Intrusion response is a critical part of security protection. Compared with IT systems, industrial automation systems (IASs) have greater timeliness and availability demands. Real-time security policy enforcement of intrusion response is a challenge facing intrusion response for IASs. Inappropriate enforcement of the security policy can influence normal operation of the control system, and the loss caused by this security policy may even exceed that caused by cyberattacks. However, existing research about intrusion response focuses on security policy decisions and ignores security policy execution. This paper proposes a general, real-time control approach based on table-driven scheduling of intrusion response in IASs to address the problem of security policy execution. Security policy consists of a security service group, with each type of security service supported by a realization task set. Realization tasks from several task sets can be combined to form a response task set. In the proposed approach, first, a response task set is generated by a nondominated sorting genetic algorithm (GA) II with joint consideration of security performance and cost. Then, the system is reconfigured through an integrated scheduling scheme where system tasks and response tasks are mapped and scheduled together based on a GA. Furthermore, results from both numerical simulations and a real-application simulation show that the proposed method can implement the security policy in time with little effect on the system.
Funding
This work was
supported by the National Natural Science Foundation of China under Grant
61272204 and Grant 61433006.
History
School
Science
Department
Computer Science
Published in
IEEE Transactions on Systems, Man, and Cybernetics: Systems
Volume
46
Issue
8
Pages
1021 - 1035
Citation
HUANG, S. ... et al., 2016. A general real-time control approach of intrusion response for industrial automation systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 46 (8), pp. 1021 - 1035.