Attack and Fault Identification in Electric Power Control Systems: An Approach to Improve the Security

Coutinho, Maurílio Pereira; Lambert‐Torres, Germano; Silva, L.E.B. da; Silva, J.G.B. da; Neto, J. Cabral; Bortoni, Edson C.; Lazarek, Horst

doi:10.1109/pct.2007.4538300

Cited by 4 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their algorithm is compared with a relatively simple one which adopts static thresholds on a dataset coming from the SWIM-BOX s 1 which includes various types of parameters such as syscall errors, signals, and scheduling time of processes. An interesting work is presented in [20] where the emphasis is placed on identifying and discriminating attacks and faults under the scope of improving the security of Electric Power Control Systems. The methodology is based on a set of rules discovered by using the Rough Sets Classification Algorithm.…”

Section: The Case Of Critical Infrastructuresmentioning

confidence: 99%

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Ntalampiras¹,

Soupionis²,

Giannopoulos³

2015

Reliability Engineering & System Safety

View full text Add to dashboard Cite

Modern society depends on the smooth functioning of critical infrastructures which provide services of fundamental importance, e.g. telecommunications and water supply. These infrastructures may suffer from faults/malfunctions coming e.g. from aging effects or they may even comprise targets of terrorist attacks. Prompt detection and accommodation of these situations is of paramount significance. This paper proposes a probabilistic modeling scheme for analyzing malicious events appearing in interdependent critical infrastructures. The proposed scheme is based on modeling the relationship between datastreams coming from two network nodes by means of a hidden Markov model (HMM) trained on the parameters of linear time-invariant dynamic systems which estimate the relationships existing among the specific nodes over consecutive time windows. Our study includes an energy network (IEEE 30 model bus) operated via a telecommunications infrastructure. The relationships among the elements of the network of infrastructures are represented by an HMM and the novel data is categorized according to its distance (computed in the probabilistic space) from the training ones. We considered two types of cyber-attacks (denial of service and integrity/replay) and report encouraging results in terms of false positive rate, false negative rate and detection delay

show abstract

Section: The Case Of Critical Infrastructuresmentioning

confidence: 99%

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Ntalampiras¹,

Soupionis²,

Giannopoulos³

2015

Reliability Engineering & System Safety

View full text Add to dashboard Cite

show abstract

“…We argue that this adversary capability highlights a requirement for additional sensors [2,6,20] to provide different points of view in order to detect anomalies [21]. This requirement is underscored by the introduction of sophisticated control processes that rely on multivariate controls and, hence, require more complex forms of supervision [19].…”

Section: Related Workmentioning

confidence: 99%

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

McEvoy¹,

Wolthusen²

2010

Critical Infrastructure Protection IV

View full text Add to dashboard Cite

Modern process control systems are increasingly vulnerable to subversion. Attacks that directly target production processes are difficult to detect because signature-based approaches are not well-suited to the unique requirements of process control systems. Also, anomaly detection mechanisms have difficulty coping with the non-linearity of industrial processes. This paper focuses on the problem where attackers gain supervisory control of systems and hide their manipulations in signal noise or conceal computational states. To detect these attacks, we identify suitable proxy measurements for the output of a control system. Utilizing control laws, we compare the estimated system output using real-time numerical simulation along with the actual output to detect attacker manipulations. This approach also helps determine the intervention required to return the process to a safe state. The approach is demonstrated using a heat exchange process as a case study. By employing an explicit control model rather than a learning system or anomaly detection approach, the minimal requirements on proxy sensors and the need for additional sensors can be characterized. This significantly improves resilience while minimizing cost.

show abstract

“…While protocol analysis may signal anomalies as proposed by Coutinho, et al [2], a skilled adversary can issue apparently authentic commands [18] using legitimate protocols. Analysis may be extended using state estimation techniques, but should not be applied naïvely [10,16], especially in non-linear environments such as those encountered in the biochemical industry [6].…”

Section: Introductionmentioning

confidence: 99%

A Plant-Wide Industrial Process Control Security Problem

McEvoy

Wolthusen

2011

Critical Infrastructure Protection V

View full text Add to dashboard Cite

Industrial control systems are a vital part of the critical infrastructure.The potentially large impact of a failure makes them attractive targets for adversaries. Unfortunately, simplistic approaches to intrusion detection using protocol analysis or naïve statistical estimation techniques are inadequate in the face of skilled adversaries who can hide their presence with the appearance of legitimate actions. This paper describes an approach for identifying malicious activity that involves the use of a path authentication mechanism in combination with state estimation for anomaly detection. The approach provides the ability to reason conjointly over computational structures, and operations and physical states. The well-known Tennessee Eastman reference problem is used to illustrate the efficacy of the approach.

show abstract

Attack and Fault Identification in Electric Power Control Systems: An Approach to Improve the Security

Cited by 4 publications

References 14 publications

A fault diagnosis system for interdependent critical infrastructures based on HMMs

A fault diagnosis system for interdependent critical infrastructures based on HMMs

Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes

A Plant-Wide Industrial Process Control Security Problem

Contact Info

Product

Resources

About