| With the steady advance of Industry 4.0,industrial control system has gradually become an important part of various industrial production fields in the world.However,with the mature development of the isolated network of industrial control system and the arrival of application bottleneck,the system begins to access to the complex external network environment to adapt to the emerging technologies such as industrial Internet of Things and Industrial Cyber-Physical System.However,the complexity of external network leads to the serious security challenge of industrial control system,so the information security problem of industrial control system needs to be solved urgently.Intrusion response mechanism is particularly important as the last barrier of the industrial control system,so this paper mainly analyzes and studies the intrusion response mechanism.Firstly,by analyzing the characteristics of industrial control system and combining with different types of data contained in industrial environment,this paper proposes a real-time risk assessment model.Then,based on the risk assessment model,an intrusion response decision model for industrial control system is proposed.Finally,the system decision module calculates the optimal response strategy according to the current risk state and effectively achieves the purpose of sniping intrusion behavior.The main work content and innovation points of this paper are as follows:1)According to the network structure and data source characteristics of industrial control system,this paper proposes a real-time system risk assessment model based on risk assessment of each node.This model unifies the alarm data of the intrusion detection system and the physical quantity of the sensor of the Industrial CyberPhysical System in the industrial production environment to form a new data system,which makes up for the problem of the patchiness of the strategy caused by the single data source of the traditional intrusion response system,and makes the optimal strategy generated by it more effective.In the subsequent contents of this paper,the risk coefficient value generated by this model is also used as the data source of the subsequent policy decision model.In addition,this paper also designs a partially observable intrusion response decision model of the single agent of Monte-Carlo method based on the new data system,the decision model using the random sampling and Monte-Carlo search tree model,in the case of an intruder behavior known defense policy decision for the policy decision model,the experimental results show that theCompared with the same type of decision model,the intrusion response decision model has higher average policy decision return and lower decision delay.2)because the job content 1)described in the decision making model based on single agent,so do not apply to the interaction process of industrial control system security defense,therefore,this paper uses the real-time risk assessment model described in work content 1)to simulate the behaviors of the two parties as a two-person non-cooperative random game model with the system risk coefficient as the reward function parameter.On this basis,the strategy benefit calculation process of this decision model is replaced by a Partially Observable Markov Decision Process.Through the combination of the two forms,the new decision model is formed.The experimental results show that the model can fully sim ulate the field situation and make the response decision to maximize the benefit of the defender after considering the possible behavior of the attacker.In addition,this paper also adopts approximation processing to each iteration of Markov Decision Process,which effectively reduces the number of iteration rounds of its strategy calculation.In addition,parallelization processing is carried out in the game process to accelerate the strategy solution of the attacker,which alleviates the problems of too many iterations and slow convergence speed in the decision-making process... |
PDF Full Text Request