Modeling And Detecting Anomalies In Scada Systems

Svendsen, Nils Kalstad; Wolthusen, Stephen D.

doi:10.1007/978-0-387-88523-0_8

Cited by 11 publications

(9 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The predictable nature of SCADA traffic can be leveraged to detect system anomalies [5,21,24]. However, a knowledgeable attacker can seize the advantage by manipulating computational states or utilizing signal noise to obfuscate attacks that would otherwise be recognized [4,20,21].…”

Section: Related Workmentioning

confidence: 99%

“…We argue that this adversary capability highlights a requirement for additional sensors [2,6,20] to provide different points of view in order to detect anomalies [21]. This requirement is underscored by the introduction of sophisticated control processes that rely on multivariate controls and, hence, require more complex forms of supervision [19].…”

Section: Related Workmentioning

confidence: 99%

“…In previous work [20], we showed that simple statistical anomaly detection can be bypassed by a knowledgeable attacker, underscoring the need for a multisensor approach to detection. We, therefore, proposed a novel approach that analyzes process correlations using additional sensors [15].…”

Section: Introductionmentioning

confidence: 95%

See 2 more Smart Citations

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

McEvoy¹,

Wolthusen²

2010

Critical Infrastructure Protection IV

Self Cite

View full text Add to dashboard Cite

Modern process control systems are increasingly vulnerable to subversion. Attacks that directly target production processes are difficult to detect because signature-based approaches are not well-suited to the unique requirements of process control systems. Also, anomaly detection mechanisms have difficulty coping with the non-linearity of industrial processes. This paper focuses on the problem where attackers gain supervisory control of systems and hide their manipulations in signal noise or conceal computational states. To detect these attacks, we identify suitable proxy measurements for the output of a control system. Utilizing control laws, we compare the estimated system output using real-time numerical simulation along with the actual output to detect attacker manipulations. This approach also helps determine the intervention required to return the process to a safe state. The approach is demonstrated using a heat exchange process as a case study. By employing an explicit control model rather than a learning system or anomaly detection approach, the minimal requirements on proxy sensors and the need for additional sensors can be characterized. This significantly improves resilience while minimizing cost.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

McEvoy¹,

Wolthusen²

2010

Critical Infrastructure Protection IV

Self Cite

View full text Add to dashboard Cite

show abstract

“…Here, we mainly focus on the anomaly detection topic in the cyber-physical security of SCADA. Actually, several effective anomaly detection methods have already been proposed in the anomaly detection area such as system modeling [15][16][17][18][19][20] and data-based analysis [20][21][22][23][24][25], which should always accept a compromise in the modeling uncertainty and data complexity. Besides model-based and coupled data-based intrusion detection, some intrinsic properties of SCADA are considered in detection.…”

Section: Introductionmentioning

confidence: 99%

Risk Data Analysis Based Anomaly Detection of Ship Information System

et al. 2018

View full text Add to dashboard Cite

Due to the vulnerability and high risk of the ship environment, the Ship Information System (SIS) should provide 24 hours of uninterrupted protection against network attacks. Therefore, the corresponding intrusion detection mechanism is proposed for this situation. Based on the collaborative control structure of SIS, this paper proposes an anomaly detection pattern based on risk data analysis. An intrusion detection method based on the critical state is proposed, and the corresponding analysis algorithm is given. In the Industrial State Modeling Language (ISML), risk data are determined by all relevant data, even in different subsystems. In order to verify the attack recognition effect of the intrusion detection mechanism, this paper takes the course/roll collaborative control task as an example to carry out simulation verification of the effectiveness of the intrusion detection mechanism.

show abstract

“…A second approach is to model the normal data flows and control operations within the S.C.A.D.A system to detect anomalies caused by attempts to change or damage the system. This has the advantage that it can detect unknown attacks and the action of malicious insiders, but unless it is handled carefully it can generate a lot of false alarms [13].…”

Section: Introductionmentioning

confidence: 99%

Monitoring approach of Supervisory Control and Data Acquisition downloadable data files for “mission — critical” situations detection

Boca

Croitoru

Rîșteiu

2010

2010 IEEE International Conference on Automation, Quality and Testing, Robotics (AQTR)

View full text Add to dashboard Cite

The present paper describes some issues in working with large data files downloaded from Supervisory Control and Data Acquisition (S.C.A.D.A) systems. The data files management was possible by implementing two high level software applications. The first high level application converts and extracts relevant data from different types of very large S.C.A.D.A downloaded files -Microsoft Excel files format into Microsoft Access Databases (MBD), containing hundreds of million of records. The second high level application displays a two dimensional graph for sensor values on a specified period of time.In this way we can observe the sensor evolution and closely monitoring some possible "mission -critical" situations which can badly disturb the functionality of the entire system.

show abstract

Modeling And Detecting Anomalies In Scada Systems

Cited by 11 publications

References 22 publications

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

Risk Data Analysis Based Anomaly Detection of Ship Information System

Monitoring approach of Supervisory Control and Data Acquisition downloadable data files for “mission — critical” situations detection

Contact Info

Product

Resources

About

Modeling And Detecting Anomalies In Scada Systems

Cited by 11 publications

References 22 publications

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

Risk Data Analysis Based Anomaly Detection of Ship Information System

Monitoring approach of Supervisory Control and Data Acquisition downloadable data files for &#x201C;mission &#x2014; critical&#x201D; situations detection

Contact Info

Product

Resources

About

Monitoring approach of Supervisory Control and Data Acquisition downloadable data files for “mission — critical” situations detection