A Plant-Wide Industrial Process Control Security Problem

McEvoy, Thomas Richard; Wolthusen, Stephen D.

doi:10.1007/978-3-642-24864-1_4

Cited by 18 publications

(22 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Detective strategies based on protocol analysis, or statistical signal analysis by themselves can be shown to have weaknesses in uncovering such attacks [7], particularly in the face of an adversary with the ability to subvert network nodes in the system [3]. Hence conjoint reasoning over both communication and control functionality, making use of advanced state estimation techniques, is necessary to detect such attacks [2] [8]. This can be split into the analysis of the integrity of network nodes on the one hand and the analysis of the integrity of process control units on the other.…”

Section: Related Workmentioning

confidence: 98%

“…Techniques related to IP traceback [9,10,11,12,13,14] have been proposed to help solve this kind of problem in the context of denial of service attacks and such techniques are easily adaptable to this problem, particularly for probabilistic cases [15]. In [2], this requires demonstrating the existence of independent routes and then considering their consistency in terms of the model to determine route integrity. However, this approach relies on the knowledge of routes and system operations in a highly stable topology.…”

Section: Related Workmentioning

confidence: 99%

“…This elimination can take place along multiple routes simultaneously depending on edge-disjointedness of the network graph. In the remainder of the paper we rely on an algebraic formulation of the protocol [2] [17] as this offers a means of designing and proving protocol behaviour abstracted from specific SCADA environments.…”

Section: Related Workmentioning

confidence: 99%

“…This enables us to detect efficiently whether or not network nodes are forging or manipulating packages. If no such activity is discovered, in the presence of anomalous plant conditions, we may assume that the control unit is subject to adversary subversion 2 . We subsequently prevent subverted nodes from participating further in system communications, while repair and recovery procedures are carried out.…”

Section: Introductionmentioning

confidence: 99%

“…Attack aims are not confined to creating short-lived, albeit disastrous, effects, but based on medium-to long-term strategies to disrupt plant operation, and necessarily make use of advanced concealment techniques, which require the concomitant development of detection methods to uncover and remove them. The concept of utilising network protocols to aid intrusion recovery on SCADA systems has been proposed previously [2]. A detection event is assumed 1 [3], indicating a process under attack.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

McEvoy

Wolthusen

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Supervisory control and data acquisition (SCADA) systems form a vital part of the critical infrastructure. Such systems are subject to sophisticated attacks by subverted processes which can manipulate message content or forge authentic messages, undermining the action of the plant, whilst hiding the effects from operators. In this paper, we propose a novel network protocol which, using techniques related to IP Traceback, enables the efficient discovery of subverted nodes, assuming an initial detection event. We discuss its advantages over previous techniques in this area and provide a formal model.

show abstract

Section: Related Workmentioning

confidence: 98%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

McEvoy

Wolthusen

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Generalized Dice's coefficient‐based multi‐block principal component analysis with Bayesian inference for plant‐wide process monitoring

Wang

Yan

Jiang

et al. 2014

Journal of Chemometrics

View full text Add to dashboard Cite

Plant-wide process monitoring is challenging because of the complex relationships among numerous variables in modern industrial processes. The multi-block process monitoring method is an efficient approach applied to plant-wide processes. However, dividing the original space into subspaces remains an open issue. The loading matrix generated by principal component analysis (PCA) describes the correlation between original variables and extracted components and reveals the internal relations within the plant-wide process. Thus, a multi-block PCA method that constructs principal component (PC) sub-blocks according to the generalized Dice coefficient of the loading matrix is proposed. The PCs corresponding to similar loading vectors are divided within the same sub-block. Thus, the PCs in the same sub-block share similar variational behavior for certain faults. This behavior improves the sensitivity of process monitoring in the sub-block. A monitoring statistic T 2 corresponding to each sub-block is produced and is integrated into the final probability index based on Bayesian inference. A corresponding contribution plot is also developed to identify the root cause. The superiority of the proposed method is demonstrated by two case studies: a numerical example and the Tennessee Eastman benchmark. Comparisons with other PCA-based methods are also provided.

show abstract

Process monitoring based on entropy weight for a subspace containing probabilistic principal components and fault‐relevant noise factors

Zhu

Huang

Yan

2017

Journal of Chemometrics

View full text Add to dashboard Cite

Probabilistic principal component analysis (PPCA) is widely used in process monitoring and has achieved effective fault detection and online fault identification. However, the relationship between fault information and certain probabilistic principal components has not been explicitly mapped. Therefore, fault information might be scattered across 2 different subspaces when probabilistic principal components are selected subjectively based on variance. Moreover, although the maximum useful information is collected into a new subspace by the selected elements, a large amount of useless information might cover up the fault-relevant information. Considering these shortcomings, weighted PPCA based on entropy method and moving window (EMW-PPCA) is applied in this study to improve the monitoring performance of traditional PPCA. After building a traditional PPCA model through normal observations, EMW-PPCA proposes a novel strategy to identify and extract as much fault-relevant information as possible from the residual subspace and then integrates the selected fault-relevant noise factors into the dominant subspace to create a new specific subspace for process monitoring. The entropy method is applied to this new subspace to define the importance degree of each direction and evaluate the weighting values objectively. Then, the weighting values are assigned to each of the corresponding elements to highlight the fault-relevant information for online monitoring within a moving window. Case studies on a simple numerical example are conducted, and the Tennessee Eastman process is applied to validate the effectiveness of the EMW-PPCA scheme.

show abstract

A Plant-Wide Industrial Process Control Security Problem

Cited by 18 publications

References 15 publications

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

Generalized Dice's coefficient‐based multi‐block principal component analysis with Bayesian inference for plant‐wide process monitoring

Process monitoring based on entropy weight for a subspace containing probabilistic principal components and fault‐relevant noise factors

Contact Info

Product

Resources

About