Statistical detection and isolation of cyber-physical attacks on SCADA systems

Long, Van

doi:10.1109/iecon.2017.8216596

Cited by 8 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber attacks are classified in two general groups [10]- [12]: i) denial-of-service (DoS); and ii) integrity attacks. The main purpose of DoS attacks is to deny access to sensor or actuator information; mathematical models for these kind of attacks are summarized in [13]. Integrity attacks are characterized by the modification of sensor and/or actuator information, compromising their integrity.…”

Section: Introductionmentioning

confidence: 99%

Mitigating Sensor Attacks Against Industrial Control Systems

2019

View full text Add to dashboard Cite

This paper describes how to design and implement a mechanism that helps to mitigate sensor attacks on industrial control systems. The proposed architecture is based on concepts from fault-tolerant control techniques. This short note explains how a Kalman filter can be used simultaneously with optimal disturbance decoupling observers to improve the performance of the mitigation mechanism for sensor attacks in cyber-physical control systems. Our proposal mitigates attacks by generating a signal that compensates the change provoked by the attacker, while at the same time reducing the number of false alarms. We demonstrate the effectiveness of our proposal using a three tanks control simulation.INDEX TERMS Cyber-physical control systems, industrial control systems, secure control, sensor attacks mitigation.LUIS F. CÓMBITA received the B.S. degree in electronics engineering from Universidad Distrital, Bogotá, Colombia, in 1992, and the M.S. degree in electrical engineering from the Universidad de los Andes, Bogotá, Colombia, in 2002, where he is currently pursuing the Ph.D. degree.He joined the Engineering Faculty, Universidad Distrital Francisco José de Caldas, Bogotá, as an Auxiliar Professor, in 1997, where he is currently an Assistant Professor. His current research interests include cyber-physical systems security, modelling and simulation of dynamical systems, and industrial control systems.

show abstract

Section: Introductionmentioning

confidence: 99%

Mitigating Sensor Attacks Against Industrial Control Systems

2019

View full text Add to dashboard Cite

show abstract

“…If we denote this desired tolerance as , the only required change in the algorithm is to replace the threshold ( In this section, we present an application of our algorithm for cybersecurity. We focus here on industrial control systems, comprising a physical process controlled by programmable logic controllers with sensors and actuators to monitor and affect its physical components [8]. These systems are at the core of many critical infrastructures and can be high-value targets for attackers.…”

Section: A Methods Descriptionmentioning

confidence: 99%

Asymptotic Random Distortion Testing and Application to Change-in-Mean Detection

Ansel

Pastor

Cuppens

et al. 2021

2020 10th International Symposium on Signal, Image, Video and Communications (ISIVC)

View full text Add to dashboard Cite

We introduce an extension of the Random Distortion Testing (RDT) framework which allows its use when the noise variance is estimated. This asymptotic extension, named AsympRDT, shows that we asymptotically retain the level of the RDT test as the estimate of the noise variance converges to its real value. The validity of this approach is justified through both theoretical and simulation results. We make use of AsympRDT to develop a change-in-mean detection method for time series. It features three parameters: the size of the processed blocks, the maximum desired false alarm rate and a tolerance. We then show a use-case for this method in cybersecurity for Industrial Control Systems (ICS) as part of an anomaly and cyberattack detection system, where it can be used for segmenting signals and learning normal behaviors.Index Terms-Random Distortion Testing, Change point detection, anomaly detection, time series analysis, cybersecurityThis work was done at the chair Cyber CNI with support of the FEDER development fund of the Brittany region.

show abstract

“…Where: 𝑥 𝑘 ∈ ℝ 𝑛 is the process states; 𝑦 𝑘 ∈ ℝ 𝑚 is the sensor's output signal; 𝜔 𝑘 ∈ ℝ 𝑛 , 𝜔 𝑘 ∼ 𝑁(0, 𝑄) is white noise acted on state variable; 𝑣 𝑘 ∈ ℝ 𝑚 , 𝑣 𝑘 ∼ 𝑁(0, 𝑅) is gaussian noise, white noise that acted on sensors; 𝑅 > 0; 𝑄 ≥ 0 are covariance matrices of white noise; 𝑥 ̂𝑘 − , 𝑥 ̃𝑘 are estimations of the remote estimator's state when not assaulted and having assaulted , respectively; 𝐴 ∈ ℝ 𝑛×𝑛 , 𝐶 ∈ ℝ 𝑚×𝑚 are system matrices; 𝑃 ̄ is the estimation of the covariance at steady state; 𝑘 ∈ 𝑁 is the index of each variable. When having not attacked, it is easy to write the estimation of sensor output bias as in (2) [5], [17].…”

Section: Linear Attack K-l Cusum and Chi-squared Detection Algorithmsmentioning

confidence: 99%

The ability to detect the linear attack of WL-CUSUM and FMA algorithms

Nguyen

Le²,

Cung³

2023

Bulletin EEI

View full text Add to dashboard Cite

The problem of detecting linear attacks on industrial systems is presented in this paper. The object is attacked by linear attack is the wireless communication process from sensors to controller with simulated mathematical model (stochastic dynamical systems and random noises). The attack matrices are calculated to ensure that Kullback-Leiber (K-L) algorithm is passed. With these matrices, the window limited cumulative SUM (WL-CUSUM) algorithm and finite moving average (FMA) algorithm are utilized to detect the changes in the sequence of residuals generated from Kalman filter method and are appreciated the ability to detect the linear attack. The simulated results show that an appropriate range of threshold of the WL-CUSUM and FMA algorithm can be chosen to detect the linear attack in case the K-L method cannot detect. Moreover, tested results using the Monte Carlo simulation also show that the evaluation performance of the FMA detection algorithm is better than that of WL-CUSUM, CUSUM, and Chi-squared (Chi2).

show abstract

Statistical detection and isolation of cyber-physical attacks on SCADA systems

Cited by 8 publications

References 12 publications

Mitigating Sensor Attacks Against Industrial Control Systems

Mitigating Sensor Attacks Against Industrial Control Systems

Asymptotic Random Distortion Testing and Application to Change-in-Mean Detection

The ability to detect the linear attack of WL-CUSUM and FMA algorithms

Contact Info

Product

Resources

About