A control‐switching approach for cyberattack detection in process systems with minimal false alarms

Narasimhan, Shilpa; El‐Farra, Nael H.; Ellis, Matthew J.

doi:10.1002/aic.17875

Cited by 12 publications

(9 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, detection of some attacks may be possible when the detection scheme uses the residual to monitor the process; however, these attacks may go undetected when the detection scheme uses the measured output. This realization motivated the formulation of a generalized monitoring variable in [13,14] which may be expressed in terms of the measured and estimated outputs as:…”

Section: Commonly Used Monitoring Variables Include the Measured Outputmentioning

confidence: 99%

“…As a result, the detectability of such attacks may be influenced by the stability of the closed-loop process under an attack. In prior works [13,15], we presented a control mode switching-enabled attack detection method for the detection of multiplicative sensor-controller link FDI attacks. We considered processes under steady-state operation, when the augmented state and the monitoring variable are bounded within the minimum invariant set and the terminal set, respectively.…”

Section: Control Mode Switching For Cyberattack Detectionmentioning

confidence: 99%

“…Due to the interconnected nature of a cyber-physical system like a PCS, a comprehensive solution to enhancing the cybersecurity of PCSs may involve adopting a multi-faceted approach that involves both information technology-based and operational technologybased approaches. The approaches proposed in the literature broadly include those that reinforce information technology-based infrastructure (e.g., firewalls [3] and network design-based approaches [4,5]), approaches that involve cybersecure architecture design (e.g., [6]), approaches for process equipment design to mitigate adverse impacts of a cyberattack (e.g., [7,8]), and the design of operational technology (OT)-based approaches for detecting, identifying, and successfully recovering from an ongoing cyberattack [6,[9][10][11][12][13][14][15][16][17][18][19][20].…”

Section: Introductionmentioning

confidence: 99%

“…Multiplicative FDI attacks alter the value of process variables over the PCS network using a multiplicative factor. These attacks can be designed to evade detection without requiring extensive process knowledge, and the design of approaches for their detection has received some attention in the literature [13,15,16,[23][24][25].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Narasimhan,

Ellis,

El-Farra

2024

Processes

Self Cite

View full text Add to dashboard Cite

A fundamental problem at the intersection of process control and operations is the design of detection schemes monitoring a process for cyberattacks using operational data. Multiplicative false data injection (FDI) attacks modify operational data with a multiplicative factor and could be designed to be detection evading without in-depth process knowledge. In a prior work, we presented a control mode switching strategy that enhances the detection of multiplicative FDI attacks in processes operating at steady state (when process states evolve within a small neighborhood of the steady state). Control mode switching on the attack-free process at steady-state may induce transients and generate false alarms in the detection scheme. To minimize false alarms, we subsequently developed a control mode switch-scheduling condition for processes with an invertible output matrix. In the current work, we utilize a reachable set-based detection scheme and use randomized control mode switches to augment attack detection capabilities. The detection scheme eliminates potential false alarms occurring from control mode switching, even for processes with a non-invertible output matrix, while the randomized switching helps bolster the confidentiality of the switching schedule, preventing the design of a detection-evading “smart” attack. We present two simulation examples to illustrate attack detection without false alarms, and the merits of randomized switching (compared with scheduled switching) for the detection of a smart attack.

show abstract

Section: Commonly Used Monitoring Variables Include the Measured Outputmentioning

confidence: 99%

Section: Control Mode Switching For Cyberattack Detectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Narasimhan,

Ellis,

El-Farra

2024

Processes

Self Cite

View full text Add to dashboard Cite

show abstract

“…To balance the above trade‐off, in reference 23, a framework for active attack detection using the controller parameter switching of reference 22 was developed, where one set of controller parameters corresponds to conventional controller design criteria, while the other set of controller parameters maximizes cyberattack detectability. Due to the possibility of controller parameter switching leading to excitement of the process, leading to false alarms, reference 24 proposed a switching condition to reduce the triggering of false alarms. Based on our review of the literature on encrypted MPC, to the best of our knowledge, the use of encryption in nonlinear MPC has not been addressed in the systems engineering literature, which warrants the construction of such a framework.…”

Section: Introductionmentioning

confidence: 99%

Encrypted model predictive control design for security to cyberattacks

et al. 2023

View full text Add to dashboard Cite

In recent years, cyber‐security of networked control systems has become crucial, as these systems are vulnerable to targeted cyberattacks that compromise the stability, integrity, and safety of these systems. In this work, secure and private communication links are established between sensor–controller and controller–actuator elements using semi‐homomorphic encryption to ensure cyber‐security in model predictive control (MPC) of nonlinear systems. Specifically, Paillier cryptosystem is implemented for encryption‐decryption operations in the communication links. Cryptosystems, in general, work on a subset of integers. As a direct consequence of this nature of encryption algorithms, quantization errors arise in the closed‐loop MPC of nonlinear systems. Thus, the closed‐loop encrypted MPC is designed with a certain degree of robustness to the quantization errors. Furthermore, the trade‐off between the accuracy of the encrypted MPC and the computational cost is discussed. Finally, two chemical process examples are employed to demonstrate the implementation of the proposed encrypted MPC design.

show abstract

Encrypted decentralized model predictive control of nonlinear processes with delays

Kadakia,

Alnajdi,

Abdullah

et al. 2023

Chemical Engineering Research and Design

View full text Add to dashboard Cite

A control‐switching approach for cyberattack detection in process systems with minimal false alarms

Cited by 12 publications

References 32 publications

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Encrypted model predictive control design for security to cyberattacks

Encrypted decentralized model predictive control of nonlinear processes with delays

Contact Info

Product

Resources

About