首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到10条相似文献,搜索用时 140 毫秒
1.
In this paper we comprehensively survey the concept and strategies for building a resilient and integrated cyber–physical system (CPS). Here resilience refers to a 3S-oriented design, that is, stability, security, and systematicness: Stability means the CPS can achieve a stable sensing-actuation close-loop control even though the inputs (sensing data) have noise or attacks; Security means that the system can overcome the cyber–physical interaction attacks; and Systematicness means that the system has a seamless integration of sensors and actuators. We will also explain the CPS modeling issues since they serve as the basics of 3S design. We will use two detailed examples from our achieved projects to explain how to achieve arobust, systematic CPS design: Case study 1 is on the design of a rehabilitation system with cyber (sensors) and physical (robots) integration. Case Study 2 is on the implantable medical device design. It illustrates the nature of CPS security principle. The dominant feature of this survey is that it has both principle discussions and practical cyber–physical coupling design.  相似文献   

2.
The rapid growth in the number of devices and their connectivity has enlarged the attack surface and made cyber systems more vulnerable. As attackers become increasingly sophisticated and resourceful, mere reliance on traditional cyber protection, such as intrusion detection, firewalls, and encryption, is insufficient to secure the cyber systems. Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism (CRM) adapts to the known or zero-day threats and uncertainties in real-time and strategically responds to them to maintain the critical functions of the cyber systems in the event of successful attacks. Feedback architectures play a pivotal role in enabling the online sensing, reasoning, and actuation process of the CRM. Reinforcement Learning (RL) is an important gathering of algorithms that epitomize the feedback architectures for cyber resilience. It allows the CRM to provide dynamic and sequential responses to attacks with limited or without prior knowledge of the environment and the attacker. In this work, we review the literature on RL for cyber resilience and discuss the cyber-resilient defenses against three major types of vulnerabilities, i.e., posture-related, information-related, and human-related vulnerabilities. We introduce moving target defense, defensive cyber deception, and assistive human security technologies as three application domains of CRMs to elaborate on their designs. The RL algorithms also have vulnerabilities themselves. We explain the major vulnerabilities of RL and present develop several attack models where the attacker target the information exchanged between the environment and the agent: the rewards, the state observations, and the action commands. We show that the attacker can trick the RL agent into learning a nefarious policy with minimum attacking effort. The paper introduces several defense methods to secure the RL-enabled systems from these attacks. However, there is still a lack of works that focuses on the defensive mechanisms for RL-enabled systems. Last but not least, we discuss the future challenges of RL for cyber security and resilience and emerging applications of RL-based CRMs.  相似文献   

3.
SCADA系统测试床的构建是研究SCADA系统信息安全问题的一项基础性工作,为了构建SCADA系统信息安全测试床,必须充分了解其当前的研究情况.介绍了SCADA系统的结构与组成,分析了各类典型SCADA系统测试床的主要优缺点、关键技术和开发工具,包括全实物复制测试床、半实物仿真测试床、软件联合仿真测试床以及仿真与模拟相结合的混合测试床.最后探讨了SCADA系统信息安全测试床未来的发展方向和有待进一步完善的地方.  相似文献   

4.
Cyber insurance is a rapidly developing area which draws more and more attention of practitioners and researchers. Insurance, an alternative way to deal with residual risks, was only recently applied to the cyber world. The immature cyber insurance market faces a number of unique challenges on the way of its development.In this paper we summarise the basic knowledge about cyber insurance available so far from both market and scientific perspectives. We provide a common background explaining basic terms and formalisation of the area. We discuss the issues which make this type of insurance unique and show how different technologies are affected by these issues. We compare the available scientific approaches to analysis of cyber insurance market and summarise their findings with a common view. Finally, we propose directions for further advances in the research on cyber insurance.  相似文献   

5.
近年来,网络空间安全成为信息安全中的热门领域之一,随着复杂网络的研究日渐深入,网络空间安全与复杂网络的结合也变得日益密切。网络的整体安全性依赖于网络中具体节点的安全性,因此,对网络节点的安全重要程度进行有效排序变得极为关键,良好的排序方法应当将越重要的节点排在越靠前的位置。本文从网络的拓扑结构入手,研究了网络节点的局部关键性,在传统基础上考虑了相邻节点及次相邻节点的拓扑结构影响。同时,由于传统方法很少引入动态因素,因此本文引入了网络节点实时流量向量,算法既包含网络拓扑结构,又使用了不同时刻的节点流量,采用了静态与动态相结合的方式。实验结果表明,在破坏排序结果前top-n个节点时,与传统方法相比,本文算法在排序结果上具有更好的效果。  相似文献   

6.
IEC 61850, an international standard for communication networks, is becoming prevalent in the cyber–physical system (CPS) environment, especially with regard to the electrical grid. Recently, since cyber threats in the CPS environment have increased, security matters for individual protocols used in this environment are being discussed at length. However, there have not been many studies on the types of new security vulnerabilities and the security requirements that are required in a heterogeneous protocol environment based on IEC 61850. In this paper, we examine the electrical grid in Korea, and discuss security vulnerabilities, security requirements, and security architectures in such an environment.  相似文献   

7.

The need for effective training of cyber security personnel working in critical infrastructures and in the corporate has brought attention to the evolution of Cyber Ranges (CRs) as learning and training tools. Although CRs have been organized for many years, there is a lack of standards and common methodologies that facilitate their development and optimize their effectiveness. Aiming at strengthening cyber security education and research that utilize well designed CRs, we first analyze the CRs domain to identify key characteristics, strengths and fundamental weaknesses, and based on these outcomes we propose the Cyber Range Design Framework (CRDF), which includes the CR Architecture and the CR Life-Cycle. The CR Architecture presents the main components of CRDF compliant CRs, whereas the CR Life-Cycle presents the development phases of such approaches and the activities these phases embrace. CRDF builds on the Conceptual Framework for eLearning and Training (COFELET) and on the Exercise Life-Cycle. COFELET is particularly elaborated for the development of cyber security educational approaches, by adopting its design considerations that were based on widely adopted educational theories and approaches (e.g., scenario-based, reuse of elements). CRDF envisages the elaboration of CRs which optimize their impact, mitigate their weaknesses, and minimize their preparation and running costs. Under this prism, a preliminary appreciation of the CRDF approaches effectiveness is presented along with the expected outcomes of such approaches.

  相似文献   

8.
Ensuring cyber security is a complex task that relies on domain knowledge and requires cognitive abilities to determine possible threats from large amounts of network data. This study investigates how knowledge in network operations and information security influence the detection of intrusions in a simple network. We developed a simplified Intrusion Detection System (IDS), which allows us to examine how individuals with or without knowledge in cyber security detect malicious events and declare an attack based on a sequence of network events. Our results indicate that more knowledge in cyber security facilitated the correct detection of malicious events and decreased the false classification of benign events as malicious. However, knowledge had less contribution when judging whether a sequence of events representing a cyber-attack. While knowledge of cyber security helps in the detection of malicious events, situated knowledge regarding a specific network at hand is needed to make accurate detection decisions. Responses from participants that have knowledge in cyber security indicated that they were able to distinguish between different types of cyber-attacks, whereas novice participants were not sensitive to the attack types. We explain how these findings relate to cognitive processes and we discuss their implications for improving cyber security.  相似文献   

9.
The paper suggests a new methodology for secure cyber–physical systems design. The proposed methodology consists of two main cycles. The main goal of the first cycle is in design of the system model, while the second one is about development of the system prototype. The key idea of the methodology is in providing of the most rational solutions that are improving the security of cyber–physical systems. Such solutions are called alternatives and built according to functional requirements and non-functional limitations to the system. Each cycle of the methodology consists of the verification process and seven stages that are associated with the used cyber–physical system model. The objective of the verification process is in checking of constructed models and prototypes in terms of their correctness and compatibility. The model represents cyber–physical systems as sets of building blocks with network between them, takes elements internal structure into account and allows direct and reverse transformations. The novelty of the suggested methodology is in the combination of design, development and verification techniques within a single approach. To provide an example of the design methodology application, in this paper it is used to improve the semi-natural model of the railway infrastructure.  相似文献   

10.
随着进入信息时代,产生了一个新的领域——“网络空间”。它具备具有很多有效用途的潜力。展现了对一个新的“网络飞船”,也叫做“网络飞行器”的研究。它的某些行动类似于传统太空飞行器或飞机的操作,诸如作为一个“战斗”平台(举例,阻挡,退化恐怖行动的破坏或欺骗);或者作为一个“智能监视侦察(ISR)”平台(举例:发现,定位,跟踪,监视可能潜在的安全威胁);然而,“网络飞行器”独立操作在网络空间领域来延伸各项应用目的。其中,对新的“网络飞行器”概念,讨论了:①什么是网络飞行器:②一个网络飞行器架构的开发例子:③深入研究。  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号