IMMAESA: A Novel Evaluation Method of IDPSs' Reactions to Cyber-Attacks on ICSs Using Multi-Objectives Heuristic Algorithms

摘要

The rise of digitization in industrial control systems using commercial off-the-shelf software has encouraged the use of existing IT security solutions. The aim of this study is to prevent intrusion detection and prevention systems' actions from affecting the normal functions of sensitive ICSs. A novel approach called IMMAESA based on a heuristic algorithm is proposed to evaluate the impact of IDPSs' actions when mitigating cyber-attacks. The crux of this novel approach is the IDPS does not react until it assesses the impact of its actions. The bat-algorithm is used to find an optimal solution that preserves the reliability of the system. IMMAESA method is simulated on a known nuclear power plant design, the APR1400. Results show that the proposed method lets the IDPS effectively makes tradeoffs before execution, thus, avoid any undesirable effects. The IDPS selects a set of actions (severity ~ 0,750 and reliability ~ 0,767) with minor consequences. Thus, the proposed method would be a major contribution to the ICT security field.