A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure
<p>A sample of the functional dependencies graph: black edges—connections of the functional nodes that implement a certain technological process.</p> "> Figure 2
<p>A sample of the functional dependencies graph with indicator nodes: light blue vertices—the indicator nodes; dark blue vertices—the real nodes of the cyber-physical system; black edges—connections of the functional nodes that implement certain technological process.</p> "> Figure 3
<p>A sample of the functional dependencies graph with six compromised nodes: light blue vertices—the indicator nodes; dark blue vertices—the real nodes of the cyber-physical system; red vertices—the compromised nodes; black edges—connections of the functional nodes that implement a certain technological process; red edges—the movements of the intruder.</p> "> Figure 4
<p>A sample of the functional dependencies graph with five compromised nodes: light blue vertices—the indicator nodes; dark blue vertices—the real nodes of the cyber-physical system; red vertices—the compromised nodes; black edges—connections of the functional nodes that implement certain technological process; red edges—the movements of the intruder.</p> "> Figure 5
<p>Restructured cyber-physical infrastructure.</p> "> Figure 6
<p>An algorithm for detection and exclusion of compromised nodes.</p> "> Figure 7
<p>Functional dependencies graphs without using the proposed solution (case of APT attack).</p> "> Figure 8
<p>Functional dependency graphs with using the proposed solution (case of APT attack).</p> "> Figure 9
<p>Functional dependencies graph for ransomware case.</p> "> Figure 10
<p>Node compromise while the APT attack rolls without the proposed solution.</p> "> Figure 11
<p>Node compromise while the APT attack rolls with the proposed solution.</p> ">
Abstract
:1. Introduction
- Active security sensing is based on an intelligent analysis of
- –
- A functional dependencies graph of the connected functional nodes;
- –
- A graph of potential attacks. This method provides step-by-step detection of intrusion rolling in the functional infrastructure of the monitored cyber-physical system;
- Dynamic counteraction to the detected intrusion is based on a predictive reconfiguration of the functional infrastructure of the monitored cyber-physical system. When the compromised nodes are eliminated from the system, the system’s functional process is rebuilt to restore the mission of the system and minimize the consequences of the destructive attacking actions.
2. Materials and Methods
- Detect malicious actions and compromised nodes;
- Exclude the detected compromised nodes from the functional infrastructure;
- Re-build the functional path in the system in order to hold a technological process.
- Virtuality: they should be able to run and shut down online adequately to the complexity of the system;
- Indistinguishability: they have to be similar to the original (real) nodes placed in the given segment of the reflected cyber-physical system for the attacker’s side. The indicator nodes do not contain decoy objects and fully correspond to real nodes;
- They have to support a set of the same functions to implement the same technological processes virtually;
- They have to be fully controlled (e.g., their operating system) from outside by the defending facility.
3. Results
- An entity of the cyber-physical system’s node, each instance of which has a unique identifier, supports a certain set of functions and can be an indicator node;
- The entity of the attacker. His task is to perform malicious actions against instances of the CPS node entity as part of the attack according to a predefined scenario or based on a random selection of the target node. A compromised node can be used as a proxy node to redirect malicious actions to another node or as a standalone attacker node;
- The entity of the cyber-physical system’s supervisor provides the functioning of the proposed complex solution by receiving messages from indicator nodes, determining the set of compromised nodes according to the introduced proofs, disconnecting them from the simulated cyber-physical system’s network, and rebuilding the set process . The isolation of compromised nodes into an isolated network and the collection of their behavioral signatures have been replaced by a delay of 20 s.
- Manual mode attack—the attacker can interact with only one node at time;
- Attack on each node includes a compromise and anchoring phase in 12 s and a download and launch phase of the necessary tools to select the next target node in 52 s;
- Interaction with the cyber-physical system’s nodes only through one entry node;
- Interaction with the internal target node requires a network link from the input node to the target node.
4. Discussion
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Abbreviations
APT | advanced persistent threat |
IDS | intrusion detection system |
IPS | intrusion prevention system |
ML | machine learning |
References
- ISTR Internet Security Threat Report Volume 241. Available online: https://docs.broadcom.com/doc/istr-24-2019-en (accessed on on 4 September 2023).
- Cisco Cybersecurity Report 2018. Available online: https://www.cisco.com/c/dam/global/hr_hr/solutions/small-business/pdf/small-mighty-threat.pdf (accessed on 4 September 2023).
- Cybersecurity Threat Trends: Phishing, Crypto Top the List. Available online: https://umbrella.cisco.com/info/2021-cyber-security-threat-trends-phishing-crypto-top-the-list (accessed on 4 September 2023).
- Franco, J. A survey of honeypots and honeynets for Internet of Things, industrial Internet of Things, and cyber-physical systems. IEEE Commun. Surv. Tutorials 2021, 55, 2351–2383. [Google Scholar] [CrossRef]
- Shi, L. Dynamic distributed honeypot based on blockchain. IEEE Access 2019, 7, 72234–72246. [Google Scholar] [CrossRef]
- Vasilomanolakis, E.; Srinivasa, S.; Cordero, C.G.; Mühlhäuser, M. Multi-stage attack detection and signature generation with ICS honeypots. In Proceedings of the NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 25–29 April 2016; pp. 1227–1232. [Google Scholar]
- Gallenstein, J. Integration of the Network and Application Layers of Automatically-Configured Programmable Logic Controller Honeypots. Master’s Thesis, Air Force Institute of Technology, Dayton, OH, USA, 2017. [Google Scholar]
- Abe, S.; Tanaka, Y.; Uchida, Y.; Horata, S. Developing deception network system with traceback honeypot in ICS network. Sice J. Control. Meas. Syst. Integr. 2018, 11, 372–379. [Google Scholar] [CrossRef]
- Kołtyś, K.; Gajewski, R. Shape: A honeypot for electric power substation. J. Telecommun. Inf. Technol. 2015, 4, 37–43. [Google Scholar]
- Buza, D.I.; Juhász, F.; Miru, G.; Félegyházi, M.; Holczer, T. CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot. In International Workshop on Smart Grid Security; Springer: Singapore, 2014; pp. 181–192. [Google Scholar]
- Serbanescu, A.; Obermeier, S.; Yu, D. ICS threat analysis using a large-scale honeynet. In Proceedings of the 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015), Ingolstadt, Germany, 17–18 September 2015; pp. 20–30. [Google Scholar]
- Fraunholz, D.; Anton, S.D.; Lipps, C.; Reti, D.; Krohmer, D.; Pohl, F.; Tammen, M.; Schotten, H.D. Demystifying deception technology: A survey. arXiv 2018, arXiv:1804.06196. [Google Scholar]
- Pawlick, J.; Colbert, E.; Zhu, Q. A Game-Theoretic Taxonomy and Survey of Defensive Deception for Cybersecurity and Privacy. Available online: https://arxiv.org/pdf/1712.05441.pdf (accessed on 4 September 2023).
- Fraunholz, D.; Schotten, H. Strategic defense and attack in deception based network security. In Proceedings of the 2018 International Conference on Information Networking (ICOIN), Chiang Mai, Thailand, 10–12 January 2018; pp. 156–161. [Google Scholar]
- Korzhuk, V.; Groznykh, A.; Menshikov, A.; Strecker, M. Identification of Attacks against Wireless Sensor Networks Based on Behaviour Analysis. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 2019, 10, 1–21. [Google Scholar]
- Junejo, K.; Goh, J. Behaviour-based attack detection and classification in cyber physical systems using machine learning. In Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security; Association for Computing Machinery: New York, NY, USA, 2016; pp. 34–43. [Google Scholar]
- Moon, D.; Im, H.; Kim, I.; Park, J.H. DTB-IDS: An intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 2017, 73, 2881–2895. [Google Scholar] [CrossRef]
- Ovasapyan, T.; Moskvin, D.; Tsvetkov, A. Detection of attacks on the Internet of Things based on intelligent analysis of devices functioning indicators. In Proceedings of the 13th International Conference on Security of Information and Networks; Association for Computing Machinery: New York, NY, USA, 2020; pp. 1–7. [Google Scholar]
- Fatani, A. Advanced feature extraction and selection approach using deep learning and Aquila optimizer for IoT intrusion detection system. Sensors 2021, 22, 140. [Google Scholar] [CrossRef] [PubMed]
- Nandy, S. An intrusion detection mechanism for secured IoMT framework based on swarm-neural network. IEEE J. Biomed. Health Inform. 2021, 26, 1969–1976. [Google Scholar] [CrossRef]
- Zivkovic, M. Novel hybrid firefly algorithm: An application to enhance XGBoost tuning for intrusion detection classification. PeerJ Comput. Sci. 2022, 8, e956. [Google Scholar] [CrossRef] [PubMed]
- Kunhare, N.; Tiwari, R.; Dhar, J. Intrusion detection system using hybrid classifiers with meta-heuristic algorithms for the optimization and feature selection by genetic algorithm. Comput. Electr. Eng. 2022, 103, 108383. [Google Scholar] [CrossRef]
- Liu, H.; Lang, B. Machine learning and deep learning methods for intrusion detection systems: A survey. Appl. Sci. 2019, 9, 4396. [Google Scholar] [CrossRef]
- Sarnovsky, M.; Paralic, J. Hierarchical intrusion detection using machine learning and knowledge model. Symmetry 2020, 12, 203. [Google Scholar] [CrossRef]
- Çavuşoğlu, Ü; Kökçam, A. H. A new approach to design S-box generation algorithm based on genetic algorithm. Int. J. Bio Inspired Comput. 2021, 17, 52–62. [Google Scholar] [CrossRef]
- Zang, T.; Wang, Z.; Wei, X.; Zhou, Y.; Wu, J.; Zhou, B. Current status and perspective of vulnerability assessment of cyber-physical power systems based on complex network theory. Energies 2023, 16, 6509. [Google Scholar] [CrossRef]
- Abdulhammed, R. Features dimensionality reduction approaches for machine learning based network intrusion detection. Electronics 2019, 8, 322. [Google Scholar] [CrossRef]
- Farraj, A.K.; Hammad, E.M.; Daoud, A.A.; Kundur, D. A game-theoretic control approach to mitigate cyber switching attacks in smart grid systems. In Proceedings of the 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), Venice, Italy, 3–6 November 2014; pp. 958–963. [Google Scholar]
- Barreto, C.; Cárdenas, A.A.; Quijano, N. Controllability of dynamical systems: Threat models and reactive security. In Proceedings of the International Conference on Decision and Game Theory for Security, Fort Worth, TX, USA, 11–12 November 2013; pp. 45–64. [Google Scholar]
- Hu, P.; Li, H.; Fu, H.; Cansever, D.; Mohapatra, P. Dynamic defense strategy against advanced persistent threat with insiders. In Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM), Hong Kong, China, 26 April–1 May 2015; pp. 747–755. [Google Scholar]
- Zhu, Q.; Basar, T. Game-theoretic methods for robustness, security, and resilience of cyberphysical control systems: Games-in-games principle for optimal cross-layer resilient control systems. IEEE Control. Syst. Mag. 2015, 35, 46–65. [Google Scholar]
- Yuan, Y.; Sun, F.; Liu, H. Resilient control of cyber-physical systems against intelligent attacker: A hierarchal stackelberg game approach. Int. J. Syst. Sci. 2016, 47, 2067–2077. [Google Scholar] [CrossRef]
- Zegzhda, D.; Pavlenko, E.; Aleks, R.E. Modelling artificial immunization processes to counter cyberthreats. Symmetry 2021, 13, 2453. [Google Scholar] [CrossRef]
- Kou, L.; Wu, J.; Zhang, F.; Ji, P.; Ke, W.; Wan, J.; Liu, H.; Li, Y.; Yuan, Q. Image encryption for offshore wind power based on 2D-LCLM and Zhou Yi eight trigrams. Int. J. Bio Inspired Comput. 2023, 22, 53–64. [Google Scholar] [CrossRef]
- Alotaibi, B. A survey on industrial Internet of Things security: Requirements, attacks, AI-based solutions, and edge computing opportunities. Sensors 2023, 23, 7470. [Google Scholar] [CrossRef] [PubMed]
- Gutierrez-Rojas, D.; Demidov, I.; Kontou, A.; Lagos, D.; Sahoo, S.; Nardelli, P.J. Operational issues on adaptive protection of microgrids due to cyberattacks. IEEE Trans. Circuits Syst. II Express Briefs 2023, 70, 2994–2998. [Google Scholar]
- Kayan, H.; Nunes, M.; Rana, O.; Burnap, P.; Perera, C. Cybersecurity of industrial cyber-physical systems: A review. ACM Comput. Surv. 2022, 54, 1–35. [Google Scholar] [CrossRef]
- Guldner, A.; Hoffmann, M.; Lohr, C.; Machhamer, R.; Malburg, L.; Morgen, M.; Rodermund, S.C.; Schäfer, F.; Schaupeter, L.; Schneider, J.; et al. A framework for AI-based self-adaptive cyber-physical process systems. IT Inf. Technol. 2023, 65, 113–127. [Google Scholar] [CrossRef]
- Munikoti, S.; Das, L.; Natarajan, B. Scalable graph neural network-based framework for identifying critical nodes and links in complex networks. Neurocomputing 2022, 468, 211–221. [Google Scholar] [CrossRef]
Methods | Detection of the Attacks Unintended by Configuration | Standalone Attack Countermeasures | Automatic Update of the Signature Database | Demand for the Computing Resources |
---|---|---|---|---|
Honeypot/Deception [4,5,6,7,8,9,10,11,12,13,14] | + 1 | — | — | — |
IDS/ML [15,16,17,18,19,20,21,22,23,24,25,26,27] | — | — | — | — |
Bioinspired/Immune methods [28,29,30,31,32,33] | + | + | — | — |
Proposed technique | + | + | + | + |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kalinin, M.; Zavadskii, E.; Busygin, A. A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure. Sensors 2023, 23, 8724. https://doi.org/10.3390/s23218724
Kalinin M, Zavadskii E, Busygin A. A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure. Sensors. 2023; 23(21):8724. https://doi.org/10.3390/s23218724
Chicago/Turabian StyleKalinin, Maxim, Evgenii Zavadskii, and Alexey Busygin. 2023. "A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure" Sensors 23, no. 21: 8724. https://doi.org/10.3390/s23218724
APA StyleKalinin, M., Zavadskii, E., & Busygin, A. (2023). A Graph-Based Technique for Securing the Distributed Cyber-Physical System Infrastructure. Sensors, 23(21), 8724. https://doi.org/10.3390/s23218724