算机集成制造系统, 2021, 27 (2): 374- 389
LI Hao, LIU Gen, WEN Xiao-yu, et al Industrial safety control system and key technologies of digital twin system oriented to human-machine interaction[J]. Computer Integrated Manufacturing Systems, 2021, 27 (2): 374- 389
6 LANGNER R Stuxnet: dissecting a cyberwarfare weapon[J]. IEEE Security and Privacy, 2011, 9 (3): 49- 51
doi: 10.1109/MSP.2011.67
7 LEYDEN J. Hack on Saudi Aramco hit 30 000 workstations, oil firm admits [EB/OL]. (2012-08-29) [2021-08-01]. https://www.theregister.com/2012/08/29/saudi_aramco_malware_attack_analysis.
8 ROBERTS P. Cyberattack inflicts massive damage on German steel factory [EB/OL]. (2014-12-21) [2021-08-01]. https://securityledger.com/2014/12/cyberattack-inflicts-massive-damage-on-german-steel-factory.
9 王勇, 王钰茗, 张琳, 等 乌克兰电力系统BlackEnergy病毒分析与防御[J]. 网络与信息安全学报, 2017, 3 (1): 46- 53
WANG Yong, WANG Yu-ming, ZHANG Lin, et al Analysis and defense of the BlackEnergy malware in the Ukrainian electric power system[J]. Chinese Journal of Network and Information Security, 2017, 3 (1): 46- 53
10 陈文淦. 协同信息攻击对物理电力系统安全影响及风险评估研究[D]. 镇江: 江苏大学, 2020: 1-2.
CHEN Wen-gan. Research on the impact of coordinated cyber-attack on the physical power system and its security risk assessment [D]. Zhenjiang: Jiangsu University, 2020: 1-2.
11 CIMPANU C. Aluminum producer switches to manual operations after ransomware infection [EB/OL]. (2019-03-19) [2021-08-01]. https://www.zdnet.com/article/aluminium-producer-switches-to-manual-operations-after-extensive-cyber-attack.
12 GRIEVES M, VICKERS J. Digital twin: mitigating unpredictable, undesirable emergent behavior in complex systems [M]// KAHLEN F-J, FLUMERFELT S, ALVES A. Transdisciplinary perspectives on complex systems. Berlin: Springer, 2017: 85-113.
13 陶飞, 刘蔚然, 刘检华, 等 数字孪生及其应用探索[J]. 计算机集成制造系统, 2018, 24 (1): 4- 21
TAO Fei, LIU Wei-ran, LIU Jian-hua, et al Digital twin and its potential application exploration[J]. Computer Integrated Manufacturing Systems, 2018, 24 (1): 4- 21
14 TAO F, CHENG J, QI Q, et al Digital twin-driven product design, manufacturing and service with big data[J]. International Journal of Advanced Manufacturing Technology, 2018, 94: 3563- 3576
doi: 10.1007/s00170-017-0233-1
15 庄存波, 刘检华, 熊辉, 等 产品数字孪生体的内涵、体系结构及其发展趋势[J]. 计算机集成制造系统, 2017, 23 (4): 753- 768
ZHUANG Cun-bo, LIU Jian-hua, XIONG Hui, et al Connotation, architecture and trends of product digital twin[J]. Computer Integrated Manufacturing Systems, 2017, 23 (4): 753- 768
16 郑守国, 张勇德, 谢文添, 等 基于数字孪生的飞机总装生产线建模[J]. 浙江大学学报:工学版, 2021, 55 (5): 843- 854
ZHENG Shou-guo, ZHANG Yong-de, XIE Wen-tian, et al Aircraft final assembly line modeling based on digital twin[J]. Journal of Zhejiang University: Engineering Science, 2021, 55 (5): 843- 854
17 TAO F, SUI F, LIU A, et al Digital twin-driven product design framework[J]. International Journal of Production Research, 2019, 57 (12): 3935- 3953
doi: 10.1080/00207543.2018.1443229
18 李琳利, 李浩, 顾复, 等 基于数字孪生的复杂机械产品多学科协同设计建模技术[J]. 计算机集成制造系统, 2019, 25 (6): 1307- 1319
LI Lin-li, LI Hao, GU Fu, et al Multidisciplinary collaborative design modeling technologies for complex mechanical product based on digital twin[J]. Computer Integrated Manufacturing Systems, 2019, 25 (6): 1307- 1319
19 李浩, 陶飞, 王昊琪, 等 基于数字孪生的复杂产品设计制造一体化开发框架与关键技术[J]. 计算机集成制造系统, 2019, 25 (6): 1320- 1336
LI Hao, TAO Fei, WANG Hao-qi, et al Integration framework and key technologies of complex product design-manufacturing based on digital twin[J]. Computer Integrated Manufacturing Systems, 2019, 25 (6): 1320- 1336
20 UHLEMANN T H J, LEHMANN C, STEINHILPER R The digital twin: realizing the cyber-physical production system for Industry 4.0[J]. Procedia CIRP, 2017, 61: 335- 340
doi: 10.1016/j.procir.2016.11.152
21 ZHANG H, LIU Q, CHEN X, et al A digital twin-based approach for designing and multi-objective optimization of hollow glass production line[J]. IEEE Access, 2017, 5: 26901- 26911
doi: 10.1109/ACCESS.2017.2766453
22 陶飞, 程颖, 程江峰, 等 数字孪生车间信息物理融合理论与技术[J]. 计算机集成制造系统, 2017, 23 (8): 1603- 1611
TAO Fei, CHENG Ying, CHENG Jiang-feng, et al Theories and technologies for cyber-physical fusion in digital twin shop-floor[J]. Computer Integrated Manufacturing Systems, 2017, 23 (8): 1603- 1611
23 TAO F, ZHANG M, LIU Y, et al Digital twin driven prognostics and health management for complex equipment[J]. CIRP Annals, 2018, 67 (1): 169- 172
doi: 10.1016/j.cirp.2018.04.055
24 陶飞, 马昕, 胡天亮, 等 数字孪生标准体系[J]. 计算机集成制造系统, 2019, 25 (10): 2405- 2418
TAO Fei, MA Xin, HU Tian-liang, et al Research on digital twin standard system[J]. Computer Integrated Manufacturing Systems, 2019, 25 (10): 2405- 2418
25 贾驰千, 冯冬芹 基于模糊层次分析法的工控系统安全评估[J]. 浙江大学学报:工学版, 2016, 50 (4): 759- 765
JIA Chi-qian, FENG Dong-qin Security assessment for industrial control systems based on fuzzy analytic hierarchy process[J]. Journal of Zhejiang University: Engineering Science, 2016, 50 (4): 759- 765
26 BITTON R, GLUCK T, STAN O, et al. Deriving a cost-effective digital twin of an ICS to facilitate security evaluation [C]// European Symposium on Research in Computer Security. Barcelona: Springer, 2018: 533-554.
27 GEHRMANN C, GUNNARSSON M A digital twin based industrial automation and control system security architecture[J]. IEEE Transactions on Industrial Informatics, 2020, 16 (1): 669- 680
doi: 10.1109/TII.2019.2938885
28 SADEGHI A R, WACHSMANN C, WAIDNER M. Security and privacy challenges in industrial Internet of Things [C]// 2015 52nd ACM/EDAC/IEEE Design Automation Conference. San Francisco: IEEE, 2015: 1-6.
29 RIEL A, KREINER C, MACHER G, et al Integrated design for tackling safety and security challenges of smart products and digital manufacturing[J]. CIRP Annals, 2017, 66 (1): 177- 180
doi: 10.1016/j.cirp.2017.04.037
30 SOLMS R V, NIEKERK J V From information security to cyber security[J]. Computers and Security, 2013, 38 (10): 97- 102
31 WU D, REN A, ZHANG W, et al Cybersecurity for digital manufacturing[J]. Journal of Manufacturing Systems, 2018, 48: 3- 12
32 WELLS L, CAMELIO J, WILLIAMS C, et al Cyber-physical security challenges in manufacturing systems[J]. Manufacturing Letters, 2015, 2 (2): 74- 77
33 VINCENT H, WELLS L, TARAZAGA P, et al Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems[J]. Procedia Manufacturing, 2015, 1: 77- 85
doi: 10.1016/j.promfg.2015.09.065
34 BABICEANU R F, SEKER R Trustworthiness requirements for manufacturing cyber-physical systems[J]. Procedia Manufacturing, 2017, 11: 973- 981
doi: 10.1016/j.promfg.2017.07.202
35 PASQUALETTI F, D?RFLER F, BULLO F Attack detection and identification in cyber-physical systems[J]. IEEE Transactions on Automatic Control, 2013, 58 (11): 2715- 2729
doi: 10.1109/TAC.2013.2266831
36 PASQUALETTI F, DÖRFLER, F, BULLO F. Attack detection and identification in cyber-physical systems -- part II: centralized and distributed monitor design [EB/OL]. (2012-02-27) [2021-08-01].https://arxiv.org/pdf/1202.6049v1.pdf
37 ECKHART M, EKELHART A. Towards security-aware virtual environments for digital twins [C]// Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. New York: ACM, 2018: 61-72.
38 POKHREL A, KATTA V, COLOMO-PALACIOS R. Digital twin for cybersecurity incident prediction: a multivocal literature review [C]// Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops. New York: IEEE, 2020: 671–678.
39 DIETZ M, VIELBERTH M, GÜNTHER P. Integrating digital twin security simulations in the security operations center [C]// Proceedings of the 15th International Conference on Availability, Reliability and Security. New York: [s.n.], 2020: 1-9.
40 SEAY S Seeing double: digital twin for a secure, resilient grid[J]. Oak Ridge National Laboratory Review, 2019, 52 (2): 34- 35
41 SAAD A, FADDEL S, YOUSSEF T, et al On the implementation of IoT-based digital twin for networked microgrids resiliency against cyber attacks[J]. IEEE Transactions on Smart Grid, 2020, 11 (6): 5138- 5150
doi: 10.1109/TSG.2020.3000958
42 任午令, 赵翠文, 姜国新, 等 基于攻击行为预测的网络防御策略[J]. 浙江大学学报:工学版, 2014, 48 (12): 2144- 2151
REN Wu-ling, ZHAO Cui-wen, JIANG Guo-xin, et al Network defense strategy based on cyber attack behavior prediction[J]. Journal of Zhejiang University: Engineering Science, 2014, 48 (12): 2144- 2151
43 LI L, GU F, LI H, et al Digital twin bionics: a biological evolution-based digital twin approach for rapid product development[J]. IEEE Access, 2021, 9: 121507- 121521
doi: 10.1109/ACCESS.2021.3108218
44 360发布安全大脑 引领安全防护进入智能时代[EB/OL]. (2018-05-17) [2021-08-01]. http://cnews.chinadaily.com.cn/2018-05/17/content_36222517.htm
45 谢堂涛, 易方, 梅光焜 平行系统理论在体系对抗训练中的应用初探[J]. 现代防御技术, 2020, 48 (1): 100- 106
XIE Tang-tao, YI Fang, MEI Guang-kun Preliminary exploration on application of parallel system theory in systemic confrontation training[J]. Modern Defence Technology, 2020, 48 (1): 100- 106
46 刘建毅, 郭燕慧 生物免疫系统对信息安全的启示[J]. 中国医学影像技术, 2003, 19 (204): 153- 154
LIU Jian-yi, GUO Jian-hui The inspiration provided by biological immune system to information security[J]. Chinese Journal of Medical Imaging Technology, 2003, 19 (204): 153- 154
47 HOFMEYR S A, FORREST S Architecture for an artificial immune system[J]. Evolutionary Computation, 2000, 8 (4): 443- 473
doi: 10.1162/106365600568257
48 于涵, 王毅, 沈昌祥 一种基于免疫系统原理的信息安全系统新模型[J]. 电子学报, 2006, 34 (12): 2455- 2457
YU Han, WANG Yi, SHEN Chang-xiang A new model of information security system based on immune system[J]. Acta Electronica Sinica, 2006, 34 (12): 2455- 2457
49 沈昌祥 用主动免疫可信计算3.0筑牢网络安全防线营造清朗的网络空间[J]. 信息安全研究, 2018, 4 (4): 282- 302
SHEN Chang-xiang To create a positive cyberspace by safeguarding network security with active immune trusted computing 3.0[J]. Journal of Information Security Research, 2018, 4 (4): 282- 302
doi: 10.3969/j.issn.2096-1057.2018.04.001
50 周鸿祎. 打造安全大脑迫切需要AI+大数据[EB/OL]. (2018-09-06)[2021-08-01]. https://news.sciencenet.cn/sbhtmlnews/2018/9/338881.shtm.
51 张波 基于纵深防御理念的DCS信息安全方案在青岛炼化项目的应用[J]. 中国仪器仪表, 2014, (2): 30- 35
Zhang Bo Defense in depth IT security solution in Qingdao refinery company project[J]. China Instrumentation, 2014, (2): 30- 35
doi: 10.3969/j.issn.1005-2852.2014.02.004
[1] 程浙武,童水光,童哲铭,张钦国. 工业锅炉数字化设计与数字孪生综述[J]. 浙江大学学报(工学版), 2021, 55(8): 1518-1528.
[2] 郑守国,张勇德,谢文添,樊虎,王青. 基于数字孪生的飞机总装生产线建模[J]. 浙江大学学报(工学版), 2021, 55(5): 843-854.
[3] 杨先勇, 周晓军, 林勇, 张文斌, 沈路. 基于V-detector算法的滚动轴承故障诊断方法[J]. J4, 2010, 44(9): 1805-1810.
[4] 林可鸿 贺益君 陈德钊. 混合优化人工免疫网络用于过程动态优化[J]. J4, 2008, 42(12): 2181-2186.
[5] 张庆彬 吴惕华 刘波. 克隆选择单变量边缘分布算法[J]. J4, 2007, 41(10): 1715-1718.
[6] 高云园 韦巍. 未知环境中基于免疫网络的多机器人自主协作[J]. J4, 2006, 40(5): 733-737.