Industrial Cyber–Physical System Defense Resource Allocation Using Distributed Anomaly Detection

Abstract

An industrial cyber–physical system (ICPS) tightly integrating both physical processes and information and communication technologies (ICTs) leads to increasing cyberspace threats and attacks for the critical electrical infrastructure. With the limited defense resources availability, the efficient threat perception and mitigation of potential impacts of cyber attacks are essential to enhance the ICPS operational security. This article proposes an optimal defense resource allocation solution to prioritize the ICPS asset protection based on the distributed network traffic anomaly detection. The traffic anomalies and attack paths can be timely detected simultaneously over multiple security zones of the electrical infrastructure through local computing devices. The defense resource allocation is formulated as a multiobjective optimization (MOO) problem considering the tradeoff among the asset vulnerability, cost, and criticality, and solved by the Pareto optimal solution generation approach. The proposed solution is extensively evaluated using a realistic electrical CPS (ECPS) testbed for a range of cyber-attack scenarios. The numerical results confirm the effectiveness of the proposed distributed anomaly detection model and defense resource allocation strategy for varying defense resource availabilities.