Survey and New Directions for Physics-Based Attack Detection in Control Systems

Abstract

Monitoring the " physics " of control systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements in order to identify potentially false control commands or false sensor readings. In this paper, we review previous work based on a unified taxonomy that allows us to identify limitations, unexplored challenges, and new solutions. In particular, we propose a new adversary model and a way to compare previous work with a new evaluation metric based on the trade-off between false alarms and the negative impact of undetected attacks. We also show the advantages and disadvantages of three experimental scenarios to test the performance of attacks and defenses: real-world network data captured from a large-scale operational facility, a fully-functional testbed that can be used operationally for water treatment, and a simulation of frequency control in the power grid.

Showing 1-10 of 100 references

February) Wireshark Network Protocol Analyzer

  • 2016

Covert misappropriation of networked control systems: Presenting a feedback structure

  • 2015

Cyberphysical security in networked control systems [about this issue

  • How
  • 2015

False data injection attacks for a class of output tracking control systems

  • F Hou, Z Pang, Y Zhou, D Sun
  • 2015

November) Pandas: Python Data Analysis Library

  • 2015

November) Python Language. Version 2.7.10. [Online]. Available: https://docs.python

  • 2015

November) Python bindings for libnetfilter queue. [Online]. Available: https://github.com/fqrouter/python-netfilterqueue

  • 2015

November) Scapy Packet Manupulation Program. Version 2.3.1. [Online]

  • 2015