Publications-Theses
Article View/Open
Publication Export
-
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
題名 零信任工業物聯網環境下基於優先佇列改善系統效率
Improving System Efficiency Using Priority Queue in Zero Trust IIoT Networks作者 林浩鉦
Lin, Hao-Cheng貢獻者 孫士勝
Sun, Shi-Sheng
林浩鉦
Lin, Hao-Cheng關鍵詞 零信任
工業物聯網
優先佇列
異常偵測
時間敏感網路
Zero Trust Architecture (ZTA)
Industrial Internet of Things (IIoT)
Priority Queue
Abnormal Detection
Time-Sensitive Network (TSN)日期 2025 上傳時間 1-Sep-2025 16:57:53 (UTC+8) 摘要 工業物聯網(IIoT)部署規模的不斷擴大,伴隨而來的是日益嚴峻的安全風險,促使企業採用零信任架構(ZTA),ZTA是一種「永不信任、始終驗證」的模型,將每個使用者和裝置視為潛在的惡意來源。雖然 ZTA 大幅增強了防禦能力,但同時也引入因為不斷驗證造成的處理延遲,與 IIoT 嚴格的即時需求發生衝突。為了解決此問題,我們提出了一種根據動態信任分數的優先佇列框架,根據封包的即時信任分數將其分配到不同的服務層級,高信任流量能夠較快取得服務,並將此推導至時間敏感網路(TSN)的八階優先佇列中。透過將篩選後的流量建模為 G/D/1 排隊系統,我們即使在非泊松到達下也能預估系統等候時間。結果顯示,程式模擬能使系統等待時間降低 13%,原型架構能使系統等待時間降低 16%,且相同原理可直接擴展至 TSN 的完整八階佇列層級,以保證關鍵 IIoT 訊息的延遲上限。
The ever-growing scale of Industrial Internet of Things (IIoT) deployments has heightened security risks, motivating the adoption of Zero Trust Architecture (ZTA), a “never trust, always verify” model, that treats every user and device as potentially malicious. While ZTA significantly strengthens system defenses, it can also introduce non-negligible processing delays that conflict with IIoT’s stringent real-time requirements. To address this, we introduce a dynamic, trust-driven priority-queueing framework that assigns packets to service tiers based on their real-time trust scores and seamlessly maps high-trust flows into Time-Sensitive Network (TSN)’s eight-level priority scheduling. By modeling the post-filter traffic as a G/D/1 queue, we obtain closed-form delay bounds even under non-Poisson arrivals. Through simulation, our two-tier model demonstrates a 13% reduction in average waiting time. Furthermore, our prototype architecture which is implemented using the MQTT protocol, achieves a 16% reduction in average waiting time. The same principles can be directly extended to TSN’s full eight-tier queuing hierarchy to guarantee bounded latency for critical IIoT messages.參考文獻 [1]Daniel Young et al., “The Industrial Internet Reference Architecture,” Industrial Internet Consortium, 1.10, Nov. 2022. [Online]. Available: https://www.iiconsortium.org/wp-content/uploads/sites/2/2022/11/IIRA-v1.10.pdf [2]A. Atieh, P. Nanda, and M. Mohanty, “A Zero-Trust Framework for Industrial Internet of Things,” in 2023 International Conference on Computing, Networking and Communications (ICNC), Feb. 2023, pp. 331–335. doi: 10.1109/ICNC57223.2023.10074295. [3]J. Wang, H. Wang, H. Zhang, and N. Cao, “Trust and Attribute-Based Dynamic Access Control Model for Internet of Things,” in 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Oct. 2017, pp. 342–345. doi: 10.1109/CyberC.2017.47. [4]S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207. [5]Y. Ashibani, D. Kauling, and Q. H. Mahmoud, “Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes,” Appl. Syst. Innov., vol. 2, no. 1, Art. no. 1, Mar. 2019, doi: 10.3390/asi2010004. [6]Z. Xu, B. Di, and L. Song, “Design of Cloud-Edge-Gateway Collaborative Zero-Trust Architecture and Workflow for Smart Factories,” in 2024 IEEE International Workshop on Radio Frequency and Antenna Technologies (iWRF&AT), May 2024, pp. 335–339. doi: 10.1109/iWRFAT61200.2024.10594530. [7]M. Fahim and A. Sillitti, “Anomaly Detection, Analysis and Prediction Techniques in IoT Environment: A Systematic Literature Review,” IEEE Access, vol. 7, pp. 81664–81681, 2019, doi: 10.1109/ACCESS.2019.2921912. [8]M. Vukadinovic, B. Reiterer, M. Rathmair, and C. G. Schuetz, “Anomaly Detection in Robot Applications: Comparison of Rule-Based and Machine Learning Methods,” in 2024 9th International Conference on Control, Robotics and Cybernetics (CRC), Jan. 2024, pp. 1–5. doi: 10.1109/CRC63701.2024.10949892. [9]H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, “A Detection Method for Anomaly Flow in Software Defined Network,” IEEE Access, vol. 6, pp. 27809–27817, 2018, doi: 10.1109/ACCESS.2018.2839684. [10]“IoT Network Anomaly Detection in Smart Homes Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Aug. 04, 2025. [Online]. Available: https://ieeexplore.ieee.org/document/10287977 [11]Donald Gross, John F. Shortle, James M. Thompson, Carl M. Harris, Fundamentals of Queueing Theory. 2008. [12]Kleinrock, Leonard, Queueing Systems: Theory. 1975. [13]J. F. C. Kingman, “The single server queue in heavy traffic,” Math. Proc. Camb. Philos. Soc., vol. 57, no. 4, pp. 902–904, Oct. 1961, doi: 10.1017/S0305004100036094. [14]D. A. Chekired, L. Khoukhi, and H. T. Mouftah, “Industrial IoT Data Scheduling Based on Hierarchical Fog Computing: A Key for Enabling Smart Factory,” IEEE Trans. Ind. Inform., vol. 14, no. 10, pp. 4590–4602, Oct. 2018, doi: 10.1109/TII.2018.2843802. [15]Z. Jin, C. Zhang, Y. Jin, L. Zhang, and J. Su, “A Resource Allocation Scheme for Joint Optimizing Energy Consumption and Delay in Collaborative Edge Computing-Based Industrial IoT,” IEEE Trans. Ind. Inform., vol. 18, no. 9, pp. 6236–6243, Sept. 2022, doi: 10.1109/TII.2021.3125376. [16]S. Bhushan and M. Mat, “Priority-Queue based Dynamic Scaling for Efficient Resource Allocation in Fog Computing,” in 2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), Feb. 2021, pp. 1–6. doi: 10.1109/SOLI54607.2021.9672442. [17]M. Adhikari, M. Mukherjee, and S. N. Srirama, “DPTO: A Deadline and Priority-Aware Task Offloading in Fog Computing Framework Leveraging Multilevel Feedback Queueing,” IEEE Internet Things J., vol. 7, no. 7, pp. 5773–5782, July 2020, doi: 10.1109/JIOT.2019.2946426. [18]“IEEE Standard for Local and Metropolitan Area Networks–Audio Video Bridging (AVB) Systems,” IEEE Std 8021BA-2021 Revis. IEEE Std 8021BA-2011, pp. 1–45, Feb. 2021, doi: 10.1109/IEEESTD.2021.9653970. [19]“IEEE Standard for Local and metropolitan area networks – Bridges and Bridged Networks - Amendment 25: Enhancements for Scheduled Traffic,” IEEE Std 8021Qbv-2015 Amend. IEEE Std 8021Q-2014 Amend. IEEE Std 8021Qca-2015 IEEE Std 8021Qcd-2015 IEEE Std 8021Q-2014Cor 1-2015, pp. 1–57, Mar. 2016, doi: 10.1109/IEEESTD.2016.8613095. [20]Y. Wang, L. Tian, and Z. Chen, “Game Analysis of Access Control Based on User Behavior Trust,” Information, vol. 10, no. 4, Art. no. 4, Apr. 2019, doi: 10.3390/info10040132. [21]W. Han, Y. Gu, Y. Zhang, and L. Zheng, “Data driven quantitative trust model for the Internet of Agricultural Things,” in 2014 International Conference on the Internet of Things (IOT), Oct. 2014, pp. 31–36. doi: 10.1109/IOT.2014.7030111. [22]R. A. Light, “Mosquitto: server and client implementation of the MQTT protocol,” J. Open Source Softw., vol. 2, no. 13, p. 265, May 2017, doi: 10.21105/joss.00265. 描述 碩士
國立政治大學
資訊科學系
112753137資料來源 http://thesis.lib.nccu.edu.tw/record/#G0112753137 資料類型 thesis dc.contributor.advisor 孫士勝 zh_TW dc.contributor.advisor Sun, Shi-Sheng en_US dc.contributor.author (Authors) 林浩鉦 zh_TW dc.contributor.author (Authors) Lin, Hao-Cheng en_US dc.creator (作者) 林浩鉦 zh_TW dc.creator (作者) Lin, Hao-Cheng en_US dc.date (日期) 2025 en_US dc.date.accessioned 1-Sep-2025 16:57:53 (UTC+8) - dc.date.available 1-Sep-2025 16:57:53 (UTC+8) - dc.date.issued (上傳時間) 1-Sep-2025 16:57:53 (UTC+8) - dc.identifier (Other Identifiers) G0112753137 en_US dc.identifier.uri (URI) https://nccur.lib.nccu.edu.tw/handle/140.119/159416 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學系 zh_TW dc.description (描述) 112753137 zh_TW dc.description.abstract (摘要) 工業物聯網(IIoT)部署規模的不斷擴大,伴隨而來的是日益嚴峻的安全風險,促使企業採用零信任架構(ZTA),ZTA是一種「永不信任、始終驗證」的模型,將每個使用者和裝置視為潛在的惡意來源。雖然 ZTA 大幅增強了防禦能力,但同時也引入因為不斷驗證造成的處理延遲,與 IIoT 嚴格的即時需求發生衝突。為了解決此問題,我們提出了一種根據動態信任分數的優先佇列框架,根據封包的即時信任分數將其分配到不同的服務層級,高信任流量能夠較快取得服務,並將此推導至時間敏感網路(TSN)的八階優先佇列中。透過將篩選後的流量建模為 G/D/1 排隊系統,我們即使在非泊松到達下也能預估系統等候時間。結果顯示,程式模擬能使系統等待時間降低 13%,原型架構能使系統等待時間降低 16%,且相同原理可直接擴展至 TSN 的完整八階佇列層級,以保證關鍵 IIoT 訊息的延遲上限。 zh_TW dc.description.abstract (摘要) The ever-growing scale of Industrial Internet of Things (IIoT) deployments has heightened security risks, motivating the adoption of Zero Trust Architecture (ZTA), a “never trust, always verify” model, that treats every user and device as potentially malicious. While ZTA significantly strengthens system defenses, it can also introduce non-negligible processing delays that conflict with IIoT’s stringent real-time requirements. To address this, we introduce a dynamic, trust-driven priority-queueing framework that assigns packets to service tiers based on their real-time trust scores and seamlessly maps high-trust flows into Time-Sensitive Network (TSN)’s eight-level priority scheduling. By modeling the post-filter traffic as a G/D/1 queue, we obtain closed-form delay bounds even under non-Poisson arrivals. Through simulation, our two-tier model demonstrates a 13% reduction in average waiting time. Furthermore, our prototype architecture which is implemented using the MQTT protocol, achieves a 16% reduction in average waiting time. The same principles can be directly extended to TSN’s full eight-tier queuing hierarchy to guarantee bounded latency for critical IIoT messages. en_US dc.description.tableofcontents Chapter1 INTRODUCTION 1 1-1 Background 1 1-2 Motivation 2 1-3 Contributions 3 1-4 Thesis Organization 3 Chapter2 Related Work 5 2-1 Zero Trust Architecture 5 2-2 Anomaly Detection 7 2-3 Queueing Theory 9 2-4 Time-Sensitive Network 11 2-5 Literature Comparison 13 Chapter3 System Model and Detection Implementation 14 3-1 System Architecture 14 3-2 Detection Implementation and Trust Score 16 3-2-1 Rule-Based Detection 16 3-2-2 Machine Learning-Based Detection 17 3-2-3 Trust Value Calculation 17 3-3 Implementation of Priority Queue 20 Chapter4 Proposed Queueing-based Methodology 22 4-1 Actual Waiting Time 22 4-2 Theoretical Waiting Time 23 4-3 TSN Performance Modeling 26 Chapter5 Experimental Results 27 5-1 Rule-based Detection Analysis 28 5-2 ML-based Detection Analysis 30 5-3 Prototype Architecture 31 5-4 Overall and TSN Performance Analysis 35 Chapter6 Conclusion and Future Works 38 6-1 Conclusion 38 6-2 Future Works 38 REFERENCE 40 zh_TW dc.format.extent 1934180 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0112753137 en_US dc.subject (關鍵詞) 零信任 zh_TW dc.subject (關鍵詞) 工業物聯網 zh_TW dc.subject (關鍵詞) 優先佇列 zh_TW dc.subject (關鍵詞) 異常偵測 zh_TW dc.subject (關鍵詞) 時間敏感網路 zh_TW dc.subject (關鍵詞) Zero Trust Architecture (ZTA) en_US dc.subject (關鍵詞) Industrial Internet of Things (IIoT) en_US dc.subject (關鍵詞) Priority Queue en_US dc.subject (關鍵詞) Abnormal Detection en_US dc.subject (關鍵詞) Time-Sensitive Network (TSN) en_US dc.title (題名) 零信任工業物聯網環境下基於優先佇列改善系統效率 zh_TW dc.title (題名) Improving System Efficiency Using Priority Queue in Zero Trust IIoT Networks en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1]Daniel Young et al., “The Industrial Internet Reference Architecture,” Industrial Internet Consortium, 1.10, Nov. 2022. [Online]. Available: https://www.iiconsortium.org/wp-content/uploads/sites/2/2022/11/IIRA-v1.10.pdf [2]A. Atieh, P. Nanda, and M. Mohanty, “A Zero-Trust Framework for Industrial Internet of Things,” in 2023 International Conference on Computing, Networking and Communications (ICNC), Feb. 2023, pp. 331–335. doi: 10.1109/ICNC57223.2023.10074295. [3]J. Wang, H. Wang, H. Zhang, and N. Cao, “Trust and Attribute-Based Dynamic Access Control Model for Internet of Things,” in 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Oct. 2017, pp. 342–345. doi: 10.1109/CyberC.2017.47. [4]S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207. [5]Y. Ashibani, D. Kauling, and Q. H. Mahmoud, “Design and Implementation of a Contextual-Based Continuous Authentication Framework for Smart Homes,” Appl. Syst. Innov., vol. 2, no. 1, Art. no. 1, Mar. 2019, doi: 10.3390/asi2010004. [6]Z. Xu, B. Di, and L. Song, “Design of Cloud-Edge-Gateway Collaborative Zero-Trust Architecture and Workflow for Smart Factories,” in 2024 IEEE International Workshop on Radio Frequency and Antenna Technologies (iWRF&AT), May 2024, pp. 335–339. doi: 10.1109/iWRFAT61200.2024.10594530. [7]M. Fahim and A. Sillitti, “Anomaly Detection, Analysis and Prediction Techniques in IoT Environment: A Systematic Literature Review,” IEEE Access, vol. 7, pp. 81664–81681, 2019, doi: 10.1109/ACCESS.2019.2921912. [8]M. Vukadinovic, B. Reiterer, M. Rathmair, and C. G. Schuetz, “Anomaly Detection in Robot Applications: Comparison of Rule-Based and Machine Learning Methods,” in 2024 9th International Conference on Control, Robotics and Cybernetics (CRC), Jan. 2024, pp. 1–5. doi: 10.1109/CRC63701.2024.10949892. [9]H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, “A Detection Method for Anomaly Flow in Software Defined Network,” IEEE Access, vol. 6, pp. 27809–27817, 2018, doi: 10.1109/ACCESS.2018.2839684. [10]“IoT Network Anomaly Detection in Smart Homes Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Aug. 04, 2025. [Online]. Available: https://ieeexplore.ieee.org/document/10287977 [11]Donald Gross, John F. Shortle, James M. Thompson, Carl M. Harris, Fundamentals of Queueing Theory. 2008. [12]Kleinrock, Leonard, Queueing Systems: Theory. 1975. [13]J. F. C. Kingman, “The single server queue in heavy traffic,” Math. Proc. Camb. Philos. Soc., vol. 57, no. 4, pp. 902–904, Oct. 1961, doi: 10.1017/S0305004100036094. [14]D. A. Chekired, L. Khoukhi, and H. T. Mouftah, “Industrial IoT Data Scheduling Based on Hierarchical Fog Computing: A Key for Enabling Smart Factory,” IEEE Trans. Ind. Inform., vol. 14, no. 10, pp. 4590–4602, Oct. 2018, doi: 10.1109/TII.2018.2843802. [15]Z. Jin, C. Zhang, Y. Jin, L. Zhang, and J. Su, “A Resource Allocation Scheme for Joint Optimizing Energy Consumption and Delay in Collaborative Edge Computing-Based Industrial IoT,” IEEE Trans. Ind. Inform., vol. 18, no. 9, pp. 6236–6243, Sept. 2022, doi: 10.1109/TII.2021.3125376. [16]S. Bhushan and M. Mat, “Priority-Queue based Dynamic Scaling for Efficient Resource Allocation in Fog Computing,” in 2021 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI), Feb. 2021, pp. 1–6. doi: 10.1109/SOLI54607.2021.9672442. [17]M. Adhikari, M. Mukherjee, and S. N. Srirama, “DPTO: A Deadline and Priority-Aware Task Offloading in Fog Computing Framework Leveraging Multilevel Feedback Queueing,” IEEE Internet Things J., vol. 7, no. 7, pp. 5773–5782, July 2020, doi: 10.1109/JIOT.2019.2946426. [18]“IEEE Standard for Local and Metropolitan Area Networks–Audio Video Bridging (AVB) Systems,” IEEE Std 8021BA-2021 Revis. IEEE Std 8021BA-2011, pp. 1–45, Feb. 2021, doi: 10.1109/IEEESTD.2021.9653970. [19]“IEEE Standard for Local and metropolitan area networks – Bridges and Bridged Networks - Amendment 25: Enhancements for Scheduled Traffic,” IEEE Std 8021Qbv-2015 Amend. IEEE Std 8021Q-2014 Amend. IEEE Std 8021Qca-2015 IEEE Std 8021Qcd-2015 IEEE Std 8021Q-2014Cor 1-2015, pp. 1–57, Mar. 2016, doi: 10.1109/IEEESTD.2016.8613095. [20]Y. Wang, L. Tian, and Z. Chen, “Game Analysis of Access Control Based on User Behavior Trust,” Information, vol. 10, no. 4, Art. no. 4, Apr. 2019, doi: 10.3390/info10040132. [21]W. Han, Y. Gu, Y. Zhang, and L. Zheng, “Data driven quantitative trust model for the Internet of Agricultural Things,” in 2014 International Conference on the Internet of Things (IOT), Oct. 2014, pp. 31–36. doi: 10.1109/IOT.2014.7030111. [22]R. A. Light, “Mosquitto: server and client implementation of the MQTT protocol,” J. Open Source Softw., vol. 2, no. 13, p. 265, May 2017, doi: 10.21105/joss.00265. zh_TW
