A statistical method for detecting cyber/physical attacks on SCADA systems

Long, Van; Fillatre, Lionel

doi:10.1109/cca.2014.6981373

Cited by 27 publications

(13 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The matrix E in (1) is singular due to the presence of algebraic equations, therefore it is necessary to transform the system into a non-singular form. This can be achieved by exploiting specific results from index-one singular systems, as shown in [14], [15], to divide the state vector x into two subsets: the dynamic states indicated by x 1 ∈ R nt , and the algebraic states indicated by x 2 ∈ R (n−nt) , where n t is the number of tanks (the head of tanks are the dynamic states of the system). To achieve this, the dynamic states are rearranged and separated from the algebraic states, using the similarity transformation…”

Section: B Separation Of Dynamic and Algebraic Statesmentioning

confidence: 99%

Leak Detection in Water Distribution Systems Using Hydraulic Interval State Estimation

Vrachimis

Ηλιάδης

Polycarpou

2018

2018 IEEE Conference on Control Technology and Applications (CCTA)

View full text Add to dashboard Cite

This work develops a new algorithm based on interval hydraulic state estimation for leakage detection in urban water distribution systems using pressure sensors and smart meters. The proposed approach takes into consideration the fact that water demand and network parameter uncertainties are unstructured, and models them as intervals defined by a corresponding upper and lower bound. The state estimation process yields bounded state estimates which are used in the creation of detection thresholds. A detection logic is used to determine whether the thresholds are violated as a result of a leakage fault event. The proposed methodology is demonstrated on a leakage benchmark dataset under various scenarios.

show abstract

Section: B Separation Of Dynamic and Algebraic Statesmentioning

confidence: 99%

Leak Detection in Water Distribution Systems Using Hydraulic Interval State Estimation

Vrachimis

Ηλιάδης

Polycarpou

2018

2018 IEEE Conference on Control Technology and Applications (CCTA)

View full text Add to dashboard Cite

show abstract

“…This suboptimal algorithm combines the watermark‐based detector proposed by Mo et al and the zero‐sum stochastic game proposed by Zhu and Başar . In the same way, Do et al formulated the attack detection problem as a transient changes detection problem in stochastic‐dynamical systems. This detector is based on the knowledge of the behavior of the system and its stochastic variations to detect data manipulation.…”

Section: Related Workmentioning

confidence: 99%

“…Arvani and Rao proposed a signal‐based intrusion detection model to identify anomalies in the information reported by the sensors of cyber‐physical systems. Do et al presented the use of statistical detection methods, to identify data manipulation over stochastic processes. The use of watermark‐based techniques are proposed by Mo et al and revisited by Rubio‐Hernan et al Next, we reexamine the watermark‐based techniques presented in the works of Mo et al and Rubio‐Hernan et al and show how to combine such techniques together with control strategy policies.…”

Section: Introductionmentioning

confidence: 99%

Adaptive control‐theoretic detection of integrity attacks against cyber‐physical industrial systems

Rubio‐Hernan

Cicco

García-Alfaro

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The use of control‐theoretic solutions to detect attacks against cyber‐physical industrial systems is a growing area of research. Traditional literature proposes the use of control strategies to retain, eg, satisfactory close‐loop performance, as well as safety properties, when a communication network connects the distributed components of a physical system (eg, sensors, actuators, and controllers). However, the adaptation of these strategies to handle security incidents is an ongoing challenge. In this paper, we survey the advantages of a watermark‐based detector against some integrity attacks as well as the weaknesses against other attacks. To cover these weaknesses, we propose a new control and security strategy that complements the watermark‐based detector. We validate the detection efficiency of the new strategy via numeric simulation. Experimental results are also presented by using a laboratory testbed based on supervisory control and data acquisition industrial protocols.

show abstract

“…The assumed window size is settled toT = 300. The range of orders where the detection ratio does not increase drastically is [18,28]. If an adversary uses an order in this range, the detection ratio is not higher than 10%.…”

Section: Numerical Validation Of the Multi-watermark Detector Againstmentioning

confidence: 99%

“…In [17], Arvani et al describe a signal-based detector method, using discrete wavelet transformations. Do et al study in [18] strategies for handling cyber-physical attacks using statistical detection methods. Mo et al propose in [4,5] the use of watermark-based detection by adapting traditional failure detection mechanisms (e.g., detectors to handle faults and errors).…”

Section: Cyber-physical Attacksmentioning

confidence: 99%

On the use of watermark-based schemes to detect cyber-physical attacks

Rubio‐Hernan

Cicco

García-Alfaro

2017

EURASIP J. on Info. Security

View full text Add to dashboard Cite

We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and security. Networked-control technologies imposed by industrial standards already cover the safety dimension. However, from a security standpoint, using only cyber information to analyze the security of a cyber-physical system is not enough, since the physical malicious actions that can threaten the correct behavior of the systems are ignored. For this reason, the systems have to be protected from threats to their cyber and physical layers. Some authors have handled replay and integrity attacks using, for example, physical attestation to validate the cyber process and to detect the attacks, or watermark-based detectors which uses also physical parameters to ensure the cyber layers. We reexamine the effectiveness of a stationary watermark-based detector. We show that this approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection ratio of the original design under the presence of new adversaries that are able to infer the system dynamics and are able to evade the detector with high frequency. We propose a new detection scheme which employs several non-stationary watermarks. We validate the detection efficiency of the new strategy via numeric simulations and via running experiments on a laboratory testbed. Results show that the proposed strategy is able to detect adversaries using non-parametric methods, but it is not equally effective against adversaries using parametric identification methods.

show abstract

A statistical method for detecting cyber/physical attacks on SCADA systems

Cited by 27 publications

References 11 publications

Leak Detection in Water Distribution Systems Using Hydraulic Interval State Estimation

Leak Detection in Water Distribution Systems Using Hydraulic Interval State Estimation

Adaptive control‐theoretic detection of integrity attacks against cyber‐physical industrial systems

On the use of watermark-based schemes to detect cyber-physical attacks

Contact Info

Product

Resources

About