Open AccessArticle

Network Security Prediction of Industrial Control Based on Projection Equalization Optimization Algorithm

Guoxing Li

¹,

Yuhe Wang

^1,*,

Shiming Li

Chao Yang

²,

Qingqing Yang

¹ and

Yanbin Yuan

School of Computer Science and Information Engineering, Harbin Normal University, Harbin 150025, China

School of Physics and Electronic Engineering, Harbin Normal University, Harbin 150025, China

Author to whom correspondence should be addressed.

Sensors 2024, 24(14), 4716; https://doi.org/10.3390/s24144716

Submission received: 16 May 2024 / Revised: 12 July 2024 / Accepted: 18 July 2024 / Published: 20 July 2024

(This article belongs to the Section Sensor Networks)

Download

Browse Figures

Review Reports Versions Notes

Abstract

This paper predicts the network security posture of an ICS, focusing on the reliability of Industrial Control Systems (ICSs). Evidence reasoning (ER) and belief rule base (BRB) techniques are employed to establish an ICS network security posture prediction model, ensuring the secure operation and prediction of the ICS. This model first integrates various information from the ICS to determine its network security posture value. Subsequently, through ER iteration, information fusion occurs and serves as an input for the BRB prediction model, which necessitates initial parameter setting by relevant experts. External factors may influence the experts’ predictions; therefore, this paper proposes the Projection Equalization Optimization (P-EO) algorithm. This optimization algorithm updates the initial parameters to enhance the prediction of the ICS network security posture through the model. Finally, industrial datasets are used as experimental data to improve the credibility of the prediction experiments and validate the model’s predictive performance in the ICS. Compared with other methods, this paper’s prediction model demonstrates a superior prediction accuracy. By further comparing with other algorithms, this paper has a certain advantage when using less historical data to make predictions.

Keywords:

belief rule base (BRB); evidence reasoning (ER); industrial control systems (ICSs); projection equalization optimization algorithm (P-EO); security situation prediction

1. Introduction

Industrial Control Systems (ICSs) are integrated and critical control systems consisting of both hardware and software components interconnected via networks to support the operation and security of critical infrastructure. Their applications are diverse, with the majority being utilized in facilities such as power plants, sewage treatment plants, and other critical infrastructure factories [1]. Technological advancements and the expansion of factories have led to many ICSs needing to interact with external networks. However, due to inadequate security defenses in some ICSs, they are susceptible to novel cyberattacks during network interactions, which can disrupt the normal operation of companies [2]. Therefore, it is crucial to prioritize security predictions for ICSs.

The prediction of an Industrial Control System’s (ICS) network security posture is an effective means of preventing network security incidents [3]. The predicted results can prevent network attacks and provide a basis for administrators to take necessary measures in advance. However, ICSs feature characteristics such as diversity, heterogeneity, and high security, necessitating the fulfillment of high robustness and security requirements [4]. Moreover, the complex and changeable production environment of ICSs, interference-prone data extraction, and the large data volume present challenges in data acquisition [5,6]. Inherent uncertainty in the data obtained from ICSs, which includes both probabilistic and fuzzy uncertainties, complicates the establishment of predictive models for ICS network security [7]. Therefore, establishing predictive models requires a comprehensive analysis of additional information to efficiently forecast the network security posture of ICSs. Additionally, understanding popular forecasting methods in related fields is also essential.

In recent years, there has been a growing number of various network attack incidents, resulting in significant economic losses and disruptions to daily life. This has led many experts to increasingly emphasize the direction of security prediction. Nowadays, numerous different security prediction methods have been proposed. Yin et al. proposed a situational prediction model combining a Time Series Convolutional Network (TCN) with a Transformer [8]. Similarly, Xu et al. introduced an intelligent prediction algorithm to address real-time security performance issues and improve Convolutional Neural Network (CNN) models [9]. Sepasgozar et al. utilized federated learning and Long Short-Term Memory (LSTM) algorithms for network traffic prediction [10]. Li et al. employed a convolutional neural network approach for privacy protection prediction [11]. Qi et al. focused on privacy-aware data in urban industrial environments, combining local sensitive hash techniques for data fusion and prediction [12]. Liu et al. addressed short-term wind power prediction using discrete wavelet transformation and LSTM technology [13]. Riihijarvi et al. applied machine learning techniques to wireless network performance prediction problems [14]. Wen et al. proposed a semi-supervised prediction model for solving prediction function problems [15].

Based on the prediction methods and information used in the modeling above, security prediction can be classified into three methods.

(1) Qualitative knowledge-based methods: These methods rely on experts’ practical experience and various factors to determine the weights of model factors and appropriate algorithms for prediction. Examples of studies using them include that by Ma et al., who proposed an effective online prediction algorithm for Petri net marking prediction [16]. Tehseen et al. proposed an algorithm for earthquake prediction using expert systems [17]. Xi et al. used the analytic hierarchy process to establish evaluation indicators for solid mineral exploration and target areas [18]. However, solely relying on qualitative knowledge-based methods may not be sufficient to establish accurate prediction models due to the complexity of ICS network structures and the suddenness of virus attacks. Moreover, this method is primarily based on expert experience, which is subjective and may lead to significant errors if expert experience is inadequate. Additionally, various types of uncertain information cannot be effectively utilized.

(2) Quantitative data-based prediction methods: These methods involve the use of artificial intelligence to establish relevant mathematical models, which are then trained using a large amount of related data. Examples of studies using them include that by Ge et al., who utilized a high-dimensional Bayesian regression framework and multi-gene risk scores to address the multi-gene prediction problem [19]. Wang et al. employed traditional linear regression, Factsage calculations, and backpropagation (BP) neural networks to predict the deformation temperature of coal ash [20]. Jin et al. designed a plane flow variational auto-encoder prediction model (PFVAE) using time series methods [21]. Liu et al. proposed an end-to-end deep learning architecture for predicting subway entrance and exit passenger flow [22]. Chen et al. tackled the prediction accuracy issue in network situational awareness by proposing a generalized radial basis function [23]. Speiser et al. were able to assess different variable selection techniques in random forest classification settings [24]. This method operates as a black box, and its operational mechanism cannot provide reasonable explanations. Therefore, it is challenging to apply this method in complex ICS network security situation prediction. Furthermore, obtaining good model parameters is difficult for small-scale samples using quantitative data-based prediction methods, leading to a reduced prediction accuracy.

(3) Semi-quantitative information-based prediction methods: These methods integrate qualitative knowledge and quantitative data. They use qualitative knowledge to determine the parameters of the prediction model and train the prediction model using a large amount of quantitative data for prediction. Some examples of studies using them include that by Dong et al., who applied the extended Markov model to evaluate and predict the status of spiral motors [25]. Cao et al. proposed several improved fuzzy rough neural network models and validated their advantages through experiments on complex stock time series prediction tasks [26]. Zhang et al. used Bayesian and automated machine learning methods to tackle the performance prediction problem of tunnel boring machines [27]. These methods combine qualitative knowledge and quantitative data, using expert experiences to establish preliminary models, ensuring the accurate prediction of complex ICS network security posture situations with fewer data samples. However, existing semi-quantitative information-based methods can only handle single types of uncertain information, and expert knowledge may also be affected by external and internal factors, thereby influencing the prediction results.

From the above methods, it can be seen that the first two approaches consider only single knowledge or data sources. The third approach, while combining and improving upon the first two methods, can handle only single types of data and overlooks the uncertainty of expert knowledge. Several scholars have proposed solutions as well. For example, Wang et al. proposed the ER algorithm [28] and the BRB method [29], introducing a novel logical data processing approach. Yang et al. introduced a new model integrating the extended belief rule-based system (EBRBS) and evidence reasoning rules for environmental investment prediction [30]. Cheng et al. applied the BRB to fault detection in flywheel systems, proposing a Fault Diagnosis Model (FFBRB) based on fuzzy fault tree analysis theory [31]. Li et al. studied complex systems and embedded expert knowledge into transformation matrices based on rule change techniques, proposing a health assessment model based on ER rules [32]. Zhang et al. addressed the problem of setting parameters rationally due to the increase in antecedent attributes, proposing a method to automatically generate large-scale BRB initial parameters using partial standard rules and cloud models [33]. He et al. applied ER and the BRB to the field of wireless sensor network fault prediction, proposing a wireless sensor fault prediction method [34]. Han et al. proposed a model parameter optimization method using interval optimization strategies to predict lithium battery capacity, also employing the Whale Optimization Algorithm (WOA) [35]. Hu et al. introduced a new network security situation prediction model using Hidden BRB models and the Covariance Matrix Adaptation Evolution Strategy (CMA-ES) algorithm [36].

Through the analysis above, this study applies ER and the BRB to construct a predictive model. When predicting the security situation of heterogeneous networks in ICSs, it is essential to consider the actual situation. Due to the complexity of industrial environments, heterogeneous networks are even more intricate. Therefore, it is intended to select the best parameters of the prediction model through the EO algorithm [37]. Due to the characteristics of industrial control heterogeneous networks, projection operation is added based on the EO algorithm. Then, the P-EO algorithm is used to mitigate its impact and enhance the prediction accuracy. Since semi-quantitative information is also crucial, it requires careful processing. However, when dealing with excessive data, it may lead to the challenge of BRB combination explosion. To tackle this issue, this study employs the ER iteration algorithm to integrate semi-quantitative information. The BBR model offers a visually intuitive reasoning process and a rigorous structure. It effectively addresses the challenge of poor modeling effectiveness in industrial control heterogeneous networks, attributed to their large scale and data deficiencies [38]. This enables managers to obtain more reliable prediction results and accurate information, thereby reducing company losses and avoiding risks. Consequently, it enhances the risk resistance and emergency response capabilities of industrial control heterogeneous network systems.

The structure of this paper is as follows: The second section describes the problem of predicting the security posture of ICS networks and provides an overview of the process. The third section introduces the construction of the ICS network security situational prediction model, providing further details on its development process. The fourth section involves testing the predictive model using specific case data and comparing this with other methods to evaluate its practicality. Finally, the fifth section summarizes the findings and presents the outlook for this research field.

2. Problem Description

This section will be divided into three parts to introduce the prediction of ICS network security:

(1) Given the complexity of ICSs, conducting network security posture assessment is essential. Evaluation indicators are derived from impact analysis, and subsequently, an evaluation framework is established based on their significance. The multitude and diversity of evaluation indicators make data fusion challenging, hence the adoption of the ER iteration algorithm to mitigate this issue.

(2) A network security posture prediction model is established based on the BRB, where the network security posture values of adjacent time periods are used as inputs to predict the network security posture of the next time period.

(3) Expert knowledge in setting initial parameters may lead to significant errors in the prediction model. Therefore, the P-EO algorithm is adopted to update the initial parameters of the BRB model to address this issue.

2.1. Parameter Table

All parameter descriptions are summarized in Table 1.

2.2. Industrial Control Network

The industrial control network exhibits heterogeneity and can be classified based on deterministic latency. Communication in heterogeneous networks can be categorized into integrated and interconnected modes. The integrated mode is suitable for scenarios with weak latency requirements, while the interconnected mode is suitable for scenarios with stronger latency requirements. A structural diagram is constructed based on the characteristics of heterogeneous networks and the IEC 62264-1 standard [39], illustrating the specific architecture of ICSs, as depicted in Figure 1.

By observing the structure of ICSs, it can be divided into five layers from bottom to top according to different functions:

(1) Field device layer: this layer includes various types of sensing devices and actuator units used for perceiving and operating the production process.

(2) Field control layer: this layer includes various types of controller units used for controlling the actuator devices.

(3) Process monitoring layer: this layer includes monitoring servers used for managing the production process.

(4) Production management layer: this layer includes PLMS and management servers used for managing the production process.

(5) Enterprise management layer: This layer includes functional units such as web servers, which provide decision-making capabilities for employees at the enterprise decision-making level.

To better facilitate prediction and data integration, this paper divides ICSs into information networks and control networks. Regarding the information network component, which encompasses the enterprise management layer, it possesses the capability to quickly integrate and process data from lower layers and requires extensive interaction with external networks for data processing. As for the control network component, this encompasses the production management layer, process monitoring layer, field control layer, and field device layer. Situated at the lowest layer, it is more vulnerable to attacks. Continuously acquiring information is essential for promptly informing administrators and enabling them to take emergency measures in case of an attack.

Due to the structural characteristics of ICSs, they are susceptible to various network attacks. Many ICSs are not directly connected to external networks; thus, enabling network access poses a risk of system vulnerability to network viruses, potentially causing damage to the company. Generally, ICSs establish complete architectures and protocols during their manufacture. However, over time, these architectures and protocols may become vulnerable to new attack methods, revealing vulnerabilities and flaws.

2.3. Fusion of Evaluation Indicators

After dividing the ICS structure, it is necessary to analyze how to integrate its evaluation indicators. To address the network security posture of ICSs and integrate evaluation indicators more effectively, this paper categorizes the evaluation indicators into four levels to manage the relevant data and establish an ICS assessment model. Initially, data from the fourth-level framework undergo fusion using ER, combining the attack frequency and attack severity of the evaluation indicators to derive results for the third-level evaluation indicators. Secondly, ER fuses the results of the third-level evaluation index to obtain the second-level evaluation index results. Subsequently, ER further integrates the results of the second-level evaluation indicators, ultimately yielding the network security situation assessment results. The model is formulated as Equation (1).

\{\begin{matrix} A_{i} = E R (a_{i}, q_{i}) (i = 1,2, \dots, n; x = 1,2, \dots, n_{1}) \\ A_{j} = E R (a_{j}, q_{j}) (j = 1,2, \dots, n_{2}) \\ B_{z} = E R (A_{i}, A_{j}) (Z = 1,2) \\ C = E R (B_{z}) \end{matrix}

(1)

a_{i}

represents the frequency of various attacks in the i-th evaluation indicator and

q_{i}

represents the severity of the corresponding attack in the i-th evaluation indicator.

A_{i}

represents the fused result of the i-th third-level evaluation indicator.

B_{z}

represents the second-level evaluation indicators obtained through the fusion of the third-level evaluation results. C represents the first-level evaluation indicators, derived by integrating the second-level evaluation results. This serves as the comprehensive fused assessment result of the ICS network security posture.

E R ()

denotes the process of merging the evaluation indicator data based on ER iteration.

2.4. Network Security Posture Prediction and Model Optimization

Once the evaluation indicators are fused, the network security posture assessment result is obtained. When this is achieved along with the construction of the initial parameters, it is appropriate to build the predictive model using the BRB. The construction of the model is formulated as Equation (2).

y = B R B (O (k - 1), O (k), \partial)

(2)

Here, y represents the model’s prediction result.

B R B ()

denotes the nonlinear process of deriving the prediction result using BRB technology.

O (k - 1)

denotes the network security posture value at time k − 1, while

O (k)

denotes the network security posture value at time k, and

\partial

represents the parameter set of the BRB, which is determined by experts.

During prediction, the construction of expert parameters may not always be reliable. Factors such as the actual network situation and network equipment can influence expert knowledge. To mitigate this influence, this paper proposes the P-EO algorithm for parameter optimization. Through this algorithm, model parameters are optimized to enhance the prediction accuracy and achieve satisfactory prediction results.

3. Industrial Control System Network Security Posture Prediction Model Based on P-EO

3.1. Prediction Process

This article divides the network security posture prediction process into three steps, as illustrated in Figure 2:

Step 1: Based on factors such as the structure of the ICS, select representative evaluation indicators, and establish the actual network security posture assessment framework.

Step 2: Utilize the evaluation framework established for the ICS, apply ER fusion to integrate data from various layers, and derive their network security posture values.

Step 3: Develop a predictive model using the BRB and optimize parameters using the P-EO algorithm to minimize prediction errors.

3.2. Establishment of Evaluation Framework

When conducting the model predictions in this paper, the first step is to establish an evaluation framework. This paper considers the structure, security aspects, and types of attacks in the ICS, selecting representative indicators as evaluation metrics. The resulting four-level evaluation framework is detailed in Table 2.

Establishing the evaluation framework enables the better analysis and organization of data. According to Table 2, it can be observed that both the information network and the control network are categorized as first-level indicators. Considering that different devices may face various threats of network attacks, the information network is prone to attacks due to frequent information transmission, exchange, and sharing. Therefore, the second-level indicators of the information network are different types of network attacks. The control network includes various information and network devices, such as sensors and switches, which are crucial for system operation. The second-level indicators of the control network are significant devices, as network attacks may target these devices. Therefore, the third-level indicators of the control network are the types of network attacks corresponding to its devices. Finally, the attack frequency and severity are used as the ultimate evaluation metrics. The attack frequency is determined by the number of attacks of each type within a unit time period. The severity of attacks is determined based on standards set by relevant experts.

Following the establishment of the evaluation framework, the model proceeds to determine the weights of the evaluation indicators. Based on the importance of each layer of evaluation indicators, weights (

ω

) are assigned to the evaluation indicators (r). In ICSs, the impact of an evaluation indicator on the assessment result increases with its data variability; thus, indicators with larger data variations are assigned higher weights. The coefficient of variation method is employed to effectively determine these weights. The specific process is outlined as follows:

Step 1: Initial Matrix

Generate the initial matrix Y using evaluation data.

Y = {(y_{i j})}_{m \times n}, i = 1,2, \dots, m; j = 1,2, \dots, n

(3)

where

y_{i j}

represents the jth evaluation value in the ith sample, m represents the maximum number of samples contained, and n represents the maximum number of evaluation indicators.

Step 2: Standardization

Each indicator may have different magnitudes, so it is necessary to scale them to the same range.

y_{i j} = \frac{y_{i j} - m i n (y_{i j}, \dots, y_{n j})}{m a x (y_{i j}, \dots, y_{n j}) - m i n (y_{i j}, \dots, y_{n j})}

(4)

Step 3: Mean Calculation

Calculate the mean

A_{j}

for each assessment indicator.

A_{j} = \frac{1}{n} \sum_{i = 1}^{g} y_{i j}

(5)

Step 4: Standard Deviation Calculation

Calculate the standard deviation

w_{j}

for each assessment indicator.

S_{j} = \sqrt{\frac{1}{n} \sum_{i = 1}^{g} {{(y}_{i j} - A_{j})}^{2}}

(6)

Step 5: Coefficient of Variation Calculation

Calculate the coefficient of variation for each assessment indicator.

V_{j} = \frac{S_{j}}{A_{j}}

(7)

Step 6: Weight Calculation

Calculate the weight

w_{j}

for each assessment indicator.

w_{j} = \frac{V_{j}}{\sum_{j = 1}^{x} V_{i}}

(8)

3.3. Network Security Posture Assessment Based on ER

After establishing the evaluation indicators, the next step involves utilizing the indicator data to assess the network security posture. Each data point holds unique significance and contributes to the final evaluation result. This paper employs ER iteration to progressively integrate relevant indicator data, thereby obtaining the fused result. The process unfolds as follows:

Step 1: Initialization

Assume a set of basic attributes

{r_{1}, r_{2}, \dots, r_{j}, \dots {, r}_{N}}

constitutes the evaluation system, with corresponding weights

{ω_{1}, ω_{2}, \dots, ω_{j}, \dots, ω_{N}}

, and 0 ≤

ω_{i}

≤ 1. The evaluation level is denoted as P, with N levels. The description of the evaluation indicators for each level is as follows:

r_{j} = (P_{n}, α_{n, j}), (Θ, α_{Θ, j}), j = 1, \dots, L; n = 1, \dots N

(9)

Step 2: Basic Probability Mass

The corresponding basic probability mass is calculated using the confidence level

α_{i, j}

, as follows:

U_{n, j} = ω_{j} α_{n, j}

(10)

U_{ϑ, j} = {1 - ω}_{j} \sum_{j = 1}^{M} α_{n, j}

(11)

{\bar{U}}_{ϑ, j} = 1 - ω_{j}

(12)

{\tilde{U}}_{ϑ, j} = ω_{j} (1 - \sum_{n = 1}^{N} α_{n, j})

(13)

Step 3: ER Iterative

(a) Combinatorial fundamental probability quality

The combined probability mass is obtained through the basic probability masses. The formula is as follows:

U_{n, 1} = {\bar{U}}_{ϑ, 1} + {\tilde{U}}_{ϑ, 1}

(14)

U_{n, r (2)} = F_{0} [U_{n, 1} U_{n, 2} + U_{n, 1} U_{ϑ, 2} + U_{ϑ, 1} U_{n, 2}]

(15)

{\tilde{U}}_{ϑ, r (2)} = F_{0} [{\tilde{U}}_{ϑ, 1} {\tilde{U}}_{ϑ, 2} + {\tilde{U}}_{ϑ, 1} {\bar{U}}_{ϑ, 2} + {\bar{U}}_{ϑ, 1} \tilde{U}_{ϑ, 2}]

(16)

{\bar{U}}_{ϑ, r (2)} = F_{0} {\bar{U}}_{ϑ, 1} {\bar{U}}_{ϑ, 2}

(17)

F_{0} = {[1 - \sum_{i = 1}^{N} \sum_{j = 1, i \neq j}^{N} U_{i, 1} U_{j, 2}]}^{- 1}

(18)

(b) Combining Confidence

The formula for combining confidence levels is as follows:

α_{n, r (2)} = \frac{U_{n, r (2)}}{1 - {\bar{U}}_{ϑ, r (2)}}, i = 1, \dots, N

(19)

α_{ϑ, r (2)} = \frac{{\tilde{U}}_{ϑ, r (2)}}{1 - {\bar{U}}_{ϑ, r (2)}}

(20)

r (2) = (P_{n}, α_{n, r (2)}), (Θ, α_{Θ, e (2)}), n = 1, \dots N

(21)

The synthesized basic probability masses are combined with the subsequent evidence in a loop, alternating between steps (a) and (b), ultimately calculating the final result. The formula is as follows:

r (L) = (P_{n}, α_{n, r (L)}), (Θ, α_{Θ, e (L)}), n = 1, \dots N

(22)

(d) Fusion Result

The expected utility of the evaluation, assuming the utility of evaluation level

P_{n}

u (P_{n})

, is as follows:

u = \sum_{n = 1}^{N} u (P_{n}) α_{n, r (L)}

(23)

The fusion result will be constrained between 0 and 1, where smaller values indicate a safer state.

3.4. Network Security Posture Prediction Based on BRB

Once the network security posture assessment results of the system are obtained, the next step is to proceed with the prediction work. This paper integrates adjacent time series to obtain the network security posture value for the next moment. The BRB model integrates the values at time k − 1 and time kto obtain the network security posture value for the next moment. The process is detailed as follows:

R_{k} : I f T (k - 1) i s B_{1}^{k} \land T (k) i s B_{2}^{k} T h e n T (k + 1) i s (D_{1}, β_{1, k}), \dots, (D_{N}, β_{N, k}) W i t h r u l e w e i g h t θ_{k} a n d a t t r i b u t e w e i g h t δ_{1}, δ_{2}

(24)

Here,

R_{k}

represents the kth belief rule,

B_{1}^{k}

and

B_{2}^{k}

represent the reference values corresponding to the two premise attributes of the kth rule.

D_{1} \dots, D_{N}

represent N results, and

β_{1, k} \dots, β_{N, k}

are the confidence levels associated with all N results in the kth belief rule.

θ_{k}

represents the weight of the kth belief rule, while

δ_{1}

and

δ_{2}

denote the weights assigned to two antecedent attributes.

When performing network security posture prediction, the model derivation requires ER analysis for deduction. The specific steps are as follows:

Step 1: Attribute Matching

The matching degree between the input sample information and the confidence rules needs to be calculated as follows:

α_{k}^{i} = \{\begin{matrix} \frac{W_{k}^{l + 1} - V_{k}^{*}}{W_{k}^{l + 1} - W_{k}^{l}}, i = l, W_{i}^{l} \leq V_{k}^{*} \leq W_{k}^{l + 1} \\ 1 - α_{k}^{i}, i = l + 1 \\ 0, i = 1 \dots I, k \neq l, l + 1 \end{matrix}

(25)

Step 2: Activation Weight Calculation

Once the rule is successfully matched, the corresponding rule will be activated, and its activation weight is calculated as follows:

w_{k} = \frac{θ_{k} \prod_{k = 1}^{M} {(α_{k}^{i})}^{δ_{i}}}{\sum_{l = 1}^{K} θ_{k} \prod_{i = 1}^{M} {(α_{k}^{l})}^{δ_{i}}}

(26)

Step 3: ER Analysis

After calculating the activation weights, the activated rules need to be combined. This is achieved through ER inference for rule synthesis, calculated as follows:

β_{n} = \frac{μ [\prod_{l = 1}^{L} (w_{l} β_{n, l} + 1 - w_{l} \sum_{i = 1}^{N} β_{i, l}) - \prod_{l = 1}^{L} (1 - w_{l} \sum_{i = 1}^{N} β_{i, l})]}{1 - μ [\prod_{l = 1}^{L} 1 - w_{l}]}

(27)

μ = \frac{1}{\begin{matrix} \sum_{n = l}^{N} \prod_{l = 1}^{L} (w_{l} β_{n, l} + 1 - w_{l} \sum_{i = 1}^{N} β_{i . l}) - \\ (N - 1) \prod_{l = 1}^{L} (1 - w_{l} \sum_{i = 1}^{N} β_{i, l}) \end{matrix}}

(28)

Step 4: Utility Calculation

After computing the confidence levels for each assessment grade, the prediction is obtained through a utility calculation, as follows:

T (k + 1) = \sum_{n = 1}^{N} u (D_{n}) β_{n}

(29)

3.5. Optimization of BRB Model Based on P-EO Algorithm

To address the uncertainty associated with expert knowledge in setting the initial parameters, this study employs a P-EO algorithm for model optimization. By leveraging projection to manage the constraints of the BRB, the P-EO algorithm enhances the BRB model, thereby improving its predictive accuracy.

The optimization and constraint description of the prediction model is outlined as follows:

m i n M S E (θ_{k}, β_{n, k}, δ_{i}) s . t . 0 \leq β_{n, k} \leq 1, n = 1, \dots, N, k = 1, \dots, K 0 \leq θ_{k} \leq 1, k = 1, \dots, K 0 \leq δ_{i} \leq 1, i = 1, \dots, M \sum_{n = 1}^{N} β_{n, k} = 1, k = 1, \dots, K

(30)

The model updates the initial parameters set by experts through optimization algorithms, thereby enhancing the predictive performance of the model. The symbol MSE represents the mean squared error between the predicted network security posture values of the forecasting model and the actual network security posture values, determining whether the model accurately predicts the security situation. The formula is outlined as follows:

M S E (θ_{k}, β_{n, k}, δ_{i}) = \frac{1}{T} \sum_{t = 1}^{T} {({o u t p u t}_{e s t i m a t e d} - {o u t p u t}_{a c t u a l})}^{2}

(31)

where

{o u t p u t}_{e s t i m a t e d}

represents the actual network security posture value of the ICS, and

{o u t p u t}_{a c t u a l}

represents the predicted network security posture value of the ICS. The formula is

{o u t p u t}_{e s t i m a t e d} = \sum_{n = 1}^{N} u (D_{n}) β_{n}

. Here, T represents the number of samples used for training. This paper employs the P-EO algorithm to reduce the mean squared error of the model. A lower mean squared error indicates a closer approximation to the actual network security posture, thus improving the accuracy. The computational process of the P-EO optimization algorithm is depicted in Figure 3, and the specific calculation process is as follows:

Step 1: Initialization

Initialize vector

C^{0}

as the initial expectation of the P-EO algorithm.

C^{0} = {θ_{1} \dots θ_{k}, β_{1,1} \dots β_{N, K}, δ_{1} \dots δ_{M}, u b, l b}

(32)

C_{i}^{0} = C_{m i n} + r_{i} (C_{m a x} - C_{m i n}), i = 1,2, \dots, n

(33)

Step 2: Projection and Adaptive Values

Due to the limitations of the EO algorithm on the constraints of industrial control heterogeneous networks, that is, some candidate solutions do not meet the constraints, but they conform to the actual situation, the mapping is carried out by projection, and then the candidate solutions meet the conditions. The EO algorithm is made more effective in making predictions. After projection, the adaptive value needs to be calculated, that is, whether the updated parameters can achieve a good prediction result. The mean squared error (MSE) serves as the objective function, while

C_{e q, k}

represents the parameters of the inference process.

C_{k}^{g + 1} (1 + ν n_{e} \times (x n - 1) : ν n_{e} \times x n) = C_{k}^{g + 1} (1 + ν n_{e} \times (x n - 1) : ν n_{e} \times x n) - A_{e}^{T} \times {(A_{e} \times A_{e}^{T})}^{- 1} \times C_{k}^{g + 1} (1 + ν n_{e} \times (x n - 1) : ν n_{e} \times x n) \times A_{e}

(34)

C_{e q, k} = m i n M S E (C_{k}^{g + 1} = {(θ, β, δ, u b, l b)}) s . t . 0 \leq δ \leq 1; 0 \leq β \leq 1; 0 \leq δ \leq 1; u b = 1, l b = 0

(35)

Step 3: Equilibrium State Pools

To enhance its global optimization capability and obtain better local optimal solutions, five current optimal solutions are selected from the samples. After selecting the balanced state (see Figure 4), the candidate solutions’ balance pool is as follows:

C_{e q, p o o l} = {{C}_{e q, I}, C_{e q, I I}, C_{e q, I I I}, C_{e q, I V}, C_{e q, a v e}}

(36)

Step 4: Update Exponential Coefficients

To facilitate both local and global searches more effectively, exponential coefficients are introduced, and are computed as follows:

F = a_{1} \times s i g n (r - 0.5) [e^{- λ_{l} t} - 1]

(37)

Step 5: Update Quality Generation Coefficients

To better explore local optimal solutions, the generation rate is restricted. The calculation is as follows:

G = G_{C P} (C_{e q} - λ_{l} C)

(38)

G_{C P} = \{\begin{matrix} 0.5 r_{i}, i f r_{2} \geq 0.5 \\ 0, o t h e r w i s e \end{matrix}

(39)

Step 6: Update Individual Current Solution

For the optimization problem, the individual solution is updated as follows:

C_{k}^{g + 1} = C_{e q} + (C_{k}^{g + 1} - C_{e q}) F + G (1 - F) / λ_{l} V

(40)

Repeat steps two to six until the iteration count is met. When the iteration count is reached, the loop will terminate, yielding the optimal parameters.

4. Case Study

This section aims to verify the predictive capability of the model through experiments. We utilize the X-IIoTID Dataset [40] and TON-IoT [41,42,43] dataset as experimental data to evaluate the model’s performance indicators at the first level. These datasets provide real-time status information for the ICS. Based on these data, we establish a prediction model and compare its effectiveness with other methods.

4.1. Problem Statement

The X-IIoTID Dataset used is an intrusion dataset that is independent of connections and devices, encompassing multiple attack types and protocols. It serves as a dataset for control networks, focusing on attacks targeting historical/real-time databases, asset management systems, and industrial gateways. Historical/real-time databases are primarily subjected to three types of attacks: vulnerability scanning, general scanning, and erroneous data injection. Asset management systems face attacks such as ransomware, ransom denial-of-service, and discovery-assisted attacks. Industrial gateways encounter attacks like Modbus register reading, brute force attacks, and reverse shell attacks. The TON-IoT dataset used contains heterogeneous data sources such as IoT service remote sensing datasets and network traffic datasets from mobile devices. Serving as a dataset for information networks, it is primarily targeted by four types of attacks: DDoS attacks, backdoor attacks, password attacks, and injection attacks.

After analyzing the datasets, the attack data need to be preprocessed and integrated. In this study, we select consecutive 120 h data for experimentation. These data are segmented into 120 groups, with each group representing one hour of attacks, thereby determining the attack frequency and severity. To predict the next network security posture value based on adjacent time values, 118 sets of experimental data can be derived from the 120 groups for prediction experiments.

4.2. ER Iterative Algorithm Fusion

Before conducting the experiments, it is necessary to integrate the experimental data to obtain their specific network security posture values. By gradually integrating the indicators as described in Section 3.3, the information within the assessment framework can be consolidated, resulting in the safety state value of the ICS network, thereby providing an understanding of its network security posture. The network security posture values are depicted in Figure 5. After completing the integration process, these data serve as the initial input for the ICS network safety state prediction model, establishing credibility for the next prediction step. The integrated data represent the current network security posture of the system, against which the model’s predictions are compared to assess the prediction accuracy.

4.3. Establishment of Industrial Control System Network Security Situation Prediction Model Based on ER and BRB

After obtaining the integrated network security status values, the next step is to establish the prediction model. In this study, two adjacent network security status values are selected as inputs to the model. These status values are then fed into the BRB model to obtain the security prediction values. According to the classification of the basic situation security index of network security released by CNCERT/CC, the results of the industrial control network security prediction model are categorized into five prediction levels: Excellent (A), Good (B), Fair (C), Poor (D), and Critical (E). The transformation of the input data into prediction values is based on the confidence rules of the BRB network security posture prediction model, as described below:

R_{k} : I f T (k - 1) i s B_{1}^{k} \land T (k) i s B_{2}^{k} T h e n T (k + 1) i s (A, β_{I, k}), (B, β_{I I, k}), (C, β_{I I I, k}), (D, β_{I V, k}), (E, β_{V, k}) W i t h r u l e w e i g h t θ_{k} a n d a t t r i b u t e w e i g h t δ_{1}, δ_{2}

(41)

In this study, both the rule weights and attribute weights of the model are set to 1, with their initial confidences detailed in Table A1 in Appendix A. The final prediction results obtained from the confidence rules are referenced against the points and values specified in Table 3.

4.4. Parameter Optimization Based on Industrial Control System Network Security Situation Prediction Model

The above describes the relevant operations of the experiment. In this study, the fused security situation values obtained in Section 4.2 will be segmented into 118 groups. Subsequently, the security prediction will be conducted using the predictive model outlined in Section 4.3. The first 108 groups of data will serve as training data for the parameter optimization of the prediction model. The remaining 10 groups of data will be used as test inputs to evaluate the prediction accuracy of the model. For the initial parameter optimization, the P-EO algorithm described in Section 3.5 will be employed to optimize the confidence level. The optimized data can be found in Appendix A Table A2.

By comparing the confidence levels before and after optimization, namely, those in Appendix A Table A1 and Table A2, changes in the weights and confidence levels can be observed. These changes occur due to the uncertainty and subjectivity inherent in expert knowledge. Through optimization algorithms, such subjectivity and uncertainty can be reduced.

4.5. Comparative Experimentas

After completing the aforementioned steps, validating the BRB prediction model using the P-EO algorithm proposed in this paper involves comparing it with the initial BRB model before optimization. This comparison is depicted in Figure 6.

Figure 6 reveals that the initial BRB model displays significant prediction bias, whereas the BRB model optimized using the P-EO algorithm shows a better alignment with the actual situation. Moreover, it demonstrates an enhanced capability to predict the network security posture and address limitations associated with the expert parameter settings.

To further validate the predictive performance of the proposed method, several other methods are compared. This study selects some typical prediction models, including the Backpropagation Neural Network (BP) based on quantitative data—a mathematical model for distributed parallel information processing [20]. Radial basis function (RBF) is compared, a commonly used machine learning method that utilizes radial basis functions for data processing and nonlinear mapping to perform regression predictions [23]. The random forest (RF) prediction model is compared, which predicts samples by statistically evaluating the predictions of each decision tree and selecting the final prediction result through a voting mechanism [24]. Two optimization algorithms commonly used in the BRB are also considered: BRB-based Whale Optimization Algorithm (WOA) and Population-based Covariance Matrix Adaptation Evolution Strategy (P-CMA-ES) [35,36]. Both algorithms have demonstrated an effective optimization performance in the BRB. The prediction results of each method are shown in Figure 7.

To evaluate the predictive performance of each model regarding the network security posture, the mean squared error (MSE), root mean squared error (RMSE), and mean absolute percentage error (MAPE) between the actual and predicted values are computed. Each model is subjected to 10 rounds of testing to reduce randomness, and their average values are presented in Table 4. From Figure 7 and Table 4, it is evident that the method proposed in this paper achieves a closer proximity to the actual values compared to the other methods. The MSE, RMSE, and MAPE values were superior to those of the other methods.

From Table 4, it is evident that the method proposed in this paper yields favorable predictive results compared to the other methods. Moreover, the operations of our method are interpretable, unlike those of artificial intelligence, which operate as black boxes. The prediction errors of our method are also comparable to those of the other two BRB model optimization algorithms. Therefore, further comparisons are necessary. By dividing the 118 sets of data into training samples comprising 108, 98, and 88 sets, and testing samples comprising 10, 20, and 30 sets, respectively, the predictive performance can be evaluated based on the MSE values. The comparisons are shown in Table 5.

From Table 5, it is evident that the P-EO optimization algorithm shows lower MSE values compared to the two other optimization algorithms, even with fewer training samples. This suggests higher predictive accuracy. These experiments underscore the advantage of the predictive model proposed in this paper in scenarios with limited samples. Moreover, it effectively addresses challenges related to expert uncertainty while enhancing prediction accuracy.

5. Conclusions

This paper analyzed the structure of an ICS and its actual network security posture, establishing a four-level evaluation framework to facilitate information integration. Through the iterative process of ER, information within the framework was integrated. By establishing an ICS network security prediction model based on the BRB, this study aimed to reduce the shortcomings of expert knowledge in parameter setting by using the P-EO optimization algorithm to optimize the model. This approach effectively utilizes semi-quantitative and uncertain information, thereby reducing expert uncertainty. The experimental results show that the prediction model proposed in this paper performs better in predicting the ICS safety compared with other methods, especially when there is less historical data. However, to achieve more accurate predictions, additional historical information may be necessary as input to the model, potentially leading to the BRB model combination explosion problem and decreased prediction efficiency. Moreover, during optimization, optimization algorithms may significantly alter expert predictions, which could reduce interpretability. Future research directions include reducing the number of rules by adjusting the BRB rule combinations to address the combination explosion problem and enhancing the interpretability by introducing reasonable conditions to constrain optimization algorithms.

Author Contributions

G.L.: conceptualization, writing—original draft, writing—review and editing, data curation. Y.W.: writing—review and editing, funding acquisition. S.L.: writing—review and editing, funding acquisition, supervision. C.Y.: investigation, visualization. Q.Y.: investigation, visualization. Y.Y.: investigation, visualization. All authors have read and agreed to the published version of the manuscript.

Funding

This research is supported by the Provincial Universities Basic Business Expense Scientific Research Projects of Heilongjiang Province (2021-KYYWF-0179), the Social Science Foundation of Heilongjiang Province of China (21GLC189), the China University Industry-University-Research Innovation Fund (2022HS055), Natural Science Foundation of Heilongjiang Province of China JJ2021LH1148 and the Postgraduate Innovation Project of Harbin Normal University (HSDSSCX2024-40).

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

The data presented in this study are available on request from the corresponding author.

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A

Table A1. Initial confidence levels.

No	$θ_{k}$	$T (t - 1)$	$T (t)$	$(A, β_{1, k}), (B, β_{2, k}), (C, β_{3, k}), (D, β_{4, k}), (E, β_{5, k})$
1	1	A	A	{1,0,0,0,0}
2	1	A	B	{0.5,0.5,0,0,0}
3	1	A	C	{0.5,0.25,0.25,0,0}
4	1	A	D	{0,0.5,0.25,0.25,0}
5	1	A	E	{0,0.25,0.5,0.25,0}
6	1	B	A	{0,0.5,0.3,0.2,0}
7	1	B	B	{0.5,0.3,0.2,0,0}
8	1	B	C	{0,0.5,0.2,0.2,0.1}
9	1	B	D	{0.6,0.2,0.1,0.1,0}
10	1	B	E	{0.2,0.4,0.1,0.1,0.2}
11	1	C	A	{0.4,0.2,0.15,0.15,0.1}
12	1	C	B	{0.1,0.2,0.3,0.3,0.1}
13	1	C	C	{0.2,0.2,0.2,0.2,0.2}
14	1	C	D	{0.2,0.1,0.3,0.2,0.2}
15	1	C	E	{0.4,0.1,0.15,0.15,0.2}
16	1	D	A	{0.5,0.3,0.15,0,0.05}
17	1	D	B	{0,0.1,0.1,0.2,0.6}
18	1	D	C	{0.1,0.1,0.2,0.2,0.4}
19	1	D	D	{0.15,0.25,0.2,0.3,0.1}
20	1	D	E	{0.1,0.2,0.2,0.4,0.1}
21	1	E	A	{0.2,0.35,0.25,0.15,0.05}
22	1	E	B	{0,0.5,0.25,0.25,0}
23	1	E	C	{0,0.1,0.1,0.3,0.5}
24	1	E	D	{0,0,0.2,0.2,0.6}
25	1	E	E	{0,0,0,0.3,0.7}

Table A2. Optimized confidence levels.

No	$θ_{k}$	$T (t - 1)$	$T (t)$	$(A, β_{1, k}), (B, β_{2, k}), (C, β_{3, k}), (D, β_{4, k}), (E, β_{5, k})$
1	0.773	A	A	{0.4955,0.0490,0.2000,0.0840,0.1709}
2	0.403	A	B	{0.0060,0.4570, 0.3270, 0.0390, 0.3189}
3	0.169	A	C	{0.3313,0.3002,0.0107,0.0107,0.4044}
4	0.051	A	D	{0.4126,0.0685,0.2529,0.0628, 0.3942}
5	0.324	A	E	{0.2212,0.1054,0.2256,0.3744, 0.0734}
6	0.603	B	A	{0.2434,0.1784,0.1819,0.3228,0.2845}
7	0.302	B	B	{0.1679,0.1872, 0.0378,0.1022,0.4568}
8	0.462	B	C	{0.2602,0.1428, 0.2103,0.0066,0.5287}
9	0.467	B	D	{0.1116,0.2649,0.1637,0.0463,0.4132}
10	0.572	B	E	{0.1764,0.2680,0.0901,0.0522,0.3327}
11	0.261	C	A	{0.1563,0.2676,0.1906,0.2165,0.3680}
12	0.275	C	B	{0.1473,0.0775,0.2159,0.4594,0.2219}
13	0.631	C	C	{0.0254,0.2374,0.0184,00178,0.6985}
14	0.212	C	D	{0.1358,0.0394,0.0396,0.0865,0.5813}
15	0.431	C	E	{0.0364,0.1017,0.1942,0.2706,0.1987}
16	0.541	D	A	{0.2809,0.0558,0.1912,0.3232,0.2402}
17	0.766	D	B	{0.1907,0.1259,0.2288,0.3992, 0.0558}
18	0.268	D	C	{0.0401,0.1766,0.0661,0.6574,0.2022}
19	0.339	D	D	{0.0547,0.0262,0.0595,0.6334,0.2094}
20	0.331	D	E	{0.0215,0.0758,0.0341,0.2463, 0.3358}
21	0	E	A	{0.3080,0.5080,0.6162,0.6332,0.2995}
22	0.026	E	B	{0.1045,0.6977,0.6542,0.7442,0.6542}
23	0.670	E	C	{0.0484,0.0674,0.0160,0.3225,0.6048}
24	0.174	E	D	{0.1398,0.2377,0.03524,0.4885,0.4929}
25	0	E	E	{0.4608,0.6266,0.8376,0.8887,0.3055}

References

Bhamare, D.; Zolanvari, M.; Erbad, A.; Jain, R.; Khan, K.; Meskin, N. Cybersecurity for industrial control systems: A survey. Comput. Secur. 2020, 89, 101677. [Google Scholar] [CrossRef]
Zhou, C.; Hu, B.; Shi, Y.; Tian, Y.C.; Li, X.; Zhao, Y. A unified architectural approach for cyberattack-resilient industrial control systems. Proc. IEEE 2020, 109, 517–541. [Google Scholar] [CrossRef]
Han, W.; Tian, Z.; Huang, Z.; Zhong, L.; Jia, Y. System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS. Comput. Mater. Contin. 2019, 59, 167–180. [Google Scholar] [CrossRef]
Colelli, R.; Magri, F.; Panzieri, S.; Pascucci, F. Anomaly-based intrusion detection system for cyber-physical system security. In Proceedings of the 2021 29th Mediterranean Conference on Control and Automation (MED), Puglia, Italy, 22–25 June 2021; pp. 428–434. [Google Scholar]
Monfared, M.R.; Fakhrahmad, S.M. Development of Intrusion Detection in Industrial Control Systems Based On Deep Learning. Iran. J. Sci. Technol. Trans. Electr. Eng. 2022, 46, 641–651. [Google Scholar] [CrossRef]
Keung, K.L.; Chan, Y.Y.; Ng, K.K.; Mak, S.L.; Li, C.H.; Qin, Y.; Yu, C.W. Edge intelligence and agnostic robotic paradigm in resource synchronisation and sharing in flexible robotic and facility control system. Adv. Eng. Inform. 2022, 52, 101530. [Google Scholar] [CrossRef]
Roque Rolo, G.; Dionisio Rocha, A.; Tripa, J.; Barata, J. Application of a simulation-based digital twin for predicting distributed manufacturing control system performance. Appl. Sci. 2021, 11, 2202. [Google Scholar] [CrossRef]
Yin, K.; Yang, Y.; Yao, C.; Yang, J. Long-Term Prediction of Network Security Situation through the Use of the Transformer-Based Model. IEEE Access 2022, 10, 56145–56157. [Google Scholar] [CrossRef]
Xu, L.; Zhou, X.; Tao, Y.; Liu, L.; Yu, X.; Kumar, N. Intelligent security performance prediction for IoT-enabled healthcare networks using an improved CNN. IEEE Trans. Ind. Inform. 2021, 18, 2063–2074. [Google Scholar] [CrossRef]
Sepasgozar, S.S.; Pierre, S. Fed-NTP: A Federated Learning Algorithm for Network Traffic Prediction in VANET. IEEE Access 2022, 10, 119607–119616. [Google Scholar] [CrossRef]
Li, M.; Chow, S.S.M.; Hu, S.; Yan, Y.; Shen, C.; Wang, Q. Optimizing privacy-preserving outsourced convolutional neural network predictions. IEEE Trans. Dependable Secur. Comput. 2020, 19, 1592–1604. [Google Scholar] [CrossRef]
Qi, L.; Hu, C.; Zhang, X.; Khosravi, M.R.; Sharma, S.; Pang, S.; Wang, T. Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment. IEEE Trans. Ind. Inform. 2020, 17, 4159–4167. [Google Scholar] [CrossRef]
Liu, Y.; Guan, L.; Hou, C.; Han, H.; Liu, Z.; Sun, Y.; Zheng, M. Wind power short-term prediction based on LSTM and discrete wavelet transform. Appl. Sci. 2019, 9, 1108. [Google Scholar] [CrossRef]
Riihijarvi, J.; Mahonen, P. Machine learning for performance prediction in mobile cellular networks. IEEE Comput. Intell. Mag. 2018, 13, 51–60. [Google Scholar] [CrossRef]
Wen, J.; Yang, J.; Jiang, B.; Song, H.; Wang, H. Big data driven marine environment information forecasting: A time series prediction network. IEEE Trans. Fuzzy Syst. 2020, 29, 4–18. [Google Scholar] [CrossRef]
Ma, Z.; Yin, X.; Li, Z. Marking predictability and prediction in labeled Petri nets. IEEE Trans. Autom. Control 2020, 66, 3608–3623. [Google Scholar] [CrossRef]
Tehseen, R.; Farooq, M.S.; Abid, A. Earthquake prediction using expert systems: A systematic mapping study. Sustainability 2020, 12, 2420. [Google Scholar] [CrossRef]
Xi, Y.; Li, Y.; Liu, J.; Wu, S.; Lu, N.; Liao, G.; Wang, Q. Application of Analytic Hierarchy Process in Mineral Prospecting Prediction Based on an Integrated Geology-Aerogeophysics-Geochemistry Model. Minerals 2023, 13, 978. [Google Scholar] [CrossRef]
Ge, T.; Chen, C.Y.; Ni, Y.; Feng, Y.C.A.; Smoller, J.W. Polygenic prediction via Bayesian regression and continuous shrinkage priors. Nat. Commun. 2019, 10, 1776. [Google Scholar] [CrossRef] [PubMed]
Liang, W.; Wang, G.; Ning, X.; Zhang, J.; Li, Y.; Jiang, C.; Zhang, N. Application of BP neural network to the prediction of coal ash melting characteristic temperature. Fuel 2020, 260, 116324. [Google Scholar] [CrossRef]
Jin, X.B.; Gong, W.T.; Kong, J.L.; Bai, Y.T.; Su, T.L. PFVAE: A planar flow-based variational auto-encoder prediction model for time series data. Mathematics 2022, 10, 610. [Google Scholar] [CrossRef]
Liu, Y.; Liu, Z.; Jia, R. DeepPF: A deep learning based architecture for metro passenger flow prediction. Transp. Res. Part C Emerg. Technol. 2019, 101, 18–34. [Google Scholar] [CrossRef]
Chen, G. Multimedia Security Situation Prediction Based on Optimization of Radial Basis Function Neural Network Algorithm. Comput. Intell. Neurosci. 2022, 2022, 6314262. [Google Scholar] [CrossRef] [PubMed]
Speiser, J.L.; Miller, M.E.; Tooze, J.; Ip, E. A comparison of random forest variable selection methods for classification prediction modeling. Expert Syst. Appl. 2019, 134, 93–101. [Google Scholar] [CrossRef] [PubMed]
Dong, L.; Wang, J.; Tseng, M.L.; Yang, Z.; Ma, B.; Li, L.L. Gyro motor state evaluation and prediction using the extended hidden markov model. Symmetry 2020, 12, 1750. [Google Scholar] [CrossRef]
Cao, B.; Zhao, J.; Lv, Z.; Gu, Y.; Yang, P.; Halgamuge, S.K. Multiobjective evolution of fuzzy rough neural network via distributed parallelism for stock prediction. IEEE Trans. Fuzzy Syst. 2020, 28, 939–952. [Google Scholar] [CrossRef]
Zhang, Q.; Hu, W.; Liu, Z.; Tan, J. TBM performance prediction with Bayesian optimization and automated machine learning. Tunn. Undergr. Space Technol. 2020, 103, 103493. [Google Scholar] [CrossRef]
Wang, Y.M.; Yang, J.B.; Xu, D.L.; Chin, K.S. The evidential reasoning approach for multiple attribute decision analysis using interval belief degrees. Eur. J. Oper. Res. 2006, 175, 35–66. [Google Scholar] [CrossRef]
Yang, J.B.; Liu, J.; Wang, J.; Sii, H.S.; Wang, H.W. Belief rule-base inference methodology using the evidential reasoning approach-RIMER. IEEE Trans. Syst. Man Cybern. Part A Syst. Hum. 2006, 36, 266–285. [Google Scholar] [CrossRef]
Yang, L.H.; Wang, S.; Ye, F.F.; Liu, J.; Wang, Y.M.; Hu, H. Environmental investment prediction using extended belief rule-based system and evidential reasoning rule. J. Clean. Prod. 2021, 289, 125661. [Google Scholar] [CrossRef]
Cheng, X.; Liu, S.; He, W.; Zhang, P.; Xu, B.; Xie, Y.; Song, J. A model for flywheel fault diagnosis based on fuzzy fault tree analysis and belief rule base. Machines 2022, 10, 73. [Google Scholar] [CrossRef]
Li, Z.; Zhou, Z.; Wang, J.; He, W.; Zhou, X. Health Assessment of Complex System Based on Evidential Reasoning Rule with Transformation Matrix. Machines 2022, 10, 250. [Google Scholar] [CrossRef]
Zhang, B.; Zhang, Y.; Hu, G.; Zhou, Z.; Wu, L.; Lv, S. A method of automatically generating initial parameters for large-scale belief rule base. Knowl. Based Syst. 2020, 199, 105904. [Google Scholar] [CrossRef]
He, W.; Yu, C.Q.; Zhou, G.H.; Zhou, Z.J.; Hu, G.Y. Fault prediction method for wireless sensor network based on evidential reasoning and belief-rule-base. IEEE Access 2019, 7, 78930–78941. [Google Scholar] [CrossRef]
Han, P.; Zhao, B.; He, W.; Kong, L.; Li, Y.; Zhou, G.; Feng, J. An interpretable BRB model with interval optimization strategy for lithium battery capacity prediction. Energy Sci. Eng. 2023, 11, 1945–1959. [Google Scholar] [CrossRef]
Hu, G.Y.; Zhou, Z.J.; Zhang, B.C.; Yin, X.J.; Gao, Z.; Zhou, Z.G. A method for predicting the network security situation based on hidden BRB model and revised CMA-ES algorithm. Appl. Soft Comput. 2016, 48, 404–418. [Google Scholar] [CrossRef]
Faramarzi, A.; Heidarinejad, M.; Stephens, B.; Mirjalili, S. Equilibrium optimizer: A novel optimization algorithm. Knowl. Based Syst. 2020, 191, 105190. [Google Scholar] [CrossRef]
Bernieri, G.; Conti, M.; Pascucci, F. Mimepot: A model-based honeypot for industrial control networks. In Proceedings of the 2019 IEEE International Conference on Systems, Man and Cybernetics (SMC), Bari, Italy, 6–9 October 2019; pp. 433–438. [Google Scholar]
Batchkova, I.A.; Tzakova, D.L.; Belev, Y.A. Standards for monitoring and control of cyber-physical systems. Industry 4.0 2019, 4, 3–6. [Google Scholar]
Al-Hawawreh, M.; Sitnikova, E.; Aboutorab, N. X-IIoTID: A connectivity-agnostic and device-agnostic intrusion data set for industrial Internet of Things. IEEE Internet Things J. 2021, 9, 3962–3977. [Google Scholar] [CrossRef]
Alsaedi, A.; Moustafa, N.; Tari, Z.; Mahmood, A.; Anwar, A. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 2020, 8, 165130–165150. [Google Scholar] [CrossRef]
Moustafa, N. A new distributed architecture for evaluating AI-based security systems at the edge: Network TON_IoT datasets. Sustain. Cities Soc. 2021, 72, 102994. [Google Scholar] [CrossRef]
Booij, T.M.; Chiscop, I.; Meeuwissen, E.; Moustafa, N.; Den Hartog, F.T. ToN_IoT: The role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion data sets. IEEE Internet Things J. 2021, 9, 485–496. [Google Scholar] [CrossRef]

Figure 1. Industrial control system topology diagram.

Figure 2. Prediction process of industrial control system network security posture.

Figure 3. Computational process of the P-EO optimization algorithm.

Figure 4. Schematic diagram of the P-EO algorithm selecting the equilibrium state.

Figure 5. ICS network security situation values.

Figure 6. Comparison curve between initial BRB and optimized BRB.

Figure 7. Comparison results of different models’ predictions.

Table 1. Parameter table.

Parameter	Meaning
$r_{j}$	The jth evaluation indicator
$α_{n, j}$	Confidence level obtained under the jth evaluation indicator
$Θ$	Global ignorance
$D_{n}$	The assessment grade is n
$U_{n, j}$	The jth evaluation indicator is the basic probability quality
$U_{ϑ, j}$	The basic probability quality that is not assigned to the evaluation scale in the jth evaluation indicator
${\bar{U}}_{ϑ, j}$	With the exception of the jth evaluation indicator, the basic probability quality that is not assigned to the evaluation scale
${\tilde{U}}_{ϑ, j}$	The incompleteness of the jth assessment indicator
$U_{n, r (2)}$	After the fusion of the two evaluation indicators, the basic probability quality of the evaluation grade is n
${\tilde{U}}_{ϑ, r (2)}$	The joint probability quality assigned to the identification framework after the combination of evaluation indicators r1 and r2
${\bar{U}}_{ϑ, r (2)}$	The two evaluation indicators are combined and assigned to the joint probability quality of the identification framework
$r (2)$	The confidence level after the fusion of evaluation indicators r1 and r2
$u (P_{n})$	The evaluation of the utility of level $P_{n}$
$C_{i}^{0}$	Optimization variable after the ith random initialization
$C_{m a x}, C_{m i n}$	The upper and lower limit vectors representing optimization variables
$C_{e q, I}, C_{e q, I I}, C_{e q, I I I}, C_{e q, I V}$	Representations of the four best solutions found up to the current iteration
$C_{e q, a v e}$	The average state of four solutions
$a_{1}$	Weight constant coefficient for global search
sign	Symbolic function
$r$ , $λ$	Representation of random number variables
$G_{C P}$	Generation of rate control parameter vector
$C_{k}^{g + 1}$	The parameters of the g+1 generation
$C_{e q}$	The control of the concentration inside the volume in equilibrium
$C_{0}$	The control of the initial concentration of volume at time t0
F	Exponential coefficient
$λ_{l}$	Liquidity rate
$G$	The control of the rate of mass generation within the volume
V	Control volume
$ν n_{e}$	The number of variables constrained
$x n$	The number of equation constraints
$A_{e}$	Parameter vectors

Table 2. Industrial control system network security posture assessment framework.

Evaluation Indicators	Level One	Level Two	Level Three	Level Four
Industrial control network (R)	Information network ( $r_{1}$ ) ( $ω_{1}$ )	DDoS attack ( $r_{11}$ ) ( $ω_{11}$ )	Attack frequency ( $r_{111}$ ) ( $ω_{111}$ )	None
		DDoS attack ( $r_{11}$ ) ( $ω_{11}$ )	Severity of the attack ( $r_{112}$ ) ( $ω_{112}$ )	None
		Backdoor attack ( $r_{12}$ ) ( $ω_{12}$ )	Attack frequency ${(r}_{121}$ ) ${(ω}_{121}$ )	None
		Backdoor attack ( $r_{12}$ ) ( $ω_{12}$ )	Severity of the attack ( $r_{122}$ ) ( $ω_{122}$ )	None
		Password attack ( $r_{13}$ ) ( $ω_{13}$ )	Attack frequency ( $r_{131}$ ) ( $ω_{131}$ )	None
		Password attack ( $r_{13}$ ) ( $ω_{13}$ )	Severity of the attack ( $r_{132}$ ) ( $ω_{132}$ )	None
		Injection attack ( $r_{14}$ ) ( $ω_{14}$ )	Attack frequency ( $r_{141}$ ) ( $ω_{141}$ )	None
		Injection attack ( $r_{14}$ ) ( $ω_{14}$ )	Severity of the attack ( $r_{142}$ ) ( $ω_{142}$ )	None
	Control network ( $r_{2}$ ) ( $ω_{2}$ )	Historical/real-time Database ( $r_{21}$ ) ( $ω_{21}$ )	Vulnerability scanning ( $r_{211}$ ) ( $ω_{211}$ )	Attack frequency ( $r_{2111}$ ) ( $ω_{2111}$ )
			Vulnerability scanning ( $r_{211}$ ) ( $ω_{211}$ )	Severity of the attack ( $r_{2112}$ ) ( $ω_{2112}$ )
			Generic scanning ( $r_{212}$ ) ( $ω_{212}$ )	Attack frequency ( $r_{2121}$ ) ( $ω_{2121}$ )
			Generic scanning ( $r_{212}$ ) ( $ω_{212}$ )	Severity of the attack ( $r_{2122}$ ) ( $ω_{2122}$ )
			Error data injection ( $r_{213}$ ) ( $ω_{213}$ )	Attack frequency ( $r_{2131}$ ) ( $ω_{2131}$ )
			Error data injection ( $r_{213}$ ) ( $ω_{213}$ )	Severity of the attack ( $r_{2132}$ ) ( $ω_{2132}$ )
		Asset management system ( $r_{22}$ ) ( $ω_{22}$ )	Ransomware ( $r_{221}$ ) ( $ω_{221}$ )	Attack frequency ( $r_{2211}$ ) ( $ω_{2211}$ )
			Ransomware ( $r_{221}$ ) ( $ω_{221}$ )	Severity of the attack ( $r_{22212}$ ) ( $ω_{22212}$ )
			Ransom denial of service ( $r_{222}$ ) ( $ω_{222}$ )	Attack frequency ( $r_{2221}$ ) ( $ω_{2221}$ )
			Ransom denial of service ( $r_{222}$ ) ( $ω_{222}$ )	Severity of the attack ( $r_{2222}$ ) ( $ω_{2222}$ )
			Resource discovery ( $r_{223}$ ) ( $ω_{223}$ )	Attack frequency ( $r_{2231}$ ) ( $ω_{2231}$ )
			Resource discovery ( $r_{223}$ ) ( $ω_{223}$ )	Severity of the attack ( $r_{2232}$ ) ( $ω_{2232}$ )
		Industrial gateway ( $r_{23}$ ) ( $ω_{23}$ )	Modbus register read ( $r_{231}$ ) ( $ω_{231}$ )	Attack frequency ( $r_{2311}$ ) ( $ω_{2311}$ )
			Modbus register read ( $r_{231}$ ) ( $ω_{231}$ )	Severity of the attack ( $r_{2312}$ ) ( $ω_{2312}$ )
			Brute force attack ( $r_{232}$ ) ( $ω_{232}$ )	Attack frequency ( $r_{2321}$ ) ( $ω_{2321}$ )
			Brute force attack ( $r_{232}$ ) ( $ω_{232}$ )	Severity of the attack ( $r_{2322}$ ) ( $ω_{2322}$ )
			Reverse shell attack ( $r_{233}$ ) ( $ω_{233}$ )	Attack frequency ( $r_{2331}$ ) ( $ω_{2331}$ )
			Reverse shell attack ( $r_{233}$ ) ( $ω_{233}$ )	Severity of the attack ( $r_{2332}$ ) ( $ω_{2332}$ )
			Man-in-the-middle attack ( $r_{234}$ ) ( $ω_{234}$ )	Attack frequency ( $r_{2341}$ ) ( $ω_{2341}$ )
			Man-in-the-middle attack ( $r_{234}$ ) ( $ω_{234}$ )	Severity of the attack ( $r_{2342}$ ) ( $ω_{2342}$ )

Table 3. Reference points and values of prediction results.

Reference Points	A	B	C	D	E
Values	0.2	0.4	0.6	0.8	1

Table 4. Average MSE values of different models.

Model	Initial BRB	BRB-P-EO	BP	RBF	RF	BRB-P-CMA-ES	WOA
MSE	0.1254	0.0135	0.0374	0.0247	0.0218	0.0145	0.0153
RMSE	0.3515	0.1162	0.1294	0.1517	0.1471	0.1201	0.1599
MAPE	79.92%	26.97%	24.74%	35.79%	28.92%	26.17%	24.81%

Table 5. Average MSE values of optimization algorithms.

Model	BRB-P-EO	BRB-P-CMA-ES	WOA
10 sets (MSE)	0.0135	0.0145	0.0153
20 sets (MSE)	0.0090	0.0112	0.0121
30 sets (MSE)	0.0083	0.0110	0.0095

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

Share and Cite

MDPI and ACS Style

Li, G.; Wang, Y.; Li, S.; Yang, C.; Yang, Q.; Yuan, Y. Network Security Prediction of Industrial Control Based on Projection Equalization Optimization Algorithm. Sensors 2024, 24, 4716. https://doi.org/10.3390/s24144716

AMA Style

Li G, Wang Y, Li S, Yang C, Yang Q, Yuan Y. Network Security Prediction of Industrial Control Based on Projection Equalization Optimization Algorithm. Sensors. 2024; 24(14):4716. https://doi.org/10.3390/s24144716

Chicago/Turabian Style

Li, Guoxing, Yuhe Wang, Shiming Li, Chao Yang, Qingqing Yang, and Yanbin Yuan. 2024. "Network Security Prediction of Industrial Control Based on Projection Equalization Optimization Algorithm" Sensors 24, no. 14: 4716. https://doi.org/10.3390/s24144716

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Menu

Network Security Prediction of Industrial Control Based on Projection Equalization Optimization Algorithm

Abstract

1. Introduction

2. Problem Description

2.1. Parameter Table

2.2. Industrial Control Network

2.3. Fusion of Evaluation Indicators

2.4. Network Security Posture Prediction and Model Optimization

3. Industrial Control System Network Security Posture Prediction Model Based on P-EO

3.1. Prediction Process

3.2. Establishment of Evaluation Framework

3.3. Network Security Posture Assessment Based on ER

3.4. Network Security Posture Prediction Based on BRB

3.5. Optimization of BRB Model Based on P-EO Algorithm

4. Case Study

4.1. Problem Statement

4.2. ER Iterative Algorithm Fusion

4.3. Establishment of Industrial Control System Network Security Situation Prediction Model Based on ER and BRB

4.4. Parameter Optimization Based on Industrial Control System Network Security Situation Prediction Model

4.5. Comparative Experimentas

5. Conclusions

Author Contributions

Funding

Institutional Review Board Statement

Informed Consent Statement

Data Availability Statement

Conflicts of Interest

Appendix A

References

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI