离散事件系统框架下信息物理系统攻击问题综述

信息物理系统(cyber physical system, CPS)由受控对象、传感器、执行器、监控器和通信网络组成,通信网络的使用增加了信息物理系统面临外部攻击的风险.鉴于此,综述基于离散事件系统框架处理信息物理系统攻击问题的相关研究工作.首先对信息物理系统进行简要介绍;然后对信息物理系统中的攻击进行分类;最后重点阐述信息物理系统中攻击策略的设计、攻击的检测与防御以及攻击鲁棒性监控器设计的研究现状.     

Robust Cyber–Physical Systems: Concept,models, and implementation

In this paper we comprehensively survey the concept and strategies for building a resilient and integrated cyber–physical system (CPS). Here resilience refers to a 3S-oriented design, that is, stability, security, and systematicness: Stability means the CPS can achieve a stable sensing-actuation close-loop control even though the inputs (sensing data) have noise or attacks; Security means that the system can overcome the cyber–physical interaction attacks; and Systematicness means that the system has a seamless integration of sensors and actuators. We will also explain the CPS modeling issues since they serve as the basics of 3S design. We will use two detailed examples from our achieved projects to explain how to achieve arobust, systematic CPS design: Case study 1 is on the design of a rehabilitation system with cyber (sensors) and physical (robots) integration. Case Study 2 is on the implantable medical device design. It illustrates the nature of CPS security principle. The dominant feature of this survey is that it has both principle discussions and practical cyber–physical coupling design.     

信息物理融合系统综合安全威胁与防御研究

信息物理融合系统（Cyber-physical system，CPS）是计算单元与物理对象在网络空间中高度集成交互形成的智能系统.信息系统与物理系统的融合在提升系统性能的同时，信息系统的信息安全威胁（Security）与物理系统的工程安全问题（Safety）相互影响，产生了新的综合安全问题，引入严重的安全隐患.本文介绍了CPS的概念与安全现状，给出了CPS综合安全的定义；在对现有安全事件进行分析的基础上，提出了CPS的综合安全威胁模型；从时间关联性和空间关联性的角度，对现有CPS攻击和防御方法进行了分类和总结，并探讨CPS综合安全的研究方向.     

A Survey of Cyber Attacks on Cyber Physical Systems: Recent Advances and Challenges

A cyber physical system (CPS) is a complex system that integrates sensing, computation, control and networking into physical processes and objects over Internet. It plays a key role in modern industry since it connects physical and cyber worlds. In order to meet ever-changing industrial requirements, its structures and functions are constantly improved. Meanwhile, new security issues have arisen. A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems, and thus has gained increasing attention from researchers and practitioners. This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems. First, as typical system models are employed to study these systems, time-driven and event-driven systems are reviewed. Then, recent advances on three types of attacks, i.e., those on availability, integrity, and confidentiality are discussed. In particular, the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders. Namely, both attack and defense strategies are discussed based on different system models. Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.      

A co-simulation framework for design of time-triggered automotive cyber physical systems

Designing cyber-physical systems (CPS) is challenging due to the tight interactions between software, network/platform, and physical components. Automotive control system is a typical CPS example and often designed based on a time-triggered paradigm. In this paper, a co-simulation framework that considers interacting CPS components for assisting time-triggered automotive CPS design is proposed. Virtual prototyping of automotive vehicles is the core of this framework, which uses SystemC to model the cyber components and integrates CarSim to model the vehicle dynamics. A network/platform model in SystemC forms the backbone of the virtual prototyping. The network/platform model consists of processing elements abstracted by real-time operating systems, communication systems, sensors, and actuators. The framework is also integrated with a model-based design tool to enable rapid prototyping. The framework is validated by comparing simulation results with the results from a hardware-in-the-loop automotive simulator. The framework is also used for design space exploration (DSE).     

集中式超大规模储能电站信息物理系统建模与可靠性评估

集中式超大规模储能电站与其控制系统逐渐发展成为信息物理系统(cyber physical system, CPS),信息技术和监控系统能够使超大规模储能电站应对多样化场景和满足不同的需求,但也带来一定程度的安全运行风险,因此对其进行可靠性建模和分析具有非常重要的意义.首先,建立超大规模储能电站的CPS模型,并分析物理侧与信息侧的交互影响;其次,对信息系统中多种信息扰动的可靠性状态进行建模分析,并提出储能电站CPS可靠性评估指标;然后,分别采用非序贯和序贯蒙特卡洛方法对超大规模储能电站的信息层和物理层元件进行抽样,并量化分析多信息扰动因素对超大规模储能电站CPS可靠性的影响;最后,通过算例仿真结果验证所提模型和方法的有效性,结果表明所提模型可为超大规模储能电站规划和运行提供有效技术支撑.     

Infrequent pattern mining in smart healthcare environment using data summarization

A summarization technique creates a concise version of large amount of data (big data!) which reduces the computational cost of analysis and decision-making. There are interesting data patterns, such as rare anomalies, which are more infrequent in nature than other data instances. For example, in smart healthcare environment, the proportion of infrequent patterns is very low in the underlying cyber physical system (CPS). Existing summarization techniques overlook the issue of representing such interesting infrequent patterns in a summary. In this paper, a novel clustering-based technique is proposed which uses an information theoretic measure to identify the infrequent frequent patterns for inclusion in a summary. The experiments conducted on seven benchmark CPS datasets show substantially good results in terms of including the infrequent patterns in summaries than existing techniques.     

Toward an execution system for self-healing workflows in cyber-physical systems

Cyber-physical systems (CPS) represent a new class of information system that also takes real-world data and effects into account. Software-controlled sensors, actuators and smart objects enable a close coupling of the cyber and physical worlds. Introducing processes into CPS to automate repetitive tasks promises advantages regarding resource utilization and flexibility of control systems for smart spaces. However, process execution systems face new challenges when being adapted for process execution in CPS: the automated processing of sensor events and data, the dynamic invocation of services, the integration of human interaction, and the synchronization of the cyber and physical worlds. Current workflow engines fulfill these requirements only to a certain degree. In this work, we present PROtEUS—an integrated system for process execution in CPS. PROtEUS integrates components for event processing, data routing, dynamic service selection and human interaction on the modeling and execution level. It is the basis for executing self-healing model-based workflows in CPS. We demonstrate the applicability of PROtEUS within two case studies from the Smart Home domain and discuss its feasibility for introducing workflows into cyber-physical systems.     

基于自适应鲁棒性的入侵检测模型

传感器与网络技术的迅猛发展促进了信息物理系统的发展与应用.而传统网络系统的入侵检测技术已经发展成熟,信息物理系统(CPS)可以在借鉴传统网络系统入侵检测技术的基础上,结合自身特性进行改进.针对CPS所处地理位置复杂及网络传输不可靠导致的检测鲁棒性不高的问题,提出基于稀疏降噪自编码网络(SDAE)的入侵检测算法;同时,考虑到CPS对模型适应性及推广性的需求,将基于差分变换的头脑风暴优化算法(DBSO)与改进的自编码网络相结合,形成基于DBSO优化SDAE(DBSO-SDAE)的检测算法.该算法具有自动提取入侵数据最优特征表示的能力,同时在进一步提高模型鲁棒性的前提下,可极大地增强模型的适应性.仿真结果表明,所提出的DBSO-SDAE模型与其他模型相比,具有较高的鲁棒性、自适应性及较优的检测实时性,可极大地满足CPS对检测算法的高需求.     

Challenges and research directions for heterogeneous cyber–physical system based on IEC 61850: Vulnerabilities,security requirements,and security architecture

IEC 61850, an international standard for communication networks, is becoming prevalent in the cyber–physical system (CPS) environment, especially with regard to the electrical grid. Recently, since cyber threats in the CPS environment have increased, security matters for individual protocols used in this environment are being discussed at length. However, there have not been many studies on the types of new security vulnerabilities and the security requirements that are required in a heterogeneous protocol environment based on IEC 61850. In this paper, we examine the electrical grid in Korea, and discuss security vulnerabilities, security requirements, and security architectures in such an environment.     

Adaptive resource management scheme for monitoring of CPS

In recent years, various studies based on cyber physical systems (CPS) that integrate networking, computation, and physical processes have been actively carried out in different industries, national defense, and daily living. To physically reflect the theoretical aspect of CPS, consideration of various features is necessary to more easily integrate and effectively manage real-world components and the cyber world. This study suggests an adaptive resource management scheme (ARMS) to reduce the loss of sensing information and increase the level of accurate data obtained in the controller manager (CM) among the CPS components. A CPS-based system consists of a number of nodes (sensors and actuators) used to observe or monitor specific areas. ARMS utilizes data about the location and remaining battery capacity of each node to reduce the loss of information due to the irregular lifespans and unexpected breakdowns of resources in the CPS, and to obtain accurate data. Once a broken sensor in the physical world is sensed in the cyber world, the CM searches the locations of adjacent alternative nodes within a user-defined range based on the location of the broken node. In this process, an adjacent node search (ANS) algorithm is run to decide on a node (senor or actuator) to replace the broken node, taking into account the remaining battery capacity of candidate nodes. ARMS provides the adaptive resource management function of CPS by sending information on the identity (ID) and destination of the selected node to the controller to move the node to the destination and control the move.     

Structural health analysis on cyber physical system based on reliability

The Journal of Supercomputing - Cyber physical system (CPS) is consisting of two interdependent networks, i.e., a cyber network embedding into a physical network. Although interdependence makes the...     

基于扩展DPN的CPS混成行为时效建模与综合评估

信息物理融合系统行为是一种由离散计算过程与连续物理动态过程深度融合并紧密交互的混成行为.在CPS设计早期对信息系统实体的信息实体的关键监控参数、实时指标,以及物理系统设施的连续行为规律进行综合评估,是这类系统进一步设计与实现的基础.基于扩展DPN语义,以某智能车CPS系统自主行进紧急避障过程为研究对象,建立了其信息物理混成行为的Petri网模型,以融合并集中体现各关键参数和指标的时序协作效应;通过对该模型的仿真运行,实现了CPS行为的在线观测与综合评估.该方法为CPS子系统关键设计指标的综合合理性评估及其组合设计提供了一种解决途径.     

Cross‐layer security design for encrypted CPS based on modified security signalling game

Recent years have witnessed increasing cyber and physical attacks against encrypted cyber‐physical system (CPS) and the ensuing catastrophic consequences. A modified security signaling game (MSSG) model is proposed for capturing attack‐defense interactions and analyzing the cross‐layer security of encrypted CPS. Cyber real‐time performance and physical control performance are both considered in cross‐layer utility function. Theorems concerning the existence of pure‐strategy and mixed‐strategy perfect Bayesian Nash equilibrium (PBNE) are provided, based on which a cross‐layer security design algorithm is proposed for defender's optimal strategy against potential attacks. A numerical case is studied with the effectiveness of our method being proved.     

Combined strength of holons,agents and function blocks in cyber-physical systems

This paper presents a novel approach to implementing cyber-physical systems (CPS) using the combined strength of holons, agents and function blocks. Within the context, a CPS is represented by a holarchy of multiple holons. Each holon possesses a logical part and a physical part, which mimic the cyber and physical entities of the CPS. During implementation, the two parts of a holon are realised by agents and function blocks for information processing and materials processing, respectively. The objective of this research is to provide a concept map and associate a CPS with holons, agents and function blocks for the ease of system implementation in decentralised or cloud environment.     

混成时空Petri网的CPS实时事件模型

在分析网络物理系统（ CPS）特点的基础上,提出了一种新的CPS体系结构,并对事件进行形式化定义。提出了一种新的CPS物理实体的形式化建模方法。在Petri网的基础上引入时空因素和连续变量,构造了混成时空Petri网（ HSPN）模型,使其不仅能够描述物理实体逻辑和时间层次的行为,而且能够描述物理实体位置变迁所引起的状态变化。将其应用于实时事件CPS模型设计,以医疗控制系统为例,分析建模方法的可行性。     

基于攻击图的信息物理系统信息安全风险评估方法

震网病毒等事件实证了信息攻击能对信息物理系统(CPS)带来严重的物理影响。针对这类跨域攻击问题,提出了基于攻击图的风险评估方法。首先,对信息物理系统中的信息攻击行为进行了分析,指出可编程逻辑控制器(PLC)等物理设备中存在的漏洞是信息攻击实现跨域攻击的关键,并给出了信息物理系统中漏洞的利用模式及影响后果;其次,建立风险评估模型,提出攻击成功概率和攻击后果度量指标。综合考虑漏洞固有特性和攻击者能力计算攻击成功概率,根据主机重要程度和漏洞利用模式计算攻击后果。该方法能够将信息域与物理域作为一个整体进行建模,综合考虑多个跨域攻击对系统风险的影响。数值案例表明,多个跨域攻击组合下的风险值是单一攻击下的5倍,计算得到的风险值更为准确。     

基于Petri网的CPS系统安全量化分析模型

随着信息物理融合系统（CPS）的广泛应用,安全性已成为其研究的核心问题。由于CPS离散计算过程和连续物理世界交织的特性,传统的安全分析方式不能直接适用。通过将博弈理论和Petri网建模方法进行结合,提出一种GHPN方法对CPS系统建立量化的安全分析模型,该模型既能适用CPS离散连续混合结构的模型刻画,又可合理模拟系统攻防双方行为,基于最终生成的模型从系统可靠性、脆弱性、风险后果等方面进行安全分析。通过对飞机空中避撞系统的实例研究,表明该模型和分析方法的有效性。     

A game-theoretic method for cross-layer stochastic resilient control design in CPS

In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.