Network Security Situation Awareness for Industrial Control System Under Integrity Attacks

Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

[1]  Manpreet Singh,et al.  Building a framework for network security situation awareness , 2016, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom).

[2]  Dan Svenstrup,et al.  Monte Carlo methods for dynamical systems , 2009 .

[3]  G. Manimaran,et al.  Anomaly extraction and correlations for power infrastructure cyber systems , 2008, 2008 IEEE International Conference on Systems, Man and Cybernetics.

[4]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[5]  Daniel S. Kirschen,et al.  Situation awareness in power systems: Theory, challenges and applications , 2015 .

[6]  Shanchieh Jay Yang,et al.  Intrusion activity projection for cyber situational awareness , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[7]  Karl Henrik Johansson,et al.  Secure Control Systems: A Quantitative Risk Management Approach , 2015, IEEE Control Systems.

[8]  Wang Chunlei,et al.  Network Security Situation Awareness System Based on Knowledge Discovery , 2012 .

[9]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[10]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[11]  Salvatore D'Antonio,et al.  High-Speed Intrusion Detection in Support of Critical Infrastructure Protection , 2006, CRITIS.

[12]  Jun S. Liu,et al.  Sequential Monte Carlo methods for dynamic systems , 1997 .

[13]  Yongjun Shen,et al.  The model of network security situation assessment based on random forest , 2016, 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[14]  Guangquan Zhang,et al.  The explosion at institute: modeling and analyzing the situation awareness factor. , 2014, Accident; analysis and prevention.

[15]  Nina F. Thornhill,et al.  A continuous stirred tank heater simulation model with applications , 2008 .

[16]  Yong Liu,et al.  A network security situation perception model based on immune state transition , 2012 .

[17]  Lu Cao,et al.  Predictive Smooth Variable Structure Filter for Attitude Synchronization Estimation During Satellite Formation Flying , 2017, IEEE Transactions on Aerospace and Electronic Systems.

[18]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[19]  Lu Cao,et al.  Unscented predictive variable structure filter for satellite attitude estimation with model errors when using low precision sensors , 2016 .

[20]  Arnaud Doucet,et al.  Particle filters for state estimation of jump Markov linear systems , 2001, IEEE Trans. Signal Process..

[21]  Ke Tang,et al.  Insider cyber threat situational awareness framwork using dynamic Bayesian networks , 2009, 2009 4th International Conference on Computer Science & Education.

[22]  Stefan Arnborg,et al.  Information awareness in command and control: precision, quality, utility , 2000, Proceedings of the Third International Conference on Information Fusion.

[23]  Zhang Bin,et al.  Hierarchical network threat situation assessment method for DDoS based on D-S evidence theory , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).