容忍入侵的信息物理融合系统安全策略优化与实时控制方法

项目名称： 容忍入侵的信息物理融合系统安全策略优化与实时控制方法

项目编号： No.61272204

项目类型： 面上项目

立项/批准年度： 2013

项目学科： 自动化技术、计算机技术

项目作者： 周纯杰

作者单位： 华中科技大学

项目金额： 81万元

中文摘要： 项目研究面向工业控制的信息物理融合系统在遭到入侵攻击时，依靠自身（自动）将系统实时恢复到正常工作状态或可接受风险状态的关键技术和实现方法。研究多层次的纵深防御整体安全体系结构和控制框架，给出针对不同攻击类型的入侵检测算法和实时闭环控制方法；研究系统动态的风险评估模型及其进化，并基于贝叶斯攻击图和Petri网的安全态势评估；提出成本敏感的兼顾多种安全需求的自适应入侵反应模型和安全策略选择算法，给出基于遗传算法的多目标约束安全决策优化理论和方法；研究安全感知的实时任务调度算法及可调度分析，实现对入侵攻击的实时闭环控制；利用仿真平台进行仿真和模拟试验，在工厂物料无线输送系统或工程机械总线系统开展工程应用。项目能发展和完善信息物理融合系统安全设计理论，拓宽智能控制应用领域，成果对低成本的信息物理融合系统及装置的开发和工程实践具有重要意义。

中文关键词： 信息物理融合系统；信息安全；安全策略优化；安全感知实时控制；安全控制

英文摘要： The key technologies and implementation methods are studied for real time control and recovery in the Cyber Physical Systems when intrusion attacks occur, which lead system to normal operation or acceptable risk level state. To achieve this goal, multi-layer defense-in-depth security architecture and control framework is firstly researched , and the algorithms of intrusion detection and the methods of real-time close-looped control against different types of attacks are provided. Secondly, the models of dynamic risk evaluation and the methods of the system security situation evaluation are provided based on Bayesian attack graph and Petri Nets. On the basis of the risk evaluation model, the cost-sensitive intrusion response model and security decision selection algorithm will be proposed when considering various security requirements, and the theory and methods for multi-objectives constraints optimization of security decision will be constructed based on Genetic Algorithm. After security-aware real-time task scheduling algorithms and schedulability analysis are studied, the real-time close-looped control against intrusion attacks are realized by using safety control technology . For an illustrative purpose, simulation and test are planned to carry out, and engineering application will also be conducted in t

英文关键词： Cyber physical systems；cybersecurity；security policy optimization；security aware real-time control；safety control