Abstract
Supervisory control and data acquisition (SCADA) systems are increasingly used to operate critical infrastructure assets. However, the inclusion of advanced information technology and communications components and elaborate control strategies in SCADA systems increase the threat surface for external and subversion-type attacks. The problems are exacerbated by site-specific properties of SCADA environments that make subversion detection impractical; and by sensor noise and feedback characteristics that degrade conventional anomaly detection systems. Moreover, potential attack mechanisms are ill-defined and may include both physical and logical aspects.
This paper employs an explicit model of a SCADA system in order to reduce the uncertainty inherent in anomaly detection. Detection is enhanced by incorporating feedback loops in the model. The effectiveness of the approach is demonstrated using a model of a hydroelectric power plant for which several attack vectors are described.
Chapter PDF
Similar content being viewed by others
References
J. Bigham, D. Gamez and N. Lu, Safeguarding SCADA systems with anomaly detection, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, pp. 171–182, 2003.
S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, K. Skinner and A. Valdes, Using model-based intrusion detection for SCADA networks, Proceedings of the SCADA Security Scientific Symposium, 2007.
E. de Jaeger, N. Janssens, B. Malfliet and B. van de Meulebroeke, Hydro turbine model for system dynamics studies, IEEE Transactions on Power Systems, vol. 9(4), pp. 1709–1715, 1994.
J. Edmonds, M. Papa and S. Shenoi, Security analysis of multilayer SCADA protocols, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 205–221, 2007.
I. Eker, The design of robust multi-loop cascaded hydro governors, Engineering with Computers, vol. 20(1), pp. 45–53, 2004.
C. Gonzalez-Perez and B. Wollenberg, Analysis of massive measurement loss in large-scale power system state estimation, IEEE Transactions on Power Systems, vol. 16(4), pp. 825–832, 2001.
L. Grigsby (Ed.), Electric Power Engineering Handbook, CRC Press, Boca Raton, Florida, 2007.
IEEE, IEEE Standard 1249-1996: IEEE Guide for Computer-Based Control for Hydroelectric Power Plant Automation, Piscataway, New Jersey, 1996.
IEEE, IEEE Standard 1010-2006: IEEE Guide for Control of Hydroelectric Power Plants, Piscataway, New Jersey, 2006.
P. Isasi, J. Molina-Lopez and A. Sanchis de Miguel, Unsupervised neural network for forecasting alarms in a hydroelectric power plant, Proceedings of the International Conference on Artificial and Natural Neural Networks, pp. 1298–1306, 1997.
E. Johansson, T. Sommestad and M. Ekstedt, Security issues for SCADA systems within power distribution, Proceedings of the Nordic Distribution and Asset Management Conference, 2008.
A. Kjolle, Hydropower in Norway: Mechanical Equipment, Technical Report, Norwegian University of Science and Technology, Trondheim, Norway, 2001.
National Security Telecommunications Advisory Committee, Electric Power Risk Assessment, Technical Report, Washington, DC, 1997.
C. Nicolet, P. Allenbach, J. Simond and F. Avellan, Modeling and numerical simulation of a complete hydroelectric production site, Proceedings of the IEEE Lausanne Power Tech Conference, pp. 1044–1048, 2007.
P. Oman, A. Krings, D. Conte de Leon and J. Alves-Foss, Analyzing the security and survivability of real-time control systems, Proceedings of the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 342–349, 2004.
P. Oman and M. Phillips, Intrusion detection and event monitoring in SCADA networks, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 161–173, 2007.
T. Short, Electric Power Distribution Handbook, CRC Press, Boca Raton, Florida, 2004.
S. Skogestad and I. Postlethwaite, Multivariable Feedback Control: Analysis and Design, Wiley, Chichester, United Kingdom, 2005.
N. Svendsen and S. Wolthusen, Modeling and detecting anomalies in SCADA systems, in Critical Infrastructure II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 101–113, 2008.
A. Tijsseling, Fluid-structure interaction in liquid-filled pipe systems, Journal of Fluids and Structures, vol. 10(2), pp. 109–146, 1996.
A. Tijsseling, Water hammer with fluid-structure interaction in thick-walled pipes, Computers and Structures, vol. 85 (11-14), pp. 844–851, 2007.
A. Valdes and S. Cheung, Intrusion monitoring in process control systems, Proceedings of the Forty-Second Hawaii International Conference on System Sciences, pp. 1–7, 2009.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Svendsen, N., Wolthusen, S. (2009). Using Physical Models for Anomaly Detection in Control Systems. In: Palmer, C., Shenoi, S. (eds) Critical Infrastructure Protection III. ICCIP 2009. IFIP Advances in Information and Communication Technology, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04798-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-04798-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04797-8
Online ISBN: 978-3-642-04798-5
eBook Packages: Computer ScienceComputer Science (R0)