Using Physical Models for Anomaly Detection in Control Systems

Svendsen, Nils Kalstad; Wolthusen, Stephen D.

doi:10.1007/978-3-642-04798-5_10

Cited by 13 publications

(8 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such attacks have been discussed extensively [4,5,6]. Detective strategies based on protocol analysis, or statistical signal analysis by themselves can be shown to have weaknesses in uncovering such attacks [7], particularly in the face of an adversary with the ability to subvert network nodes in the system [3]. Hence conjoint reasoning over both communication and control functionality, making use of advanced state estimation techniques, is necessary to detect such attacks [2] [8].…”

Section: Related Workmentioning

confidence: 99%

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

McEvoy

Wolthusen

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Supervisory control and data acquisition (SCADA) systems form a vital part of the critical infrastructure. Such systems are subject to sophisticated attacks by subverted processes which can manipulate message content or forge authentic messages, undermining the action of the plant, whilst hiding the effects from operators. In this paper, we propose a novel network protocol which, using techniques related to IP Traceback, enables the efficient discovery of subverted nodes, assuming an initial detection event. We discuss its advantages over previous techniques in this area and provide a formal model.

show abstract

Section: Related Workmentioning

confidence: 99%

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

McEvoy

Wolthusen

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Physical-level ADSs can be divided into two main groups: ADSs where it is necessary to model the physical process [59,60] or ADSs that do not need a specific model for the physical process [61,62]. Few proposals combine data from both levels [63,64].…”

Section: Anomaly Detection Systemsmentioning

confidence: 99%

“…might be present. There are several examples of IN ADSs that leverage field-level data [59][60][61][62]. This data can come from logs on a control server, direct process measurements, and simulated data or can be scattered across different hosts or devices.…”

Section: Scopementioning

confidence: 99%

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Iturbe

Garitano

Zurutuza

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Industrial Networks (INs) are widespread environments where heterogeneous devices collaborate to control and monitor physical processes. Some of the controlled processes belong to Critical Infrastructures (CIs), and, as such, IN protection is an active research field. Among different types of security solutions, IN Anomaly Detection Systems (ADSs) have received wide attention from the scientific community. While INs have grown in size and in complexity, requiring the development of novel, Big Data solutions for data processing, IN ADSs have not evolved at the same pace. In parallel, the development of Big Data frameworks such as Hadoop or Spark has led the way for applying Big Data Analytics to the field of cyber-security, mainly focusing on the Information Technology (IT) domain. However, due to the particularities of INs, it is not feasible to directly apply IT security mechanisms in INs, as IN ADSs face unique characteristics. In this work we introduce three main contributions. First, we survey the area of Big Data ADSs that could be applicable to INs and compare the surveyed works. Second, we develop a novel taxonomy to classify existing IN-based ADSs. And, finally, we present a discussion of open problems in the field of Big Data ADSs for INs that can lead to further development.

show abstract

“…We begin by mentioning the work of Svendsen and Wolthusen [11] that use an explicit model of a SCADA system for anomaly detection. The detection process is enhanced by using feedback control theory to predict future values and ultimately detect physical anomalies in the system.…”

Section: Related Workmentioning

confidence: 99%

Theory of evidence-based automated decision making in cyber-physical systems

Siaterlis

Genge

2011

2011 IEEE International Conference on Smart Measurements of Future Grids (SMFG) Proceedings

View full text Add to dashboard Cite

Abstract-The Smart Grid is a complex cyber-physical system that is evolving rapidly from a relatively isolated to an open and diverse environment. Within this context, enhancing the security of the future Smart Grid becomes a major priority. In this paper we introduce the use of data fusion for automated decision making in cyber-physical systems such as the Smart Grid. One of the most important applications of decision making is in the field of anomaly detection. This can enable the detection of attacks in cyber-physical systems without requiring a complete description of the physical process. The novelty of our approach is that it combines reports of various cyber and physical sensors, rather than focusing on either one single metric, or one singe realm, as was the case of similar techniques. Based on the proposed architecture we implement a new cyber-physical anomaly detection system. We show that data fusion is much more effective if it combines both cyber and physical realms, rather than focusing on the two realms separately.

show abstract

Using Physical Models for Anomaly Detection in Control Systems

Cited by 13 publications

References 12 publications

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

Defeating Node Based Attacks on SCADA Systems Using Probabilistic Packet Observation

Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends

Theory of evidence-based automated decision making in cyber-physical systems

Contact Info

Product

Resources

About