scholarly journals Key Concepts of Systemological Approach to CPS Adaptive Information Security Monitoring

Symmetry ◽  
2021 ◽  
Vol 13 (12) ◽  
pp. 2425
Author(s):  
Maria Poltavtseva ◽  
Alexander Shelupanov ◽  
Dmitriy Bragin ◽  
Dmitry Zegzhda ◽  
Elena Alexandrova

Modern cyber-physical systems (CPS) use digital control of physical processes. This allows attackers to conduct various cyberattacks on these systems. According to the current trends, an information security monitoring system (ISMS) becomes part of a security management system of CPS. It provides information to make a decision and generate a response. A large number of new methods are aimed at CPS security, including security assessment, intrusion detection, and ensuring sustainability. However, as a cyber-physical system operates over time, its structure and requirements may change. The datasets available for the protection object (CPS) and the security requirements have become dynamic. This dynamic effect causes asymmetry between the monitoring data collection and processing subsystem and the presented security tasks. The problem herein is the choice of the most appropriate set of methods in order to solve the security problems of a particular CPS configuration from a particular bank of the available methods. To solve this problem, the authors present a method for the management of an adaptive information security monitoring system. The method consists of solving a multicriteria discrete optimization problem under Pareto-optimality conditions when the available data, methods or external requirements change. The experimental study was performed on an example of smart home intrusion detection. In the study, the introduction of a constraint (a change in requirements) led to the revision of the monitoring scheme and a different recommendation of the monitoring method. As a result, the information security monitoring system gains the property of adaptability to changes in tasks and the available data. An important result from the study is the fact that the monitoring scheme obtained using the proposed management method has a proven optimality under the given conditions. Therefore, the asymmetry between the information security monitoring data collection and processing subsystem and the set of security requirements in cyber-physical systems can be overcome.

2020 ◽  
Vol 158 ◽  
pp. 113578 ◽  
Author(s):  
Jinping Liu ◽  
Wuxia Zhang ◽  
Tianyu Ma ◽  
Zhaohui Tang ◽  
Yongfang Xie ◽  
...  

2014 ◽  
Vol 926-930 ◽  
pp. 2259-2262
Author(s):  
You Bin Wang

Computer technology has been widely applied in the field of security. The powerful computing power the microcontroller out of abundance and diversity of data processing, providing users with a friendly and intelligent service at the same time. With the development of multimedia technology and network technology, the applications of security requirements also reached a new stage. Considering the security itself the characteristics of high reliability and high availability, we need to do more complete design of safety monitoring system. This paper designed a system framework, it through data collection, analysis, processing, rules, criterion, violations, stop, and record all the process, to realize the protection and monitoring of all kinds of information in local or remote computer, and then it discusses the module and different function in the system.


2021 ◽  
Vol 11 (23) ◽  
pp. 11283
Author(s):  
Hsiao-Chung Lin ◽  
Ping Wang ◽  
Kuo-Ming Chao ◽  
Wen-Hui Lin ◽  
Zong-Yu Yang

Most approaches for detecting network attacks involve threat analyses to match the attack to potential malicious profiles using behavioral analysis techniques in conjunction with packet collection, filtering, and feature comparison. Experts in information security are often required to study these threats, and judging new types of threats accurately in real time is often impossible. Detecting legitimate or malicious connections using protocol analysis is difficult; therefore, machine learning-based function modules can be added to intrusion detection systems to assist experts in accurately judging threat categories by analyzing the threat and learning its characteristics. In this paper, an ensemble learning scheme based on a revised random forest algorithm is proposed for a security monitoring system in the domain of renewable energy to categorize network threats in a network intrusion detection system. To reduce classification error for minority classes of experimental data in model training, the synthetic minority oversampling technique scheme (SMOTE) was formulated to re-balance the original data sets by altering the number of data points for minority class to imbue the experimental data set. The classification performance of the proposed classifier in threat classification when the data set is unbalanced was experimentally verified in terms of accuracy, precision, recall, and F1-score on the UNSW-NB15 and CSE-CIC-IDS 2018 data sets. A cross-validation scheme featuring support vector machines was used to compare classification accuracies.


Author(s):  
Curtis G. Northcutt

The recent proliferation of embedded cyber components in modern physical systems [1] has generated a variety of new security risks which threaten not only cyberspace, but our physical environment as well. Whereas earlier security threats resided primarily in cyberspace, the increasing marriage of digital technology with mechanical systems in cyber-physical systems (CPS), suggests the need for more advanced generalized CPS security measures. To address this problem, in this paper we consider the first step toward an improved security model: detecting the security attack. Using logical truth tables, we have developed a generalized algorithm for intrusion detection in CPS for systems which can be defined over discrete set of valued states. Additionally, a robustness algorithm is given which determines the level of security of a discrete-valued CPS against varying combinations of multiple signal alterations. These algorithms, when coupled with encryption keys which disallow multiple signal alteration, provide for a generalized security methodology for both cyber-security and cyber-physical systems.


Sign in / Sign up

Export Citation Format

Share Document