Research On Zoning-Based Cyber-Security Dynamic Protection For Field Control Systems

Industrial field control systems(IFCSs)are the foundation of national critical infrastructures including petroleum,chemical industry,electric power,metallurgy etc.Once cyberattacks penetrate into these systems,they will cause a decline in production and/or quality.More seriously,they may further cause heavy security/safety incidents,such as creating casualties,environmental pollution,as well as endangering public life and national security.With the deep integration of industrialization and informatization,as well as the strong promotion of “Industrial Internet” and “Made in China 2025”,the openness of the IFCSs continues to expand,thereby enabling cyber-security threats to be severely increased.This dissertation,with focus on the security issues of IFCSs,investigates the characteristics of the system function and structure,combines the system vulnerability and its potential cyber-security threats,and proposes a zoning-based dynamic cyber-security protection approach for IFCSs.Specifically,this approach makes an in-depth study on the cyber-security techniques for securing the intrazone and the inter-zone of IFCSs,which is on the basis of the idea of the dynamic protection methods that include intrusion detection and security response.The proposed approach can help to timely detect cyber-attacks and mitigate attack impacts on the system,and furtherly guarantee the safety and stability of IFCSs.A zone model-based anomaly intrusion detection approach is proposed to deal with the problem on attack detection in the intra-zone of IFCSs.Under analyzing the causal relationship between the physical variables of IFCSs,an automatic partition algorithm is designed.This algorithm is used to divide the physical variables into several zones,as well as ensuring the system crucial states to be multi-zone observable from a qualitative point of view.On the basis of this qualitatively observable conclusion,quantitative observation models of the critical states of IFCSs are established in each zone by using BP neural network,so as to overcome the difficult in facing with imprecision of system parameters and non-linear characteristics of system model by using traditional mathematical methods.Finally,the abnormal identification baselines for the observations of the same crucial state in different zones are constructed,where two criteria “curve similarity” and “error” are considered,and thus,abnormal states of the system and the corresponding zone can be found out.A zone reconsitution-based secure control approach against actuator attacks is proposed to handle the problem on intrusion response in the intra-zone of IFCSs.This approach is built on the solid foundation of control theory,and it firstly analyzes the system's controllability,which is used to adjust the deployment of the actuators in the field zones.By this way,the system can be still controllable even if all the actuators in a compromised zone are disabled.And then,the difference of the influence mechanism between sensor attacks and actuator attacks is analyzed,which drives us to design a Kalman filter-based identification method for actuator attacks by using the coupling relationship between the physical variables of different field zones.On the basis of this,the compromised actuators are isolated and the residual actuators are used to maintain the stability of the physical processes,and furtherly,the control task of the residual actuators are reconstructed for trajectory recovery such that the attack impacts can be mitigated.Meanwhile,since the cyber-attacks may have some special features,such as time-varying,randomness,non-linearity,it is difficult to build a precise attack model.Therefore,in our approach,we reconstruct the function of the normal actuators instead of continual employing the compromised actuators,so as to secure control strategy no longer relies on attack models,which is another difference between the proposed approach and the traditional methods.A software-defined security(SDSec)based approach is proposed to dispose the problem on dynamical security protection between the field zones of IFCSs.Since the attack behaviors and their influences on the IFCSs can be propagated through not only the communication links of the inter-zones,but also the coupling relationship of the physical process states,initially,a hybrid anomaly-based intrusion detection approach that covers the network communication and physcial processes of IFCSs is presented to improve the comprehensiveness of the detection.Based on the detection results,a multi-level security response strategy is designed to mitigate the attack impacts.Concretely speaking,in the respect of network communication protection,the communication link will be dynamically adjusted if abnormal packets are confirmed.By this way,cyber-attacks cannot furtherly spread into other normal zones.And in the respect of physical process protection,according to the detected anomalies of the physical states,a secure control strategy with a global view is generated to mitigate attack impacts and prevent the abnormal states diffusing in other normal zones.In addition,an SDSec-based protection framework over the IFCS field zones is developed,which can reduce the need of modifying the legacy network architecture,as well as reducing the need of redesigning or configuring the control laws in the local field zones.This approach also improves the flexibility of cyber-security protection and the capability for re-configuration of user-defined technologies.At last,a summary of this dissertation is presented,the novelties of the proposed work are illustrated,and the future research work is also prospected.