Sie befinden Sich nicht im Netzwerk der Universität Paderborn. Der Zugriff auf elektronische Ressourcen ist gegebenenfalls nur via VPN oder Shibboleth (DFN-AAI) möglich. mehr Informationen...
Owing to the increasing number of cybersecurity threats targeting industrial control systems (ICSs), intrusion response systems (IRSs) have become essential. However, the current IRSs exhibit several limitations, such as neglecting physical domain security policies and relying significantly on expert input. While deep reinforcement learning (DRL) methods yield superior outcomes, they suffer from low interpretability and unreliability. This study introduces an interpretable cross-layer intrusion response system (ICL-IRS), which is a decision-tree-based IRS. It offers a robust understanding of cyberattacks and industrial control logic specific to ICSs. ICL-IRS employs a DRL model, tailored to the characteristics of physical process control, to refine policies. It then scrutinizes the optimized intrusion response policy and generates decision trees. Our experimental results reveal a 21% enhancement in the success rate of the proposed ICL-IRS over competing methods. The effectiveness of ICL-IRS was further validated through a case study on a simulated process-control system.