Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring
Abstract
:1. Introduction
2. Approach to Adaptive Information Security
2.1. The Problem of Modern CPS Security Monitoring
2.2. Principles of the Systemological Approach to Adaptive Information Security Monitoring
- The principle of integrity.
- The principle of evolutionary adaptability.
- The principle of hierarchical connectivity.
3. Management of the CPS Adaptive Information Security Monitoring
- Assessment of the state, including the assessment of the all the security goals fulfillment and objectives, as well as the assessment of the sufficiency conditions and minimality of data and methods for solving the problem.
- Adjustment and fixation of security tasks.
- Determination of the available methods. In their absence, a transition to a higher-level adjustment of security objectives or system parameters, including technical capabilities for data collection and resource-based boundary conditions.
- Development of a new monitoring scheme, including the assessment of the time methods characteristics and data preparation, the assessment of the entire set of boundary conditions, and the solution of the problem of finding the optimal monitoring scheme.
- Adjustment of the data collection and preprocessing scheme in accordance with the new information security monitoring scheme.
- For the initial objective functions of parameters of the form , take the resulting objective function of this parameter as .
- For the initial objective functions of parameters of the form , take the resulting objective function of this parameter as .
- For each initial information security monitoring scheme , significant parameters of the scheme are determined and a vector of parameter values is formed.
- The creation of the sorted scheme projections of the form ascending the parameter value, which is where и .
- Filtering projections according to the boundary condition for each significant parameter for which the corresponding boundary is set (5). In this case, schemes with parameters not exceeding the boundary value are excluded from the set S, which is , where is a set of schemes that do not satisfy the boundary conditions. For each excluded element of set , there is a way out of at least one boundary value:
- Formation of the resulting set after eliminating from R all of the schemes that violate at least one boundary.
- Method of criteria (parameters) prioritization.
- Method for calculating the generalized criterion.
- Derived methods.
- Reflect the peculiarities of a particular industrial CPS from the point of view of decision-makers and combine the automatic and automated selection of the optimal monitoring scheme.
- Reflect the shift in priorities in the choice of the monitoring scheme when the stability margin changes the CPS for a particular set of limited resources taken into account in the scheme parameters.
- Conduct a correspondence between the generation of the information security monitoring scheme and the risk-based threat model CPS, automatically prioritizing the directions of increased risk, which is, for threats with maximum residual risk values, maximize the margin of detection accuracy while remaining in the boundary values for the rest of the characteristics.
- Comparison of the set of residual risks Ri with the parameters of the monitoring scheme through mappings to security objectives , and construction of the transitive mapping , forming a pair of risks and related parameters of the ISMS scheme of the form , where а .
- Ranking a set of pairs based on the cost of the risks.
- Ranking of each subset according to the degree of influence on the corresponding risk of each individual parameter.
4. Experimental Studies
5. Discussion
- All of the sets of safety problems have methods for their solution, if these methods exist.
- All of the applied methods of solving security problems have data from the protected object.
- The representation (model) of the protected object in the monitoring system is complete and reliable.
- Data of the protected object were not distorted during the transfer to the monitoring system.
- All of the methods for solving security problems are provided with the exact data and in the format required for their work.
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Conflicts of Interest
References
- Analiz Gromkih Incidentov v Sfere Informacionnoj Bezopasnosti v 2019 Godu [Elektronnyj Resurs]. 2020. Available online: https://www.tadviser.ru/a/498885 (accessed on 25 November 2021).
- Dehghani, M.; Niknam, T.; Ghiasi, M.; Siano, P.; Haes Alhelou, H.; Al-Hinai, A. Fourier Singular Values-Based False Data Injection Attack Detection in AC Smart-Grids. Appl. Sci. 2021, 11, 5706. [Google Scholar] [CrossRef]
- Wang, C.; Wang, D.; Xu, G.; He, D. Efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0. Sci. China Inf. Sci. 2022, 65, 112301. [Google Scholar] [CrossRef]
- Jiang, Q.; Zhang, N.; Ni, J.; Ma, J.; Ma, X.; Choo, K.-K.R. Unified Biometric Privacy Preserving Three-Factor Authentication and Key Agreement for Cloud-Assisted Autonomous Vehicles. IEEE Trans. Veh. Technol. 2020, 69, 9390–9401. [Google Scholar] [CrossRef]
- Li, Z.; Wang, D.; Morais, E. Quantum-Safe Round-Optimal Password Authentication for Mobile Devices. IEEE Trans. Dependable Secur. Comput. Early Access 2020, 1–14. [Google Scholar] [CrossRef]
- Stevens, M. Security Information and Event Management (SIEM). In Proceedings of the NEbraska CERT Conference, Omaha, NE, USA, 9–11 August 2005; Available online: http://www.certconf.org/presentations/2005/files/WC4.pdf. (accessed on 25 November 2021).
- Kotenko, I.V. Primenenie tekhnologii upravleniya informaciej i sobytiyami bezopasnosti dlya zashchity informacii v kriticheski vazhnyh infrastrukturah. Trudy SPIIRAN Vyp 2012, 1, 2–7. [Google Scholar]
- Lavrova, D.S. Podhod k razrabotke SIEM-sistemy dlya Interneta veshchej. Probl. Inf. Bezopasnosti. Komp’yuternye Sist. 2016, 2, 51–59. [Google Scholar]
- Lavrova, D.S.; Zaitseva, E.A.; Zegzhda, D.P. Approach to Presenting Network Infrastructure of Cyberphysical Systems to Minimize the Cyberattack Neutralization Time. Autom. Control Comp. Sci. 2019, 53, 387–392. [Google Scholar] [CrossRef]
- Klyanchin, A.I.; Markov, A.S.; Fadin, A.A.; Ilyuhin, M.V. SIEM–tekhnologiya kak osnova postroeniya zashchishchennyh system. Informatizaciya i informacionnaya bezopasnost’ pravoohranitel’nyh organov. In Proceedings of the XXII Vserossijskaya Nauchnaya Konferenciya, Moskva, Russia, 29–30 May 2013; pp. 270–273. Available online: https://www.elibrary.ru/item.asp?id=24711035 (accessed on 25 November 2021).
- Nashivochnikov, N.V.; Lukashin, A.A.; Bol’shakov, A.A. Primenenie analiticheskih sredstv v sisteme operacionnogo monitoringa i analiza bezopasnosti kiberfizicheskih sistem dlya predpriyatij toplivno-energeticheskogo kompleksa, Matematicheskie metody v tekhnike i tekhnologiyah. MMTT-32 2019, 2, 1–5. [Google Scholar]
- Siddiqui, S.; Khan, M.S.; Ferens, K.; Kinsner, W. Fractal based cognitive neural network to detect obfuscated and indistinguishable internet threats. In Proceedings of the 2017 IEEE 16th International Conference on Cognitive Informatics & Cognitive Computing (ICCI*CC), Oxford, UK, 26–28 July 2017; pp. 297–308. [Google Scholar] [CrossRef]
- Knapp, E.D.; Langill, J.T. Chapter 12-Security Monitoring of Industrial Control Systems. In Industrial Network Security, 2nd ed.; Eric, D., Knapp, J.T., Eds.; Syngress: New York, NY, USA, 2015; pp. 351–386. [Google Scholar] [CrossRef]
- Jiang, Y.; Yin, S.; Kaynak, O. Data-Driven Monitoring and Safety Control of Industrial Cyber-Physical Systems: Basics and Beyond. IEEE Access 2018, 6, 47374–47384. [Google Scholar] [CrossRef]
- Cao, L. Data Science: A Comprehensive Overview. ACM Comput. Surv. 2017, 50, 1–42. [Google Scholar] [CrossRef] [Green Version]
- Solar JSOC Security Report. Itogi 2019 Goda [Elektronnyj Resurs]. 2020. Available online: https://rt-solar.ru/upload/iblock/faf/Solar-JSOC-Security-Report-2019.pdf. (accessed on 25 November 2021).
- Kiberataki na Sistemy ASU TP v Energetike v Evrope. Pervyj Kvartal 2020 Goda [Elektronnyj Resurs]. 2020. Available online: https://ics-cert.kaspersky.ru/reports/2020/09/03/cyberthreats-for-ics-in-energy-in-europe-q1-2020/. (accessed on 25 November 2021).
- GOST R 50922-2006 Zashchita Informacii. Osnovnye Terminy i Opredeleniya Utverzhden i Vveden v Dejstvie Prikazom Federal’nogo Agentstva po Tekhnicheskomu Regulirovaniyu i Metrologii ot 27 dekabrya 2006 g. N 373-st. Available online: https://docs.cntd.ru/document/1200058320 (accessed on 25 November 2021).
- Lukackij, A. Izmerenie effektivnosti SOC. Chast’ 2. Inf. Bezop. 2020, 3. Available online: https://www.itsec.ru/articles/izmerenie-effectivnosti-soc-part-2. (accessed on 25 November 2021).
- Proekt Standarta Zashchita Informacii. Monitoring Informacionnoj Bezopasnosti. Obshchie Polozheniya» [Elektronnyj resurs]–2020. Available online: https://fstec.ru/component/attachments/download/243. (accessed on 25 November 2021).
- Ge, Z. Review on data-driven modeling and monitoring for plant-wide industrial processes. Chemom. Intell. Lab. Syst. 2017, 171, 16–25. [Google Scholar] [CrossRef]
- Klir, G.J. Architecture of Systems Problem Solving; Plenum Publishing Corporation: New York, NY, USA, 1985; p. 354. [Google Scholar]
- Wang, H.; Li, S. General Systems Theory and Systems Engineering. In Introduction to Social Systems Engineering; Springer: Singapore, 2018; pp. 31–83. [Google Scholar] [CrossRef]
- Pereira, T.; Barreto, L.; Amaral, A. Network and information security challenges within Industry 4.0 paradigm. Procedia Manuf. 2017, 13, 1253–1260. [Google Scholar] [CrossRef]
- Chhetri, S.R. Abdullah, M. Data-Driven Modeling of Cyber-Physical Systems Using Side-Channel Analysis; Springer Nature: Cham, Switzerland, 2020; p. 234. [Google Scholar] [CrossRef] [Green Version]
- Zhao, Z.; Huang, Y.; Zhen, Z.; Li, Y. Data-Driven False Data-Injection Attack Design and Detection in Cyber-Physical Systems. IEEE Trans. Cybern. Early Access 2020, 1–9. Available online: https://ieeexplore.ieee.org/abstract/document/9003529 (accessed on 25 November 2021).
- Poltavtseva, M.A.; Zegzhda, D.P. Building an Adaptive System for Collecting and Preparing Data for Security Monitoring. Autom. Control Comp. Sci. 2020, 54, 968–976. [Google Scholar] [CrossRef]
- Poltavtseva, M.A. Heterogeneous data aggregation and normalization in information security monitoring and intrusion detection systems of large-scale industrial CPS. Proc. Inst. Syst. Program. RAS 2020, 32, 131–142. [Google Scholar] [CrossRef]
- Podinovskij, V.V.; Nogin, V.D. Pareto–Optimal’nye Resheniya Mnogokriterialnyh Zadach; Fizmatlit: Moscow, Russia, 2007; p. 256. [Google Scholar]
- Nogin, V.D. Problema suzheniya mnozhestva Pareto: Podhody k resheniyu. Iskusstv. Intell. i Prinyatie Reshenij 2008, 1, 98–112. [Google Scholar]
- Anisimov, V.G.; Zegzhda, P.D.; Suprun, A.F.; Anisimov, E.G.; Bazhin, D.A. Risk–orientirovannyj podhod k organizacii kontrolya v podsistemah obespecheniya bezopasnosti informacionnyh system. Probl. Inf. Bezopasnosti. Komp’yuternye Sist. 2016, 3, 61–67. [Google Scholar]
- Krundyshev, V.M.; Kalinin, M.O. Metodika analiza riskov informacionnoj bezopasnosti dlya intellektual’nyh kibersred. In Fundamental’nye Problemy Upravleniya Proizvodstvennymi Processami v Usloviyah Perekhoda k Industrii 4.0. Tezisy Dokladov Nauchnogo Seminara v Ramkah Mezhdunarodnoj Nauchno-Tekhnicheskoj Konferencii “\Avtomatizaciya\”; Ministerstvo Nauki i Vysshego Obrazovaniya Rossijskoj Federacii Federal’noe Gosudarstvennoe: Moscow, Russia, 2020; pp. 139–141. [Google Scholar]
- Zegzhda, P.D.; Lavrova, D.S.; Shtyrkina, A.A. Mul’tifraktal’nyj analiz trafika magistral’nyh setej internet dlya obnaruzheniya atak otkaza v obsluzhivanii, Problemy informacionnoj bezopasnosti. Komp’yuternye Sist. 2018, 2, 48–58. [Google Scholar]
- Sheluhin, O.; Atayero, A.; Garmashev, A. Detection of Teletraffic Anomalies Using Multifractal Analysis. Int. J. Adv. Comput. Technol. 2011, 3, 174–182. [Google Scholar]
- Coletta, A. Security Monitoring for Industrial Control Systems. In Security of Industrial Control Systems and Cyber Physical Systems; Springer: Cham, Switzerland, 2015; Volume 9588, pp. 48–62. [Google Scholar]
- Lavrova, D.S.; Zegzhda, D.P.; Zajceva, E.A. Modelirovanie setevoj infrastruktury slozhnyh ob”ektov dlya resheniya zadachi protivodejstviya kiberatakam. Vopr. Kiberbezopasnosti 2019, 2, 13–20. [Google Scholar] [CrossRef]
- Goh, J.; Adepu, S.; Junejo, K.N.; Mathur, A. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In Critical Information Infrastructures Security; Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S., Eds.; Lecture Notes in Computer Science; Springer: Cham, Switzerland, 2017; Volume 10242. [Google Scholar]
- Dehghani, M.; Ghiasi, M.; Niknam, T.; Kavousi-Fard, A.; Tajik, E.; Padmanaban, S.; Aliev, H. Cyber Attack Detection Based on Wavelet Singular Entropy in AC Smart Islands: False Data Injection Attack. IEEE Access 2021, 9, 16488–16507. [Google Scholar] [CrossRef]
- Singh, V.K.; Govindarasu, M.A. Cyber-Physical Anomaly Detection for Wide-Area Protection Using Machine Learning. IEEE Trans. Smart Grid 2021, 12, 3514–3526. [Google Scholar] [CrossRef]
- Paredes, C.M.; Martínez-Castro, D.; Ibarra-Junquera, V.; González-Potes, A. Detection and Isolation of DoS and Integrity Cyber Attacks in Cyber-Physical Systems with a Neural Network-Based Architecture. Electronics 2021, 10, 2238. [Google Scholar] [CrossRef]
- Kutz, J.N. Data-Driven Modeling & Scientific Computation: Methods for Complex Systems & Big Data; OUP: Oxford, UK, 2013; p. 608. [Google Scholar]
- Kondrat’eva, N.V.; Valeev, S.S. Modelirovanie zhiznennogo cikla slozhnogo tekhnicheskogo ob”ekta na osnove koncepcii bol’shih dannyh. In Proceedings of the 3rd Russian Conference. Mathematical Modeling and Information Technologies, Yekaterinburg, Russia, 16 November 2016; pp. 216–223. [Google Scholar]
- Bol’shakov, A.S. Obnaruzhenie anomalij v komp’yuternyh setyah s ispol’zovaniem metodov mashinnogo obucheniya. REDS Telekommun. Ustrojstva i Sist. 2020, 1, 27–43. [Google Scholar]
- Mozaffari, F.S.; Karimipour, H.; Parizi, R.M. Learning Based Anomaly Detection in Critical Cyber-Physical Systems. In Security of Cyber-Physical Systems; Karimipour, H., Srikantha, P., Farag, H., Wei-Kocsis, J., Eds.; Springer: Cham, Switzerland, 2020. [Google Scholar] [CrossRef]
- Nithya, J.K.; Shyamala, K. A Systematic Review on Various Attack Detection Methods for Wireless Sensor Networks. In International Conference on Innovative Computing and Communications. Advances in Intelligent Systems and Computing; Khanna, A., Gupta, D., Bhattacharyya, S., Hassanien, A.E., Anand, S., Jaiswal, A., Eds.; Springer: Singapore, 2022; Volume 1394. [Google Scholar] [CrossRef]
- Haque, N.I.; Shahriar, M.H.; Dastgir, M.G.; Debnath, A.; Parvez, I.; Sarwat, A.; Rahman, M.A. A Survey of Machine Learning-based Cyber-physical Attack Generation, Detection, and Mitigation in Smart-Grid. In Proceedings of the 2020 52nd North American Power Symposium (NAPS), Tempe, AZ, USA, 11–13 April 2021; pp. 1–6. [Google Scholar] [CrossRef]
- Zhang, J.; Pan, L.; Han, Q.-L.; Chen, C.; Wen, S.; Xiang, Y. Deep Learning Based Attack Detection for Cyber-Physical System Cybersecurity: A Survey. IEEE/CAA J. Autom. Sin. 2021, 1–15. [Google Scholar] [CrossRef]
- Zhang, D.; Wang, Q.-G.; Feng, G.; Shi, Y.; Vasilakos, A.V. A survey on attack detection, estimation and control of industrial cyber–physical systems. ISA Trans. 2021, 16, 1–16. [Google Scholar] [CrossRef]
- Akowuah, F.; Kong, F. Real-Time Adaptive Sensor Attack Detection in Autonomous Cyber-Physical Systems. In Proceedings of the 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS), Nashville, TN, USA, 7 July 2021; pp. 237–250. [Google Scholar] [CrossRef]
- Ghiasi, M.; Dehghani, M.; Niknam, T.; Kavousi-Fard, A.; Siano, P.; Alhelou, H.H. Cyber-Attack Detection and Cyber-Security Enhancement in Smart DC-Microgrid Based on Blockchain Technology and Hilbert Huang Transform. IEEE Access 2021, 9, 29429–29440. [Google Scholar] [CrossRef]
- Kordestani, M.; Saif, M. Observer-Based Attack Detection and Mitigation for Cyberphysical Systems: A Review. IEEE Syst. Man Cybern. Mag. 2021, 7, 35–60. [Google Scholar] [CrossRef]
- Dehghani, M.; Niknam, T.; Ghiasi, M.; Bayati, N.; Savaghebi, M. Cyber-Attack Detection in DC Microgrids Based on Deep Machine Learning and Wavelet Singular Values Approach. Electronics 2021, 10, 1914. [Google Scholar] [CrossRef]
Scheme | Scheme Parameters | ||
---|---|---|---|
Parralell | Velocity | Accuracy | |
KNN-1 | 0 | 0.0001 | 0.915 |
KNN-2 | 0 | 0.0002 | 0.9 |
KNN-3 | 0 | 0.0002 | 0.874 |
KNN-4 | 0 | 0.0001 | 0.823 |
KNN-5 | 0 | 0.0002 | 0.775 |
KNN-6 | 0 | 0.0003 | 0.86 |
SVM-1 | 0 | 0.938 | 0.907 |
SVM-2 | 0 | 1.183 | 0.89 |
SVM-3 | 0 | 1.480 | 0.863 |
SVM-4 | 0 | 2.427 | 0.807 |
SVM-5 | 0 | 2.469 | 0.757 |
SVM-6 | 0 | 5.181 | 0.837 |
MF-1 sequential | 0 | 0.779 | 0.97 |
MF-1 parallel | 1 | 3.211 | 0.97 |
MF-2 parallel | 1 | 3.305 | 0.97 |
MF-3 parallel | 1 | 3.439 | 0.97 |
MF-4 parallel | 1 | 3.787 | 0.97 |
MF-5 parallel | 1 | 4.224 | 0.97 |
Scheme | Scheme Parameters | ||
---|---|---|---|
Parralell | Velocity | Accuracy | |
SVM-2 | 1 | 1.183 | 0.89 |
SVM-3 | 1 | 1.480 | 0.863 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Poltavtseva, M.; Shelupanov, A.; Bragin, D.; Zegzhda, D.; Alexandrova, E. Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring. Symmetry 2021, 13, 2425. https://doi.org/10.3390/sym13122425
Poltavtseva M, Shelupanov A, Bragin D, Zegzhda D, Alexandrova E. Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring. Symmetry. 2021; 13(12):2425. https://doi.org/10.3390/sym13122425
Chicago/Turabian StylePoltavtseva, Maria, Alexander Shelupanov, Dmitriy Bragin, Dmitry Zegzhda, and Elena Alexandrova. 2021. "Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring" Symmetry 13, no. 12: 2425. https://doi.org/10.3390/sym13122425
APA StylePoltavtseva, M., Shelupanov, A., Bragin, D., Zegzhda, D., & Alexandrova, E. (2021). Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring. Symmetry, 13(12), 2425. https://doi.org/10.3390/sym13122425