Towards cyber-physical intrusion tolerance

While cyber-physical systems are widely deployed and known to be difficult to analyze due to their increasing complexity, the number of sophisticated attacks against them have been constantly growing. This necessitates semi-automated intrusion response and recovery capabilities for timely termination of ongoing attacks and effective recovery of the infrastructural normal and safe operations. In this paper, we present CPR, a cyber-physical response system to protect power grid critical infrastructures, and discuss major challenges in theoretical formulation and practical deployment of fully-automated tolerance capabilities in settings where continuous physical dynamics continuously interact with cyber-side discrete computation logic. Our evaluation results show that CPR leverages its hybrid cyber-physical formulation, and efficiently selects optimal joint response strategies in both physical and cyber networks.

[1]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[2]  Prasad Naldurg,et al.  MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications , 2014, CCS.

[3]  Kory W. Hedman,et al.  A review of transmission switching and network topology optimization , 2011, 2011 IEEE Power and Energy Society General Meeting.

[4]  William H. Sanders,et al.  SOCCA: A Security-Oriented Cyber-Physical Contingency Analysis in Power Infrastructures , 2014, IEEE Transactions on Smart Grid.

[5]  William H. Sanders,et al.  SCPSE: Security-Oriented Cyber-Physical State Estimation for Power Grid Critical Infrastructures , 2012, IEEE Transactions on Smart Grid.

[6]  Saman A. Zonouz,et al.  EliMet: Security metric elicitation in power grid critical infrastructures by observing system administrators' responsive behavior , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[7]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[8]  Leslie Pack Kaelbling,et al.  Partially Observable Markov Decision Processes for Artificial Intelligence , 1995, Reasoning with Uncertainty in Robotics.

[9]  Sean R Eddy,et al.  What is dynamic programming? , 2004, Nature Biotechnology.

[10]  Edward J. Sondik,et al.  The Optimal Control of Partially Observable Markov Processes over a Finite Horizon , 1973, Oper. Res..

[11]  Mohamed Cheriet,et al.  Taxonomy of intrusion risk assessment and response system , 2014, Comput. Secur..

[12]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[13]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[14]  William F. Tinney,et al.  Optimal Power Flow Solutions , 1968 .

[15]  Minghai Liu,et al.  Generalized Line Outage Distribution Factors , 2007, IEEE Transactions on Power Systems.

[16]  Angelina Geetha,et al.  Intrusion Protection against SQL Injection and Cross Site Scripting Attacks Using a Reverse Proxy , 2012, SNDS.

[17]  Ron Lepofsky North American Energy Council Security Standard for Critical Infrastructure Protection (NERC CIP) , 2014 .

[18]  Xi Wang,et al.  Intrusion Recovery Using Selective Re-execution , 2010, OSDI.