Limiting the Impact of Stealthy Attacks on Industrial Control Systems

Urbina, David I.; Giraldo, Jairo; Cárdenas, Álvaro A.; Tippenhauer, Nils Ole; Valente, Junia; Faisal, Mustafa Amir; Ruths, Justin; Candell, Richard; Sandberg, Henrik

doi:10.1145/2976749.2978388

Cited by 279 publications

(184 citation statements)

References 55 publications

Supporting

Mentioning

183

Contrasting

Order By: Relevance

“…We present and discuss some peculiarities in the attack and residual signals. Furthermore the results obtained in our work are related to the results in [1]. Lastly we conclude our work and suggest some topics for future work.…”

Section: Discussionsupporting

confidence: 61%

“…Note that the threshold does not depend on the actual threshold J D . Similar results are shown and used to design an attack in [1], when the detector is in steady state.…”

Section: Steady State Influence Of the Attackmentioning

confidence: 66%

“…Moreover necessary and sufficient conditions for the output-to-output l 2 -gain to be bounded are given, which are closely related to the zero dynamics of the system. Urbina et al [1] present a comprehensive survey on the current literature about security of cyber-physical systems and put them in a unified taxonomy to compare the literature. The taxonomy is based on the system model, a trust model, that states which system components are trusted, the detector used and how the detector's performance is evaluated.…”

Section: Related Workmentioning

confidence: 99%

“…Hence we have to use a non-parametric CUSUM algorithm. Similar to [1], the non-parametric CUSUM algorithm used here is…”

Section: Cumulative Summentioning

confidence: 99%

See 3 more Smart Citations

Security analysis of control system anomaly detectors

Umsonst

Cárdenas

2017

2017 American Control Conference (ACC)

Self Cite

View full text Add to dashboard Cite

Anomaly detectors in control systems are used to detect system faults and they are typically based on an analytical system model, which generates residual signals to find a fault. The detectors are designed to detect randomly occurring faults but not coordinated malicious attacks on the system. Therefore three different anomaly detectors, namely a detector solely based on the last residual, a multivariate exponentially weighted moving average filter and a cumulative sum, are investigated to determine which detector yields the smallest worst-case impact of a time-limited data injection attack. For this reason optimal control problems are formulated to characterize the worst-case attack under different anomaly detectors, which lead to non-convex optimization problems. Relaxations to convex problems are proposed and solved numerically and in special cases also analytically. The detectors are compared by solving the optimal control problems for a simple simulation example as well as a quadruple-tank process. Simulations and experiments show that the cumulative sum seems to be the detector to choose, if one wants to limit the worst-case attack impact. AbstractAnomalidetektorer i styrsystem används normalt för att detektera systemfel och deär oftast baserade på en analytisk systemmodell vilken genererar residualsignaler för att upptäcka felen. Detektorernaär oftast konstruerade för att upptäcka slumpmässigt förekommande fel och inte samordnade angrepp på systemet. Därför utvärderas här tre olika anomalidetektorer: en detektor som enbart grundar sig på den senaste residualen, en somär baserad på multivariat exponentiellt viktat glidande medelärde och en kumulativ summa. I utvärderingen undersöker vi vilken detektor som mest begränsar en attack i form av en datainjektion. Av denna anledning formuleras optimala styrproblem för att karakterisera den värsta attacken för de olika anomalidetektorerna, vilket leder till ickekonvexa optimeringsproblem. Relaxeringar till konvexa problem föreslås och löses numeriskt och i särskilda falläven analytiskt. Detektorerna jämförs genom att lösa de optimala styrproblem för ett simuleringsexempel såväl som för en riktig fyrtanksprocess. Både simuleringar och experiment visar att den kumulativa summanär den detektor som begränsar de studerade attackerna mest.

show abstract

Section: Discussionsupporting

confidence: 61%

“…Note that the threshold does not depend on the actual threshold J D . Similar results are shown and used to design an attack in [1], when the detector is in steady state.…”

Section: Steady State Influence Of the Attackmentioning

confidence: 66%

Section: Related Workmentioning

confidence: 99%

“…Hence we have to use a non-parametric CUSUM algorithm. Similar to [1], the non-parametric CUSUM algorithm used here is…”

Section: Cumulative Summentioning

confidence: 99%

See 2 more Smart Citations

Security analysis of control system anomaly detectors

Umsonst

Cárdenas

2017

2017 American Control Conference (ACC)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Majority of work on attack detection has considered a single stage for attack and detection (e.g., see [18]). Here, we evaluate the situation of using multiple detectors throughout the process while carrying out a spoofing attack on only one point.…”

Section: Experimentation Setupmentioning

confidence: 99%

Multistage Downstream Attack Detection in a Cyber Physical System

et al. 2017

Self Cite

View full text Add to dashboard Cite

Abstract. We present an attack detection scheme for a water treatment system. We leverage the connectivity of two stages of the process to detect attacks downstream from the point of attack. Based on a mathematical model of the process, carefully crafted and executed attacks, are detected by deploying CUSUM and Bad-Data detectors. Extensive experiments are carried out and the results show the performance of the proposed scheme.

show abstract

Adversarial Gaussian Process Regression in Sensor Networks

Koutsoukos

Vorobeychik

2021

Game Theory and Machine Learning for Cyber Security

View full text Add to dashboard Cite

Limiting the Impact of Stealthy Attacks on Industrial Control Systems

Cited by 279 publications

References 55 publications

Security analysis of control system anomaly detectors

Security analysis of control system anomaly detectors

Multistage Downstream Attack Detection in a Cyber Physical System

Adversarial Gaussian Process Regression in Sensor Networks

Contact Info

Product

Resources

About