A Non-parametric Cumulative Sum Approach for Online Diagnostics of Cyber Attacks to Nuclear Power Plants

Abstract: Failures and cyber attacks can both compromise the integrity of Cyber-Physical Systems (CPSs). Cyber attacks manifest themselves in the physical system and, can be misclassified as component failures, leading to wrong control actions and maintenance strategies. In this chapter, we illustrate the use of a non-parametric cumulative sum (NP-CUSUM) approach for online diagnostics of cyber attacks to CPSs. This allows for a prompt recognition of cyber attacks from component failures, and effective actions for CPSs … Show more

“…An objectoriented simulator previously developed [55,56], comprising a multi-loop Proportional-Integral (PI) controller [57], is utilized for simulating the ALFRED dynamic response to failures and cyber attacks. Data are fed to the NP-CUSUM algorithm [15], and the diagnostic outcomes are interpreted by operators, whose cognitive process is modelled by BBN.…”

“…designing a system, as in this work), and that the attacker moves after [9][10][11][12][13]. However, this means that an attacker can maximize the objective (of his/her malevolent act) and cyber attacks might be disguised from random failures, rendering the recovery difficult [14,15].…”

Considering the human operator cognitive process for the interpretation of diagnostic outcomes related to component failures and cyber security attacks

“…An objectoriented simulator previously developed [55,56], comprising a multi-loop Proportional-Integral (PI) controller [57], is utilized for simulating the ALFRED dynamic response to failures and cyber attacks. Data are fed to the NP-CUSUM algorithm [15], and the diagnostic outcomes are interpreted by operators, whose cognitive process is modelled by BBN.…”

“…designing a system, as in this work), and that the attacker moves after [9][10][11][12][13]. However, this means that an attacker can maximize the objective (of his/her malevolent act) and cyber attacks might be disguised from random failures, rendering the recovery difficult [14,15].…”

Considering the human operator cognitive process for the interpretation of diagnostic outcomes related to component failures and cyber security attacks

“…Risk assessment of CPS must address both safety and security issues (Amundrud, Aven, & Flage, ; Aven, ; Aven & Krohn, ; Kriaa, Pietre‐Cambacedes, Bouissou, & Halgand, ; Piètre‐Cambacédès & Bouissou, ; Wang, Di Maio, & Zio, ; Zalewski et al., ; Zio, , ). Safety concerns stochastic component failures that can result in accidental scenarios leading the system toward unacceptable consequences.…”

Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks

“…character (Zalewski et al, 2016;Rahman et al, 2016;Wang et al, 2018). Even if they are different from components stochastic failures, they can lead to similar consequences on the system physical processes (e.g., both a stochastic failure and a cyber attack can result in sensor performance degradation (Rahman et al, 2016)).…”

“…Sketch of cyber attacks injected into the ALFRED system(1) Sensors Controlled variables of the physical system are measured by sensors, whose values are fed to the control system. Four types of cyber attacks occurring at random time t A are considered for each sensor, preventing the controllers from receiving legitimate measurements (equivalent to typical Denial of Service (DoS) attacks(Zhang et al, 2016;Ding et al, 2016;Yuan et al, 2014;Wang et al, 2018;Zhu et al, 2014)), mimicking stochastic failures(Boskvic and Mehra, 2002): (a) bias, (b) drift, (c) wider noise and (d) freezing (see dotted lines inFig. 6 a), b), c) and d), respectively).…”

A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants