Detecting stealthy attacks against industrial control systems based on residual skewness analysis

Hu, Yan; Li, Hong; Yang, Hong; Sun, Yan; Sun, Limin; Wang, Zhiliang

doi:10.1186/s13638-019-1389-1

Cited by 32 publications

(21 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… failure detector to detect replay attack, while (Hu et al 2019). proposed a residual based detection approach by using skewness analysis of the residual signal.…”

Section: ˆ()mentioning

confidence: 99%

See 1 more Smart Citation

A brief review on attack design and detection strategies for networked cyber-physical systems

Ayas

2021

Turkish Journal of Engineering

View full text Add to dashboard Cite

Networked cyber-physical system Cyber-security Attack design Attack detection Control-theoretic CPS Networked cyber-physical systems (NCPSs) can be found in various fields such as industrial process, robotics, smart buildings, energy, healthcare systems, transportation, and surveillance. Recently accomplished real-time attacks indicate security vulnerabilities that weaken the reliability of NCPSs. Research areas on the security of NCPSs can be categorized into two groups: from the perspective of information security, from the perspective of control theory. In this paper, first possible attack locations on the control scheme of a NCPS which can be divided into three different groups namely sensor side, actuator side, and state estimator side are discussed and then a brief survey containing some recent studies on security strategies for NCPSs from the perspective of control theory is presented. After that attack detection strategies for a NCPS are briefly introduced and a general architecture utilized for attack detection on a NCPS is presented. In addition, some of recent studies on attack detection strategies for NCPSs from the perspective of control theory are discussed.

show abstract

“… failure detector to detect replay attack, while (Hu et al 2019). proposed a residual based detection approach by using skewness analysis of the residual signal.…”

Section: ˆ()mentioning

confidence: 99%

“…Numerical experiments were carried out by using IEEE 9, 14, 30, 118, and 300-bus systems to verify the proposed defense framework. (Hu et al 2019) focused on detection of stealthy attacks on CPSs. They proposed a residual based detection approach by using skewness analysis of the residual signal.…”

Section: ˆ()mentioning

confidence: 99%

A brief review on attack design and detection strategies for networked cyber-physical systems

Ayas

2021

Turkish Journal of Engineering

View full text Add to dashboard Cite

show abstract

“…A majority of these works propose a method to CPSs attack detection using double closed-loop security control structure [12] or design an anomaly detection approach based on zone partition for the Industrial CPSs [13]. Hu et al [14], propose a detection technique against stealthy attacks that can keep themselves undetected by following the expected behaviour of the system closely. Some consider a coding method for the sensor outputs to detect stealthy false data injection attacks [15].…”

Section: Related Workmentioning

confidence: 99%

Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems

Kabiri

Chavoshi

2019

2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)

View full text Add to dashboard Cite

Nowadays, physical health of equipment controlled by Cyber-Physical Systems (CPS) is a significant concern. This paper reports a work, in which, a hardware is placed between Programmable Logic Controller (PLC) and the actuator as a solution. The proposed hardware operates in two conditions, i.e. passive and active. Operation of the proposed solution is based on the repetitive operational profile of the actuators. The normal operational profile of the actuator is fed to the protective hardware and is considered as the normal operating condition. In the normal operating condition, the middleware operates in its passive mode and simply monitors electronic signals passing between PLC and Actuator. In case of any malicious operation, the proposed hardware operates in its active mode and both slowly stops the actuator and sends an alert to SCADA server initiating execution of the actuator's emergency profile. Thus, the proposed hardware gains control over the actuator and prevents any physical damage on the operating devices. Two sample experiments are reported in which, results of implementing the proposed solution are reported and assessed. Results show that once the PLC sends incorrect data to actuator, the proposed hardware detects it as an anomaly. Therefore, it does not allow the PLC to send incorrect and unauthorized data pattern to its actuator. Significance of the paper is in introducing a solution to prevent destruction of physical devices apart from source or purpose of the encountered anomaly and apart from CPS functionality or PLC model and operation.

show abstract

“…[15][16][17] An important part of the cyberattack resiliency of PCSs is the ability to detect the presence of a cyberattack, and many detection schemes have been proposed. [15][16][17][18][19][20][21][22][23][24][25][26] Attack detection schemes may be broadly classified as either passive or active. Passive detection schemes monitor a process using regular operational data.…”

Section: Introductionmentioning

confidence: 99%

A control‐switching approach for cyberattack detection in process systems with minimal false alarms

2022

View full text Add to dashboard Cite

The frequency of cyberattacks against process control systems has increased in recent years. This work considers multiplicative false‐data injection attacks involving the multiplication of the data communicated over the sensor‐controller communication link by a factor. An active detection method utilizing switching between two control modes is developed to balance the trade‐off between closed‐loop performance and attack detectability. Under the first mode, the control parameters are selected using traditional control design criteria. Under the second mode, the control parameters are selected to enhance the attack detection capability. A switching condition is imposed to prevent false alarms that could be triggered by the transient response induced by control mode switching. This condition is incorporated into the active detection method to minimize false alarms. The active detection method is applied to illustrative process examples to demonstrate its ability to detect attacks and minimize false alarms.

show abstract

Detecting stealthy attacks against industrial control systems based on residual skewness analysis

Cited by 32 publications

References 44 publications

A brief review on attack design and detection strategies for networked cyber-physical systems

A brief review on attack design and detection strategies for networked cyber-physical systems

Destructive Attacks Detection and Response System for Physical Devices in Cyber-Physical Systems

A control‐switching approach for cyberattack detection in process systems with minimal false alarms

Contact Info

Product

Resources

About