簡易檢索 / 詳目顯示
| 研究生: |
林浩鉦 Lin, Hao-Cheng |
|---|---|
| 論文名稱: |
零信任工業物聯網環境下基於優先佇列改善系統效率 Improving System Efficiency Using Priority Queue in Zero Trust IIoT Networks |
| 指導教授: |
孫士勝
Sun, Shi-Sheng |
| 口試委員: |
沈上翔
Shen, Shan-Hsiang 江宗韋 Chiang, Tsung-Wei |
| 學位類別: |
碩士
Master |
| 系所名稱: |
資訊學院 - 資訊科學系 Department of Computer Science |
| 論文出版年: | 2025 |
| 畢業學年度: | 113 |
| 語文別: | 英文 |
| 論文頁數: | 41 |
| 中文關鍵詞: | 零信任 、工業物聯網 、優先佇列 、異常偵測 、時間敏感網路 |
| 外文關鍵詞: | Zero Trust Architecture (ZTA), Industrial Internet of Things (IIoT), Priority Queue, Abnormal Detection, Time-Sensitive Network (TSN) |
| 相關次數: | 點閱:19 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
工業物聯網(IIoT)部署規模的不斷擴大,伴隨而來的是日益嚴峻的安全風險,促使企業採用零信任架構(ZTA),ZTA是一種「永不信任、始終驗證」的模型,將每個使用者和裝置視為潛在的惡意來源。雖然 ZTA 大幅增強了防禦能力,但同時也引入因為不斷驗證造成的處理延遲,與 IIoT 嚴格的即時需求發生衝突。為了解決此問題,我們提出了一種根據動態信任分數的優先佇列框架,根據封包的即時信任分數將其分配到不同的服務層級,高信任流量能夠較快取得服務,並將此推導至時間敏感網路(TSN)的八階優先佇列中。透過將篩選後的流量建模為 G/D/1 排隊系統,我們即使在非泊松到達下也能預估系統等候時間。結果顯示,程式模擬能使系統等待時間降低 13%,原型架構能使系統等待時間降低 16%,且相同原理可直接擴展至 TSN 的完整八階佇列層級,以保證關鍵 IIoT 訊息的延遲上限。
The ever-growing scale of Industrial Internet of Things (IIoT) deployments has heightened security risks, motivating the adoption of Zero Trust Architecture (ZTA), a “never trust, always verify” model, that treats every user and device as potentially malicious. While ZTA significantly strengthens system defenses, it can also introduce non-negligible processing delays that conflict with IIoT’s stringent real-time requirements. To address this, we introduce a dynamic, trust-driven priority-queueing framework that assigns packets to service tiers based on their real-time trust scores and seamlessly maps high-trust flows into Time-Sensitive Network (TSN)’s eight-level priority scheduling. By modeling the post-filter traffic as a G/D/1 queue, we obtain closed-form delay bounds even under non-Poisson arrivals. Through simulation, our two-tier model demonstrates a 13% reduction in average waiting time. Furthermore, our prototype architecture which is implemented using the MQTT protocol, achieves a 16% reduction in average waiting time. The same principles can be directly extended to TSN’s full eight-tier queuing hierarchy to guarantee bounded latency for critical IIoT messages.
Chapter1 INTRODUCTION 1
1-1 Background 1
1-2 Motivation 2
1-3 Contributions 3
1-4 Thesis Organization 3
Chapter2 Related Work 5
2-1 Zero Trust Architecture 5
2-2 Anomaly Detection 7
2-3 Queueing Theory 9
2-4 Time-Sensitive Network 11
2-5 Literature Comparison 13
Chapter3 System Model and Detection Implementation 14
3-1 System Architecture 14
3-2 Detection Implementation and Trust Score 16
3-2-1 Rule-Based Detection 16
3-2-2 Machine Learning-Based Detection 17
3-2-3 Trust Value Calculation 17
3-3 Implementation of Priority Queue 20
Chapter4 Proposed Queueing-based Methodology 22
4-1 Actual Waiting Time 22
4-2 Theoretical Waiting Time 23
4-3 TSN Performance Modeling 26
Chapter5 Experimental Results 27
5-1 Rule-based Detection Analysis 28
5-2 ML-based Detection Analysis 30
5-3 Prototype Architecture 31
5-4 Overall and TSN Performance Analysis 35
Chapter6 Conclusion and Future Works 38
6-1 Conclusion 38
6-2 Future Works 38
REFERENCE 40
[1]Daniel Young et al., “The Industrial Internet Reference Architecture,” Industrial Internet Consortium, 1.10, Nov. 2022. [Online]. Available: https://www.iiconsortium.org/wp-content/uploads/sites/2/2022/11/IIRA-v1.10.pdf
[2]A. Atieh, P. Nanda, and M. Mohanty, “A Zero-Trust Framework for Industrial Internet of Things,” in 2023 International Conference on Computing, Networking and Communications (ICNC), Feb. 2023, pp. 331–335. doi: 10.1109/ICNC57223.2023.10074295.
[3]J. Wang, H. Wang, H. Zhang, and N. Cao, “Trust and Attribute-Based Dynamic Access Control Model for Internet of Things,” in 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Oct. 2017, pp. 342–345. doi: 10.1109/CyberC.2017.47.
[4]S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
[5]Y. Ashibani, D. Kauling, and Q. H. Mahmoud, “Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes,” Appl. Syst. Innov., vol. 2, no. 1, Art. no. 1, Mar. 2019, doi: 10.3390/asi2010004.
[6]Z. Xu, B. Di, and L. Song, “Design of Cloud-Edge-Gateway Collaborative Zero-Trust Architecture and Workflow for Smart Factories,” in 2024 IEEE International Workshop on Radio Frequency and Antenna Technologies (iWRF&AT), May 2024, pp. 335–339. doi: 10.1109/iWRFAT61200.2024.10594530.
[7]M. Fahim and A. Sillitti, “Anomaly Detection, Analysis and Prediction Techniques in IoT Environment: A Systematic Literature Review,” IEEE Access, vol. 7, pp. 81664–81681, 2019, doi: 10.1109/ACCESS.2019.2921912.
[8]M. Vukadinovic, B. Reiterer, M. Rathmair, and C. G. Schuetz, “Anomaly Detection in Robot Applications: Comparison of Rule-Based and Machine Learning Methods,” in 2024 9th International Conference on Control, Robotics and Cybernetics (CRC), Jan. 2024, pp. 1–5. doi: 10.1109/CRC63701.2024.10949892.
[9]H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, “A Detection Method for Anomaly Flow in Software Defined Network,” IEEE Access, vol. 6, pp. 27809–27817, 2018, doi: 10.1109/ACCESS.2018.2839684.
[10]“IoT Network Anomaly Detection in Smart Homes Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Aug. 04, 2025. [Online]. Available: https://ieeexplore.ieee.org/document/10287977
[11]Donald Gross, John F. Shortle, James M. Thompson, Carl M. Harris, Fundamentals of Queueing Theory. 2008.
[12]Kleinrock, Leonard, Queueing Systems: Theory. 1975.
[13]J. F. C. Kingman, “The single server queue in heavy traffic,” Math. Proc. Camb. Philos. Soc., vol. 57, no. 4, pp. 902–904, Oct. 1961, doi: 10.1017/S0305004100036094.
[14]D. A. Chekired, L. Khoukhi, and H. T. Mouftah, “Industrial IoT Data Scheduling Based on Hierarchical Fog Computing: A Key for Enabling Smart Factory,” IEEE Trans. Ind. Inform., vol. 14, no. 10, pp. 4590–4602, Oct. 2018, doi: 10.1109/TII.2018.2843802.
[15]Z. Jin, C. Zhang, Y. Jin, L. Zhang, and J. Su, “A Resource Allocation Scheme for Joint Optimizing Energy Consumption and Delay in Collaborative Edge Computing-Based Industrial IoT,” IEEE Trans. Ind. Inform., vol. 18, no. 9, pp. 6236–6243, Sept. 2022, doi: 10.1109/TII.2021.3125376.
[16]S. Bhushan and M. Mat, “Priority-Queue based Dynamic Scaling for Efficient Resource Allocation in Fog Computing,” in 2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), Feb. 2021, pp. 1–6. doi: 10.1109/SOLI54607.2021.9672442.
[17]M. Adhikari, M. Mukherjee, and S. N. Srirama, “DPTO: A Deadline and Priority-Aware Task Offloading in Fog Computing Framework Leveraging Multilevel Feedback Queueing,” IEEE Internet Things J., vol. 7, no. 7, pp. 5773–5782, July 2020, doi: 10.1109/JIOT.2019.2946426.
[18]“IEEE Standard for Local and Metropolitan Area Networks–Audio Video Bridging (AVB) Systems,” IEEE Std 8021BA-2021 Revis. IEEE Std 8021BA-2011, pp. 1–45, Feb. 2021, doi: 10.1109/IEEESTD.2021.9653970.
[19]“IEEE Standard for Local and metropolitan area networks – Bridges and Bridged Networks - Amendment 25: Enhancements for Scheduled Traffic,” IEEE Std 8021Qbv-2015 Amend. IEEE Std 8021Q-2014 Amend. IEEE Std 8021Qca-2015 IEEE Std 8021Qcd-2015 IEEE Std 8021Q-2014Cor 1-2015, pp. 1–57, Mar. 2016, doi: 10.1109/IEEESTD.2016.8613095.
[20]Y. Wang, L. Tian, and Z. Chen, “Game Analysis of Access Control Based on User Behavior Trust,” Information, vol. 10, no. 4, Art. no. 4, Apr. 2019, doi: 10.3390/info10040132.
[21]W. Han, Y. Gu, Y. Zhang, and L. Zheng, “Data driven quantitative trust model for the Internet of Agricultural Things,” in 2014 International Conference on the Internet of Things (IOT), Oct. 2014, pp. 31–36. doi: 10.1109/IOT.2014.7030111.
[22]R. A. Light, “Mosquitto: server and client implementation of the MQTT protocol,” J. Open Source Softw., vol. 2, no. 13, p. 265, May 2017, doi: 10.21105/joss.00265.
全文公開日期 2028/08/12