Towards a unified approach to detection of faults and cyber-attacks in industrial installations

Kościelny, Jan Maciej; Syfert, Michał; Ordys, Andrzej; Wnuk, Paweł; Możaryn, Jakub; Fajdek, Bartłomiej; Puig, Vicenç; Kukiełka, K.

doi:10.23919/ecc54610.2021.9655212

Cited by 8 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ability to differentiate between cyber-faults and process faults is a crucial issue that warrants further examination. The CPA method presented in this article can be compared with a methodology and example described in [6], where cyberattack detection was conducted utilizing algorithms designed to detect and isolate process faults based on the analysis of residuals (Fault Isolation System-FIS). In instances of cyberattacks, the identification of diagnostic signal patterns for individual scenarios can prove to be a challenging task.…”

Section: Resultsmentioning

confidence: 99%

“…In instances of cyberattacks, the identification of diagnostic signal patterns for individual scenarios can prove to be a challenging task. Therefore, various extensions have been proposed to address this: multiple symptom assessment, symptom onset timing, and symptom sequence [6]. In such cases, the main advantage of the CPA method is its simplicity, as it requires signal analysis only without prior identification of the cause-effect relationships, complicated modelling, and residual analysis, as in the case of FIS extensions.…”

Section: Resultsmentioning

confidence: 99%

“…Until recently, the issues of detecting anomalies were carried out independently as Intrusion Detection Systems (IDS) in case of cyberattacks (security) or Advanced Diagnostic Systems (ADS) in case of technical faults (safety). However, cyberattacks in the ICS can currently be seen as an anomaly generator [6]. Considering the industrial process specificity, process model, and controller performance, the ADS should be equipped with the methods to detect and distinguish cyberattacks and process faults in OT infrastructure, thus working in parallel and exchanging information with IDS [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

et al. 2023

View full text Add to dashboard Cite

This paper aims to study the workflow of the detection centre of stealthy attacks on industrial installations that generate an increase in energy consumption. Such long-lasting, undetected attacks on industrial facilities make production more expensive and less competitive or damage the installation in the long term. We present the concept of the remote detection system of cyberattacks directed at maliciously changing the controlled variable in an industrial process air conditioning system. The monitored signals are gathered at the PLC-controlled installation and sent to the remote detection system, where the discrepancies of signals are analysed based on the Control Performance Assessment indices. The results of performed tests prove the legitimacy of the adopted approach.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

et al. 2023

View full text Add to dashboard Cite

show abstract

“…28 In related work, a unified approach was developed to detect faults and cyberattacks in industrial installations. 29 Comprehensive comparisons and review of various FDD techniques can be found in several sources. [30][31][32][33][34] However, despite significant contributions, most of the existing review articles do not focus much on the relationships among FDD, RA, and ASM.…”

Section: Overview Of Fault Diagnosis and Ra Methods In Literaturementioning

confidence: 99%

Multivariate alarm systems to recognize rare unpostulated abnormal events

Sudarshan,

Seider,

Patel

et al. 2023

AIChE Journal

View full text Add to dashboard Cite

Most chemical and manufacturing plants have safety/reliability systems in place that are well equipped to handle commonly occurring postulated abnormal events, but often prove to be ineffective in predicting highly unanticipated and randomly occurring unpostulated abnormal events. In this paper, an advisory system is developed to analyze and recognize such events, consisting of novel, multivariate alarm systems and response actions introduced using process modeling and path‐sampling for unpostulated abnormal events. It augments existing safety/reliability systems, suggesting actions when unanticipated abnormal events are approached. Forward‐flux sampling (FFS), developed to discover rare molecular dynamics pathways, is applied. With an approximate process model, for an exothermic continuous‐stirred tank reactor using a perturbed feed concentration, the FFS algorithm is applied to identify rare trajectories between high‐conversion and low‐conversion steady‐states, with key process variables saved at various “crossing points.” Then, committer probabilities, , are computed at each crossing point, yielding a mathematical model that expresses as a function of the key process variables; that is, the reactor temperature (T), cooling‐water flow rate (), and cooling‐water temperature (), selected as choices for the primary alarm variables. For these, alarm thresholds; that is, L—low, LL—low low, and LLL—low low low, are suggested by computing their critical ranges, given the ranges for every alarm threshold.

show abstract

“…Until recently, the issues of detecting anomalies were carried out independently as Intrusion Detection Systems (IDS) in case of cyberattacks (security) or Advanced Diagnostic Systems (ADS) in case of technical faults (safety). However, cyber-attacks in the ICS can currently be seen as an anomaly generator [6]. Considering the industrial process specificity, process model and controller performance, the ADS should be equipped with the methods to detect and distinguish cyberattacks and process faults in OT infrastructure, thus working in parallel and exchanging information with IDS [7].…”

Section: Introductionmentioning

confidence: 99%

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

Możaryn¹,

Fratczak²,

Stebel³

et al. 2022

Preprint

View full text Add to dashboard Cite

The paper aims to study the workflow of the detection center of stealthy attacks on industrial installations that generate increase in energy consumption while avoiding triggering fault detection and damaging the installation. Such long-lasting attacks on industrial facilities make production more expensive and less competitive. We present the concept of the remote detection system of cyberattacks directed at maliciously changing the controlled variable in an industrial process air conditioning system. The monitored signals are gathered at the PLC-controlled installation and sent to the remote detection system, where the discrepancies of signals are analyzed based on the Control Performance Assessment indices. The results of performed tests prove the legitimacy of the adopted approach.

show abstract

Towards a unified approach to detection of faults and cyber-attacks in industrial installations

Cited by 8 publications

References 16 publications

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

Multivariate alarm systems to recognize rare unpostulated abnormal events

Stealthy Cyberattacks Detection Based on Control Performance Assessment Methods for the Air Conditioning Industrial Installation

Contact Info

Product

Resources

About