Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Shuyu Fan,Yangzhao Li,Mengfan Zhang,Dongqin Feng,Qingyun Chen,Ying Jiang

DOI: https://doi.org/10.1109/cac51589.2020.9326773

2020-01-01

Abstract:In this paper, problems of anomaly detection and scenario classification in industrial control systems(ICSs) are investigated. Anomalies caused by attacks can have impacts on product quality, production stability and device security in ICSs to varying degrees, where different countermeasures are needed. To distinguish anomalies with different damage, the rationale of ICSs is analyzed in detail and four security scenarios are defined with typical characteristics, taking Tennessee Eastman process as an example. A set of attributes are extracted from typical data of scenarios and fuzzy c-means algorithm is adopted to classify sample cases into these security scenarios. At last, an anomaly detection and scenario classification scheme is proposed with a data-driven security scenario model. Experiments are provided to verify the validity and generality of the proposed method.

Jianxin Xu,Dongqin Feng

DOI: https://doi.org/10.1155/2017/2430835

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:This paper discusses two aspects of major risks related to the cyber security of an industrial control system (ICS), including the exploitation of the vulnerabilities of legitimate communication parties and the features abused by unauthorized parties. We propose a novel framework for exposing the above two types of risks. A state fusion finite state machine (SF-FSM) model is defined to describe multiple request-response packet pair sequence signatures of various applications using the same protocol. An inverted index of keywords in an industrial protocol is also proposed to accomplish fast state sequence matching. Then we put forward the concept of scenario reconstruction, using state sequence matching based on SF-FSM, to present the known vulnerabilities corresponding to applications of a specific type and version by identifying the packet interaction characteristics from the data flow in the supervisory control layer network. We also implement an anomaly detection approach to identifying illegal access using state sequence matching based on SF-FSM. An anomaly is asserted if none of the state sequence signatures in the SF-FSM is matched with a packet flow. Ultimately, an example based on industrial protocols is demonstrated by a prototype system to validate the methods of scenario reconstruction and anomaly detection.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Feng Li,Mozhong Zhu,Ling Lin

DOI: https://doi.org/10.3233/jifs-234686

2024-01-24

Journal of Intelligent & Fuzzy Systems

Abstract:Once industrial control systems are targeted by cyber-attacks, the consequences can be severe, including asset loss, environmental pollution, and public security risks. Risk assessment is an important way to ensure that industrial control systems operate efficiently, steadily and safely. The purpose of this paper is to develop a risk assessment model for industrial control systems based on asymmetric connection cloud and Choquet integral, which fully takes into account the fact that values of risk indicators are often fuzzy, random, asymmetrically distributed in finite intervals, and there are interactions among different indicators. To do so, we first establish a risk assessment index system to ensure the full reflection of availability, integrity, and confidentiality in the results of risk assessment for industrial control systems. Then we establish classification standards for each evaluation indicator based on the importance of assets, vulnerabilities, and threats in evaluating the risk of industrial control systems. Next we develop a risk assessment model based on asymmetric connection cloud and Choquet integral to determine the risk level of industrial control systems. In the following, an example is provided to demonstrate the feasibility and reliability of this proposed model. The experimental results have demonstrated a high level of credibility in assessing cyber-attacks by the proposed model, indicating its potential for analyzing the current security and risk posture of industrial control systems.

Chunjie Zhou,Bowen Hu,Yang Shi,Yu-Chu Tian,Xuan Li,Yue Zhao

DOI: https://doi.org/10.1109/jproc.2020.3034595

IF: 20.6

2021-04-01

Proceedings of the IEEE

Abstract:With the rapid development of functional requirements in the emerging Industry 4.0 era, modern industrial control systems (ICSs) are no longer isolated islands, making them more vulnerable to various cyberattack threats. Cyberattacks on ICSs may have disruptive consequences, such as significant social and economic losses. To proactively address the security issue of ICSs, this article presents a unified architectural approach from the perspectives of cyberthreats on ICSs, security-related ICS technologies, and methods for ICSs. It incorporates secure networks, secure control systems, secure physical processes, and their interactions seamlessly into a unified framework. To increase the resistance of ICSs against intrusions, the network security in our architectural approach is to secure the data in motion through the integration of secure network architecture, secure industrial network protocols, and secure end-to-end communications. The protection of control systems in our architectural approach is risk-based and hierarchical and encompasses prevention- and tolerance-centric defenses. It provides a layer-by-layer defense so that an acceptable level of cybersecurity risk is achieved and maintained. Aiming to maintain the stable operation of physical ICS processes, the secure control in our architectural approach implements a security process against process-aware attacks through a resilient safety control scheme. The global and systematic architectural approach presented in this article for the ICS cybersecurity will help facilitate the design and implementation of cyberattack-resilient ICSs in the networked world. For further development of ICS security technologies, emerging challenges are identified and discussed to motivate future research efforts.

engineering, electrical & electronic

Huishan Song,Yanbin Yuan,Yuhe Wang,Jianbai Yang,Hang Luo,Shiming Li

DOI: https://doi.org/10.3390/s24227135

IF: 3.9

2024-11-07

Sensors

Abstract:With the rapid advancements in information technology and industrialization, the sustainability of industrial production has garnered significant attention. Industrial control systems (ICS), which encompass various facets of industrial production, are deeply integrated with the Internet, resulting in enhanced efficiency and quality. However, this integration also introduces challenges to the continuous operation of industrial processes. This paper presents a novel security assessment model for ICS, which is based on evidence-based reasoning and a library of belief rules. The model consolidates diverse information within ICS, enhancing the accuracy of assessments while addressing challenges such as uncertainty in ICS data. The proposed model employs evidential reasoning (ER) to fuse various influencing factors and derive security assessment values. Subsequently, a belief rule base is used to construct an assessment framework, grounded in expert-defined initial parameters. To mitigate the potential unreliability of expert knowledge, the chaotic mapping adaptive whale optimization algorithm is incorporated to enhance the model's accuracy in assessing the security posture of industrial control networks. Finally, the model's effectiveness in security assessment was validated through experimental results. Comparative analysis with other assessment models demonstrates that the proposed model exhibits superior performance in ICS security assessment.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Navid Aftabi,Dan Li,Ph.D.,Thomas Sharkey,Ph.D

2024-01-31

Abstract:Industrial Control Systems (ICSs) are widely used in critical infrastructures that face various cyberattacks causing physical damage. With the increasing integration of the ICSs and information technology (IT), ensuring the security of ICSs is of paramount importance. In an ICS, cyberattacks exploit vulnerabilities to compromise sensors and controllers, aiming to cause physical damage. Maliciously accessing different components poses varying risks, highlighting the importance of identifying high-risk cyberattacks. This aids in designing effective detection schemes and mitigation strategies. This paper proposes an optimization-based cyber-risk assessment framework that integrates cyber and physical systems of ICSs. The framework models cyberattacks with varying expertise and knowledge by 1) maximizing physical impact in terms of failure time of the physical system, 2) quickly accessing the sensors and controllers in the cyber system while exploiting limited vulnerabilities, 3) avoiding detection in the physical system, and 4) complying with the cyber and physical restrictions. These objectives enable us to jointly model the interactions between the cyber and physical systems and study the critical cyberattacks that cause the highest impact on the physical system under certain resource constraints. Our framework serves as a tool to understand the vulnerabilities of an ICS with a holistic consideration of cyber and physical systems and their interactions and assess the risk of existing detection schemes by generating the worst-case attack strategies. We illustrate and verify the effectiveness of our proposed method in a numerical and a case study. The results show that a worst-case strategic attacker causes almost 19% further acceleration in the failure time of the physical system while remaining undetected compared to a random attacker.

Optimization and Control,Systems and Control

P A S Ralston,J H Graham,J L Hieb

DOI: https://doi.org/10.1016/j.isatra.2007.04.003

Abstract:The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

Alexey Poletykin

DOI: https://doi.org/10.1109/rusautocon.2018.8501811

2018-09-01

Abstract:The cyber security formula-based risk evaluation method is outlined for using SCADA in Industrial Control System (ICS) of Critical National Infrastructure (CNI) plants. The main feature of the method is taking into account not only information security methods but all safety and security and reliability measures available. Another feature concerns assets definition by means of explicit and hidden functions for which damage values from feasible cyber-attacks are estimated. The method deals with the scales of order. An example of the scale is proposed for damage and risk values. The essence of the method, its application domain restrictions, the stages of risk management addressed, key risk management concepts covered are described in the paper.

Yen-Neng Chiang,Yi-Wei Ma,Jiann-Liang Chen,Yi-Hao Tu,Chia-Wei Tsou

DOI: https://doi.org/10.70003/160792642024072504005

2024-07-31

Abstract:The utilization of network technology in Industrial Control Systems (ICS) is becoming increasingly prevalent due to advancements in the Fifth Generation Networks (5G), the Internet of Things (IoT), cloud computing, and big data. These technologies have significantly enhanced intelligent mobile device data transmission speed and interaction levels. The connection of ICS devices to a network gives rise to supplementary security considerations. Hence, this paper must analyze and synthesize pertinent scholarly works on cyber security and safety within the ICS sector. This paper further categorizes the security risks that ICS may encounter into six distinct areas: attack, detect, risk estimation, incident response, protect, and incident prevention. Extensive literature evaluations and rigorous research were conducted to examine the subject matter thoroughly. Based on the findings, comprehensive suggestions and strategic approaches were produced for each specific area. This paper proposed the ICS-based Purdue Enterprise Reference Architecture (PERA) to evaluate the threat and solution for enhancing ICS security and safety.

Engineering,Computer Science

He Wen

DOI: https://doi.org/10.48550/arXiv.2306.08631

2023-06-15

Abstract:Cyberattacks on industrial control systems (ICS) have been drawing attention in academia. However, this has not raised adequate concerns among some industrial practitioners. Therefore, it is necessary to identify the vulnerable locations and components in the ICS and investigate the attack scenarios and techniques. This study proposes a method to assess the risk of cyberattacks on ICS with an improved Common Vulnerability Scoring System (CVSS) and applies it to a continuous stirred tank reactor (CSTR) model. The results show the physical system levels of ICS have the highest severity once cyberattacked, and controllers, workstations, and human-machine interface are the crucial components in the cyberattack and defense.

Cryptography and Security,Artificial Intelligence

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

Chunjie Zhou,Xuan Li,Shuanghua Yang,Yu-Chu Tian

DOI: https://doi.org/10.1109/tii.2019.2903224

IF: 12.3

2020-05-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial control systems (ICSs) in networked environments face severe cyber-security risks and challenges. A timely response to cyber-attacks is of paramount importance for mitigating risks. However, the security policy developed for an ICS may be conflicting with the ICS's safety policy, on which much attention has been paid for a long time in industrial control. An inappropriate enforcement of the security policy may deteriorate the ICS performance or even result in severe unexpected consequences. To tackle this problem, a risk-based security task scheduling approach is presented for ICSs with consideration of the safety policy. It ensures a timely response to cyber-attacks without compromising safety. More specifically, the approach reconciles security tasks and safety tasks according to a designed resolution policy, so as to acquire contradiction-free security and safety (S&S) tasks. Then, a real-time risk assessment method is developed to characterize the subtle change of the system risk with the implementation of the reconciled S&S tasks. After that, a task scheduling method is designed with the risk as the optimization objective, i.e., it searches the optimal task scheduling scheme by minimizing the risk posture. The resulting scheduling scheme ensures the smooth implementation of the S&S policy, which reflects the optimal recovery process against the risk. Finally, case studies on a hardware-in-the-loop testbed are conducted to demonstrate the effectiveness of the proposed approach.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Hao Wang,Nathan Lau,Ryan M Gerdes

DOI: https://doi.org/10.1177/0018720818769250

Abstract:Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Yaofang Zhang,Zibo Wang,Yingzhou Wang,Kuan Lin,Tongtong Li,Hongri Liu,Chao Li,Bailing Wang

DOI: https://doi.org/10.1007/s11227-023-05269-1

IF: 3.3

2023-04-22

The Journal of Supercomputing

Abstract:Although the expansion of attack types against industrial control systems is limited, the available means that violate the same security strategy emerge endlessly. However, the high availability and real-time requirements of industrial control systems restrict the application of some countermeasures that require massive resources. To solve this problem, this paper proposes a low learning-cost risk assessment model for similar scenarios, which enables the formulation of defense strategies for system risks in advance. To lay the foundation for this method, we firstly aggregate the attack means into limited attack types according to word clustering to address the classification challenge caused by unknown attacks. Then, similarity and statistical methods are combined to predict the next attack type. Subsequently, the hidden Markov model is used to map attack types and security states to obtain the forecasting results of the next security state. Based on this, the risk value is calculated through these prediction and forecasting results, and the system relevance and alert timeliness are considered in the assessment stage. We break the scenario limitations and verify the advantages of our model in a known scenario and another similar scenario with unknown attacks. The experimental results show that our model can deal with unknown attacks in similar scenarios and has excellent scenario migration ability. Meanwhile, the changing trend of the risk value is in consistence with the actual data, which also confirms that the assessment model can forecast the future risk situation of the system accurately and comprehensively.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Weijie Hao,Tao Yang,Qiang Yang

DOI: https://doi.org/10.1109/tase.2021.3073396

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber–physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners—This article was motivated by the challenge of real-time anomaly detection in industrial cyber–physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.