Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems

In this paper we analyze the effect of intrusion detection and response on the reliability of a cyber physical system (CPS) comprising sensors, actuators, control units, and physical objects for controlling and protecting a physical infrastructure. We develop a probability model based on stochastic Petri nets to describe the behavior of the CPS in the presence of both malicious nodes exhibiting a range of attacker behaviors, and an intrusion detection and response system (IDRS) for detecting and responding to malicious events at runtime. Our results indicate that adjusting detection and response strength in response to attacker strength and behavior detected can significantly improve the reliability of the CPS. We report numerical data for a CPS subject to persistent, random and insidious attacks with physical interpretations given.

[1]  Jin-Hee Cho,et al.  Effect of Intrusion Detection on Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Hoc Networks , 2010, IEEE Transactions on Reliability.

[2]  Sheldon M. Ross,et al.  Introduction to Probability Models (4th ed.). , 1990 .

[3]  Boudewijn R. Haverkort,et al.  Performance and reliability analysis of computer systems: An example-based approach using the sharpe software package , 1998 .

[4]  Ing-Ray Chen,et al.  Behavior Rule Based Intrusion Detection for Supporting Secure Medical Cyber Physical Systems , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[5]  Kishor S. Trivedi,et al.  SPNP: stochastic Petri net package , 1989, Proceedings of the Third International Workshop on Petri Nets and Performance Models, PNPM89.

[6]  Aiko Pras,et al.  Intrusion Detection in SCADA Networks , 2010, AIMS.

[7]  Ning Lu,et al.  Safeguarding SCADA Systems with Anomaly Detection , 2003, MMM-ACNS.

[8]  Farokh B. Bastani,et al.  On the Reliability of AI Planning Software in Real-Time Applications , 1995, IEEE Trans. Knowl. Data Eng..

[9]  Biming Tian,et al.  Anomaly detection in wireless sensor networks: A survey , 2011, J. Netw. Comput. Appl..

[10]  Farokh B. Bastani,et al.  Reliability of systems with fuzzy-failure criterion , 1994, Proceedings of Annual Reliability and Maintainability Symposium (RAMS).

[11]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[12]  Ing-Ray Chen,et al.  Specification based intrusion detection for unmanned aircraft systems , 2012, Airborne '12.

[13]  ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS, Berlin, Germany, April 14-17, 2014 , 2014, ICCPS.

[14]  M. Milvich,et al.  Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS) , 2008, 2008 IEEE Conference on Technologies for Homeland Security.

[15]  Ing-Ray Chen,et al.  Analyzing dynamic voting using Petri nets , 1996, Proceedings 15th Symposium on Reliable Distributed Systems.

[16]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package , 2012 .

[17]  Chi-Ho Tsang,et al.  Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction , 2005, 2005 IEEE International Conference on Industrial Technology.

[18]  Ing-Ray Chen,et al.  Analysis of Replicated Data with Repair Dependency , 1996, Comput. J..

[19]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[20]  Hsiao-Hwa Chen,et al.  Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges , 2014, IEEE Systems Journal.

[21]  Sheldon M. Ross,et al.  Introduction to probability models , 1975 .

[22]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[23]  Carlo Bellettini,et al.  A Product Machine Model for Anomaly Detection of Interposition Attacks on Cyber-Physical Systems , 2008, SEC.

[24]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[25]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[26]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[27]  Farokh B. Bastani,et al.  Effect of artificial-intelligence planning-procedures on system reliability , 1991 .

[28]  Wei Gao,et al.  On SCADA control system command and response injection and intrusion detection , 2010, 2010 eCrime Researchers Summit.

[29]  Insup Lee,et al.  Security Challenges in Next Generation Cyber Physical Systems , 2006 .

[30]  Igor Nai Fovino,et al.  Modbus/DNP3 State-Based Intrusion Detection System , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[31]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[32]  Paul W. Oman,et al.  Intrusion Detection and Event Monitoring in SCADA Networks , 2007, Critical Infrastructure Protection.