A General Real-Time Control Approach of Intrusion Response for Industrial Automation Systems

Intrusion response is a critical part of security protection. Compared with IT systems, industrial automation systems (IASs) have greater timeliness and availability demands. Real-time security policy enforcement of intrusion response is a challenge facing intrusion response for IASs. Inappropriate enforcement of the security policy can influence normal operation of the control system, and the loss caused by this security policy may even exceed that caused by cyberattacks. However, existing research about intrusion response focuses on security policy decisions and ignores security policy execution. This paper proposes a general, real-time control approach based on table-driven scheduling of intrusion response in IASs to address the problem of security policy execution. Security policy consists of a security service group, with each type of security service supported by a realization task set. Realization tasks from several task sets can be combined to form a response task set. In the proposed approach, first, a response task set is generated by a nondominated sorting genetic algorithm (GA) II with joint consideration of security performance and cost. Then, the system is reconfigured through an integrated scheduling scheme where system tasks and response tasks are mapped and scheduled together based on a GA. Furthermore, results from both numerical simulations and a real-application simulation show that the proposed method can implement the security policy in time with little effect on the system.

[1]  M. Takano Sustainable cyber security for tility facilities control system based on defense-in-depth concept , 2007, SICE Annual Conference 2007.

[2]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[3]  Edurne Irisarri,et al.  Real-time modeling for industrial control systems , 2010, 2010 IEEE 15th Conference on Emerging Technologies & Factory Automation (ETFA 2010).

[4]  Abdullah Al Mamun,et al.  An evolutionary artificial immune system for multi-objective optimization , 2008, Eur. J. Oper. Res..

[5]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[6]  Václav Snásel,et al.  Swarm scheduling approaches for work-flow applications with security constraints in distributed data-intensive computing environments , 2012, Inf. Sci..

[7]  Sherali Zeadally,et al.  Critical Control System Protection in the 21st Century , 2013, Computer.

[8]  M. Tahar Kechadi,et al.  Multi-objective feature selection by using NSGA-II for customer churn prediction in telecommunications , 2010, Expert Syst. Appl..

[9]  Carlos A. Coello Coello,et al.  Handling multiple objectives with particle swarm optimization , 2004, IEEE Transactions on Evolutionary Computation.

[10]  Cristina Alcaraz,et al.  Smart control of operational threats in control substations , 2013, Comput. Secur..

[11]  Albert Y. Zomaya,et al.  Task-Tree Based Large-Scale Mosaicking for Massive Remote Sensed Imageries with Dynamic DAG Scheduling , 2014, IEEE Transactions on Parallel and Distributed Systems.

[12]  Cumberland Emergency,et al.  Framework for Improving Critical Infrastructure Cybersecurity News From Down Under , 2014 .

[13]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[14]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[15]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[16]  Kenli Li,et al.  A Novel Security-Driven Scheduling Algorithm for Precedence-Constrained Tasks in Heterogeneous Distributed Systems , 2011, IEEE Transactions on Computers.

[17]  Frank Mueller,et al.  Intrusion Detection for CPS Real-Time Controllers , 2015 .

[18]  Kalyanmoy Deb,et al.  A fast and elitist multiobjective genetic algorithm: NSGA-II , 2002, IEEE Trans. Evol. Comput..

[19]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[20]  N. Lawrence Ricker,et al.  Model predictive control of a continuous, nonlinear, two-phase reactor , 1993 .

[21]  Seyed Taghi Akhavan Niaki,et al.  A hybrid vendor managed inventory and redundancy allocation optimization problem in supply chain management: An NSGA-II with tuned parameters , 2014, Comput. Oper. Res..

[22]  S. Shankar Sastry,et al.  Understanding the physical and economic consequences of attacks on control systems , 2009, Int. J. Crit. Infrastructure Prot..

[23]  Liang Dong,et al.  Real-Time Scheduling with Security Enhancement for Packet Switched Networks , 2013, IEEE Transactions on Network and Service Management.

[24]  DebK.,et al.  A fast and elitist multiobjective genetic algorithm , 2002 .

[25]  Sun Hui,et al.  Multi-objective optimization for hydraulic hybrid vehicle based on adaptive simulated annealing genetic algorithm , 2010, Eng. Appl. Artif. Intell..

[26]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[27]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[28]  Naixue Xiong,et al.  Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications , 2014, Inf. Sci..

[29]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[30]  Ing-Ray Chen,et al.  Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[31]  Yingjiu Li,et al.  An intrusion response decision-making model based on hierarchical task network planning , 2010, Expert Syst. Appl..

[32]  Alfonso Valdes,et al.  Intrusion Monitoring in Process Control Systems , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[33]  Nils Kalstad Svendsen,et al.  Using Physical Models for Anomaly Detection in Control Systems , 2009, Critical Infrastructure Protection.

[34]  Enrico Zio,et al.  Vulnerability of Smart Grids With Variable Generation and Consumption: A System of Systems Perspective , 2013, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[35]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[36]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[37]  Mohamed Hamdi,et al.  A multi-attribute decision model for intrusion response system , 2014, Inf. Sci..

[38]  Kalyanmoy Deb,et al.  Muiltiobjective Optimization Using Nondominated Sorting in Genetic Algorithms , 1994, Evolutionary Computation.

[39]  Mo-Yuen Chow,et al.  Modeling and Optimizing the Performance-Security Tradeoff on D-NCS Using the Coevolutionary Paradigm , 2013, IEEE Transactions on Industrial Informatics.

[40]  Alain Girault,et al.  A Novel Bicriteria Scheduling Heuristics Providing a Guaranteed Global System Failure Rate , 2009, IEEE Transactions on Dependable and Secure Computing.

[41]  Cao Guang-yi,et al.  A Novel Multi-objective Optimization Algorithm Based on Artificial Immune System , 2009, 2009 Fifth International Conference on Natural Computation.

[42]  Sergey Bratus,et al.  Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems , 2011, Critical Infrastructure Protection.

[43]  Ragunathan Rajkumar,et al.  Real-Time Operating Systems , 2004, Real-Time Systems.

[44]  Winn Schwartau Time-based security explained: Provable security models and formulas for the practitioner and vendor , 1998, Comput. Secur..

[45]  Meikang Qiu,et al.  Static Security Optimization for Real-Time Systems , 2009, IEEE Transactions on Industrial Informatics.

[46]  Chunjie Zhou,et al.  A hybrid neural-genetic approach for reconfigurable scheduling of networked control system , 2009, GEC '09.

[47]  Matti Mantere,et al.  Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network , 2013, Future Internet.

[48]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part II: Attack Detection Using Enhanced Hydrodynamic Models , 2013, IEEE Transactions on Control Systems Technology.

[49]  Xiaomin Zhu,et al.  A two-phase scheduling strategy for real-time applications with security requirements on heterogeneous clusters , 2009, Comput. Electr. Eng..

[50]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[51]  Winn Schwartau,et al.  Time Based Security , 1999 .

[52]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.