CAREER: A dynamic game theoretic approach to cyber-security of controlled systems

职业：受控系统网络安全的动态博弈论方法

基本信息

批准号：
1151076
负责人：
Cedric Langbort
金额：
$ 40万
依托单位：
University of Illinois at Urbana-Champaign
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2012
资助国家：
美国
起止时间：
2012-02-15 至 2018-01-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1151076&HistoricalAwards=false
关键词：
CAREER dynamic game theoretic approach

项目摘要

As infrastructure and industrial control systems are increasingly being connected to the Internet and other widely accessible networks, their vulnerability to cyber attacks is fast becoming a growing concern and a national priority. Successfully weathering these attacks calls for stringent security measures and, in turn, imposes unique requirements on control algorithms, which must be able to ensure some level of closed-loop stability and performance in the presence of malicious and strategic intrusions, and complement the first line of defense provided by more traditional cyber-security techniques. In order to be implementable on today?sSCADA systems, these algorithms must (1) be able to face a wide variety of attacks, (2) be easy to deploy and require relatively low computational resources and, (3) come with theoretical guarantees of resilience for at least some well-defined classes of attacks.This CAREER project proposes to explore the design of such secure control algorithms using the tools of Game Theory, more specifically dynamic zero-sum games, stopping games, and team theory. The flexibility afforded by this modeling paradigm makes it possible to capture various characteristics of attacks through the attacker?s and controller?s information and action sets, as well as through the kernel of the game. In addition to readily implementable control strategies, this game theoretic approach also provides fundamental insights into the influence of an attack?s point of entry and stealthiness on its outcomes, and points towards specific resilient architectures for networked control systems. The resulting algorithms will be implemented and validated on three experimental testbeds of increasing complexity and degree of realism. One of these testbed is an actual small scale SCADA-enabled power grid located in Stockholm, Sweden, which the PI will be granted access to via ongoing collaboration with the Royal Institute of Technology (KTH). Tightly integrated with this research plan are education and outreach activities, which will partly leverage the testbed implementations, and are aimed at extending the use of game theoretic tools in the cyber-security community and among engineering students, and demystifying cyber-attacks for the general public, respectively.Intellectual Merit: The novelty and pertinence of the proposed approach for designing provably secure control systems lies in its focus on the resilience of the control algorithm itself, and its combination of the complementary strengths of dynamic game theory and robust control techniques to achieve this goal. This is in contrast with traditional cyber-security approaches, which are typically concerned with decreasing software and hardware vulnerabilities, and thwarting attacks at their point of entry. In addition, while game theoretic methods have proved successful in the formulation and resolution of security problems in the context of computer and communication networks, the use of these tools for studying and designing secure networked control systems under cyber-attacks is relatively new and unexplored.Broader Impact: We expect the algorithms and approach resulting from this project to be widely applicable, and to provide additional options for the design of ?defense in depth? strategies for networked control systems. In order to disseminate these results to a broad community of students, researchers, and practitioners, a yearly summer school on ?Game Theory for Decision-Making and Security? will be organized either as a stand-alone event, or as part of UIUC?s Information Trust Institute?s (ITI) offering of dedicated summer workshops. Undergraduates will be recruited through ITI?s Summer Internship Program, and will be involved in the implementation and characterization of the two in-house testbeds. These testbeds will also be used in outreach efforts to the local and global public. Finally, this project will help strengthen the research and educational ties between UIUC and KTH, including student exchange.

随着基础设施和工业控制系统越来越多地连接到互联网和其他广泛访问的网络，它们对网络攻击的脆弱性正迅速成为日益关注和国家优先事项。成功风化这些攻击要求采取严格的安全措施，进而对控制算法施加独特的要求，在存在恶意和战略性入侵的情况下，必须能够确保一定程度的闭环稳定性和表现，并补充由更传统的网络安全技术提供的第一条防线。 In order to be implementable on today?sSCADA systems, these algorithms must (1) be able to face a wide variety of attacks, (2) be easy to deploy and require relatively low computational resources and, (3) come with theoretical guarantees of resilience for at least some well-defined classes of attacks.This CAREER project proposes to explore the design of such secure control algorithms using the tools of Game Theory, more specifically dynamic zero-sum games,停止游戏和团队理论。这种建模范式提供的灵活性使得通过攻击者和控制器的信息和动作集以及游戏的内核可以捕获攻击的各种特征。除了易于实施的控制策略外，这种游戏理论方法还提供了对攻击的入境点和隐形对结果的影响的基本见解，并指向了针对网络控制系统的特定弹性体系结构。所得算法将在三个实验测试床上实施和验证，以提高复杂性和现实主义程度。这些测试床之一是位于瑞典斯德哥尔摩的实际小型SCADA启用电网，将授予PI通过与皇家技术学院（KTH）进行持续合作的访问权限。与该研究计划紧密整合的是教育和外展活动，这将部分利用测试床的实施，并旨在扩展使用游戏理论工具在网络安全社区和工程专业的学生中的使用，并分别为公众提供网络攻击，分别为公众的启发性地控制范围的固定范围，以确保其范围的范围，以确保拟议中的新颖性，以确保拟议中的范围，以确保拟议中的新颖性，以确保拟议中的范围的范围。算法本身，以及动态游戏理论的互补优势和强大的控制技术的结合，以实现这一目标。这与传统的网络安全方法相反，这些方法通常与软件和硬件漏洞的减少有关，并在其进入点挫败了攻击。此外，尽管游戏理论方法已被证明在计算机和通信网络中的安全问题的制定和解决方案方面取得了成功，但在网络攻击下使用这些工具来研究和设计安全的网络控制系统相对较新且未探索。BROADER都会受到影响：我们期望该项目可用于广泛适用和提供其他选择？网络控制系统的策略。为了将这些结果传播给广泛的学生，研究人员和从业人员社区，这是对决策和安全的游戏理论的年度暑期学校？将被组织为独立活动，或者作为UIUC信息信托研究所（ITI）提供专门的夏季研讨会的一部分。本科生将通过ITI的暑期实习计划招募，并将参与两个内部测试床的实施和表征。这些测试床也将用于向当地和全球公众的外展工作。最后，该项目将有助于加强UIUC和KTH（包括学生交流）之间的研究和教育关系。