| Industrial control systems(ICSs)are the foundation of national critical infrastructures.They have been such important systems which support many kinds of industrial production involving electric power,chemical industry,oil and natural gas,water and wastewater,and etc.However,with the development and adoption of a new generation of information and communication technologies,the openness of ICSs expands continuously,thereby resulting in severe cyber threats.Once cyber-attacks are initiated on ICSs,they can cause serious accidents,ranging from slight property damage to serious public safety and environmental pollution.Therefore,improving cyber-security of ICSs is of paramount importance for keeping system running efficiently,steadily and safely.Under the context,this thesis,with focus on the security issues of ICSs,investigates the system architecture,operation features and security requirements of ICSs,combines the multi-domain knowledge and running data in ICSs,and proposes an active intrusion response approach for ICS cyber-security protection.Specifically,this approach includes three parts: dynamic impact assessment of cyber-attacks,decision-making,coordination and co-scheduling of strategies.Active intrusion response means that an appropriate strategy is developed and subsequently enforced after assessing the current security situation according to the information of detected anomalies.It can help defend ICSs against cyber-attacks,mitigate the impact of cyber-attacks,and furtherly guarantee the safe operation of ICSs.Assessing the impact of cyber-attacks can be used for analyzing the current security situation,and assist decision-making.However,as ICSs have various kinds of assets,strong coupling features and complex impact propagation processes,to assess the impact accurately is quite difficult.Accordingly,this paper proposed an asset-based impact assessment approach of cyber-attacks.In the approach,an asset is expressed as a group of attributes,i.e.,construction,function,performance,location and business.On the basis,component-level and system-level asset models incorporating features of cyber-attacks are established with Petri net after characterizing the impact of cyber-attacks on assets.The asset models are used for analyzing impact propagation.With the evidences of attacks detected by real-time intrusion detection systems,the potential physical incidents are analyzed by inferring asset models and then quantified at a unified scale.Finally,the trend of impact of cyber-attacks is predicted.Besides,a special application of the approach is to rank critical system parameters and prioritize key assets for resource optimization.Traditional decision-making approaches mainly focus on protection of cyber domain and have relatively simple decision-making basis,so these approaches are not fit for protection of ICSs which should cover both cyber domain and physical domain,make a tradeoff among security,cost and performance.Therefore,a multi-objective based decision-making approach is proposed for ICSs.More specifically,a candidate strategy generation method covering cyber domain and physical domain is constructed on the foundation of depth analysis of cyberattack propagation.The method ensures the completeness of candidate strategy space.Then,a multi-objective optimization decision-making process with the objectives of security benefit,system benefit and state benefit,is set up with consideration of risk,cost and operation state.Solving the optimization problem results in a set of Pareto optimal solutions.Furtherly,the solutions in the Pareto optimal set are priorized with the designed distance-based evaluation method.This decision-making approach achieves a trade-off between security investment and its returns,thus solving the excessive response problem.Additionally,it can be fine-tunned adaptively on the basis of the context of system security posture.The generated measures are not predictable,thereby overcoming the shortcoming of relative fixed response for traditional decision-making methods and reducing the possibility of attackers exploiting the predictability.Considering that most ICSs have pre-deployed safety strategy against the failures of critical functions,a coordination and co-scheduling approach of security strategy and safety strategy is proposed for ICSs to ensure the effective enforcement of two kinds of strategies.Aiming at addressing the potential conflicts between safety and security(S&S)strategies,a contradiction resolution policy is designed after investigating the relationships between S&S strategies from the perspective of system function.According to the resolution policy,the possible safety strategy triggered to be enforced and the possible security strategy are reconciled.Then,targeting at the optimization problem of S&S strategy enforcement,the effects of S&S strategy on ICSs are evaluated from the perspective of risk of functional failure and then an integrated scheduling algorithm taking risk as optimization goal is built for reconciled S&S strategy and system functional task set under multiple constraints,such as real-time requirements.And the optimal scheduling scheme is searched to ensure smooth implementation of the reconciled S&S strategy and system functional tasks.At last,a summary of this dissertation is presented,the novelties of the presented work are explained,and the future work is also prospected. |
PDF Full Text Request