簡易檢索 / 詳目顯示

回結果列表
研究生: 沈稚庭
Chih-Ting Shen
論文名稱: 工業控制系統之防禦韌性研究
Adaptive Cyber Resilience for ICS Defenses Strategy
指導教授: 馬奕葳
Yi-Wei Ma
口試委員: 陳俊良
黎碧煌
陳永昇
馬奕葳
學位類別: 碩士
Master
系所名稱: 電資學院 - 電機工程系
Department of Electrical Engineering
論文出版年: 2022
畢業學年度: 110
語文別: 英文
論文頁數: 98
中文關鍵詞: 網路韌性取捨工業控制系統網路安全恢復
外文關鍵詞: Cyber Resilience, Trade-Offs, Industrial Control System, Cyber Security, Recovery
相關次數: 點閱:244下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來工業控制系統的導入,使資訊科技(IT)營運技術(OT)變得更緊密關聯,因此使工業控制系統(ICS)的資安事件頻傳,並且企業很難於安全、產能營運效益及系統性能取得平衡,因此究導入網路韌性(Cyber Resilience)之理念,提供資訊安全防護能力與持續提供服務營運能力兼具的工業控制營運系統。本研究提出的自適應系統架構在整體ICS上根據營運效率、性能效率、安全性等三大項指標進行取捨,以達整體系統的營運、性能與安全之最適表現。本研究設計六個模組,數據指標/量測模組負責制定指標項目並進行量測。防禦策略規劃模組負責制定不同特性的策略,定義相關控制事件的防禦策略與指標之間的關係性並進行各指標的算分以及週期性調整策略分數。效益評估與決策模組負責根據系統環境決策出一個符合當前系統情況的最適配置策略。防禦策略佈署與調整模組中負責將佈署最佳防禦策略以及即時調整防禦手段。監控模組負責收集系統運行的各項即時資料。事件偵測與分析模組負責將即時收集回來的資料進行異常評估,並分析事件所造成影響與事件發生後所恢復的程度。在實驗結果分析中,可見所提出來的自適應系統架構於實驗案例七相較使用以單一安全為目標的策略,獲得了3%的效益。然相較於使用以單一營運效益為目標的策略,獲得了11%的效益。

    The use of Industrial Control Systems (ICS) has made the interconnection between Information Technology (IT) and Operational Technology (OT). Every enterprise is difficult to strike a balance between production capacity, security, operational efficiency and performance efficiency. Thus, this study introduces the concept of cyber resilience to provide an ICS with both information security protection capability and continuous operation capability. This study proposes an adaptive cyber resilience for ICS defenses strategy system architecture. The system chooses defense strategies based on three major metrics, including operational efficiency, performance efficiency, and security, so as to achieve the optimal security defense and operation productivity. The proposed system includes six modules: The Metrics/Measures module is used to formulate metrics and perform data measurement. The Defense Strategy Planning module is to define the correlation between defense strategies and metrics of each industrial control system control event, formulate strategies in multiple fields to calculate scores according to strategies with different characteristics, and adjust the strategy periodically. The benefit estimate and decision module is responsible for deciding an optimal strategy according to the current system condition. The defense strategy deployment and adjustment module is responsible for deploying the best defense strategy and adjusting defense methods in near-real time. The Monitor module is used to collect various real-time data. The Incident Detect and Analysis module is responsible for evaluating the abnormality of the data collected in real time, and analyzing the level of abnormal events and the degree of recovery after the event. In the analysis of the experimental results, it can be seen that the proposed adaptive cyber security system achieves 3% and 11% enhanced productivity gains compared with the use of a single security strategy and the use of a single operation strategy, respectively.

    摘要 I Abstract II Chapter 1 Introduction 1 1.1 Motivation 1 1.2 Cyber Resilience 4 1.3 Contribution 5 Chapter 2 Background and Related Work 7 2.1 Background 7 2.1.1 Industrial Control System(ICS) 7 2.1.2 Cyber Security 8 2.2 Related Work 10 Chapter 3 Proposed System Architecture 20 3.1 Metrics/Measures Module 24 3.2 Defense Strategy Planning Module 26 3.3 Benefit Estimate and Decision Module 32 3.4 Defense Strategy Deployment and Adjustment Module 40 3.5 Monitor Module 46 3.6 Incident Detect and Analysis Module 48 Chapter 4 Performance Analysis 56 4.1 Scenario 56 4.2 Experimental Parameters 60 4.3 Experimental Analysis and Verification 65 Chapter 5 Conclusion and Future Works 81 5.1 Conclusion 81 5.2 Future Works 83 Reference 84

    TSMC WannaCry Hits OT Plants with a Hefty Price Tag, https://www.skyboxsecurity.com/blog/tsmc-wannacry/ (Last Read on: 2022/04/10)
    [2] The Norsk Hydro LockerGoga ransomware cyber attack, https://swimlane.com/blog/norsk-hydro-ransomware-attack (Last Read on: 2022/04/10)
    [3] 徹底揭露2019年臺灣最大規模病毒攻擊事件】勒索軟體衝擊!全臺醫療院所資安拉警報, https://www.ithome.com.tw/news/134108 (Last Read on: 2022/04/10)
    [4] Utah renewables company was hit by rare cyberattack in March, https://www.cyberscoop.com/spower-power-grid-cyberattack-foia/ (Last Read on: 2022/04/21)
    [5] DarkSide Ransomware Hit Colonial Pipeline—and Created an Unholy Mess, https://www.wired.com/story/darkside-ransomware-colonial-pipeline-response/ (Last Read on: 2022/04/21)
    [6] Meat supplier JBS paid ransomware hackers $11 million, https://www.cnbc.com/2021/06/09/jbs-paid-11-million-in-response-to-ransomware-attack-.html (Last Read on: 2022/05/05)
    [7] MeteorExpress Wiper Responsible for the Iranian Railway Attack, https://heimdalsecurity.com/blog/meteorexpress-wiper-responsible-for-the-iranian-railway-attack/ (Last Read on: 2022/05/05)
    [8] Ukraine crisis: 'Wiper' discovered in latest cyber-attacks, https://www.bbc.com/news/technology-60500618 (Last Read on: 2022/05/05)
    [9] Hackers use Conti's leaked ransomware to attack Russian companies, https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/ (Last Read on: 2022/05/05)
    [10] S. S. Yau, Y. Yin and H. G. An, “An Adaptive Tradeoff Model for Service Performance and Security in Service-Based Systems,” Proceedings of International Conference on Web Services, pp. 287-294, 2009.
    [11] A. Schaeffer-Filho, P. Smith, A. Mauthe and D. Hutchison, “Network resilience with reusable management patterns,” IEEE Communications Magazine, vol. 52, no. 7, pp. 105-115, 2014.
    [12] ICS Cyber Security Effectiveness Measurement, https://ics.kaspersky.com/media/ics-conference-2019/06-Alexey-Lukatsky-Izmerenie-effektivnosti-bezopasnosti-dlya-promyshlennyh-sistem-ENG.pdf (Last Read on: 2022/05/20)
    [13] C. Onwubiko, “Focusing on the Recovery Aspects of Cyber Resilience,” Proceeding of International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1-13, 2020.
    [14] R. Altawy and A. M. Youssef, “Security Tradeoffs in Cyber Physical Systems: A Case Study Survey on Implantable Medical Equipment,” Proceedings of the IEEE Access, vol. 4, pp. 959-979, 2016.
    [15] S. K. Ghosh, S. Dey and D. Mukhopadhyay, "Performance, Security Tradeoffs in Secure Control," in the IEEE Embedded Systems Letters, vol. 11, no. 4, pp. 102-105, Dec. 2019.
    [16] C. Zhang, J. Ge, F. Gong, F. Jia and N. Guo, “Security--Reliability Tradeoff for Untrusted and Selfish Relay-Assisted D2D Communications in Heterogeneous Cellular Networks for IoT,” IEEE Systems Journal, vol. 14, no. 2, pp. 2192-2201, 2020.
    [17] Emre Dalkıran, Tolga Önel, Okan Topçu, Kadir Alpaslan Demir, “Automated integration of real-time and non-real-time defense systems,” Defense Technology, vol 17, Issue 2, pp 657-670, 2021.
    [18] C. T. Lin, S. L. Wu and M. L. Lee, “Cyber attack and defense on industry control systems,” Proceedings of the IEEE Conference on Dependable and Secure Computing, pp. 524-526, 2017.
    [19] M. D. Smith and M. E. Paté-Cornell, “Cyber Risk Analysis for a Smart Grid: How Smart is Smart Enough? A Multiarmed Bandit Approach to Cyber Security Investment,” IEEE Transactions on Engineering Management, vol. 65, no. 3, pp. 434-447, 2018.
    [20] D. Liu, C. K. Tse and X. Zhang, “Tradeoff Between Robustness and Functionality in Cyber-Coupled Power Systems,” IEEE Systems Journal, vol. 16, no. 1, pp. 499-509, 2022.
    [21] Tradeoffs for performance efficiency, https://docs.microsoft.com/en-us/azure/architecture/framework/scalability/tradeoffs (Last Read on: 2022/05/20)
    [22] D. Liu, Z. Wu, Q. Guo and Y. Shi, “Resilience and Its Thresholds of Scientific Collaboration Network,” IEEE Access, vol. 7, pp. 69339-69350, 2019.
    [23] N. Jacobs, S. Hossain-McKenzie and E. Vugrin, “Measurement and Analysis of Cyber Resilience for Control Systems: An Illustrative Example,” Resilience Week (RWS), pp. 38-46, 2018.
    [24] S. Zhang et al., “Calculation and optimization of power network resilience,” Proceedings of the Chinese Control And Decision Conference (CCDC), pp. 6434-6440, 2019.
    [25] Miranda P.M. Meuwissen, Peter H. Feindt, Alisa Spiegel, Catrien J.A.M. Termeer, Erik Mathijs, Yann de Mey, Robert Finger, Alfons Balmann, Erwin Wauters, Julie Urquhart, Mauro Vigani, Katarzyna Zawalińska, Hugo Herrera, Phillipa Nicholas-Davies, Helena Hansson, Wim Paas, Thomas Slijper, Isabeau Coopmans, Willemijn Vroege, Anna Ciechomska, Francesco Accatino, Birgit Kopainsky, P. Marijn Poortvliet, Jeroen J.L. Candel, Damian Maye, Simone Severini, Saverio Senni, Bárbara Soriano, Carl-Johan Lagerkvist, Mariya Peneva, Camelia Gavrilescu, Pytrik Reidsma, “A framework to assess the resilience of farming systems,” Agricultural Systems, vol 176, 2019.
    [26] Qing-Chang Lu, “Modeling network resilience of rail transit under operational incidents,” Transportation Research Part A: Policy and Practice, vol 117, p 227-237, 2018.
    [27] P. Dehghanian, S. Aslan and P. Dehghanian, “Maintaining Electric System Safety Through An Enhanced Network Resilience,” IEEE Transactions on Industry Applications, vol. 54, no. 5, pp.4927-4937, 2018.
    [28] Scott W. Duxbury and Dana L. Haynie, “Criminal network security: An agent-based approach to evaluating network resilience,” Criminology, vol 57, Issue 2, p.314-342, 2019.
    [29] Sergii Lysenko, Oleg Savenko, Kira Bobrovnikova and Andrii Kryshchuk, “Self-adaptive System for the Corporate Area Network Resilience in the Presence of Botnet Cyberattacks,” Proceedings of the International Conference on Computer Networks, pp 385–40, 2018.
    [30] ATT&CK Matrix for Enterprise, https://attack.mitre.org/(Last Read on: 2022/08/20)

    QR CODE