Abstract
Recent research on intrusion detection in supervisory data acquisition and control (SCADA) and DCS systems has focused on anomaly detection at protocol level based on the well-defined nature of traffic on such networks. Here, we consider attacks which compromise sensors or actuators (including physical manipulation), where intrusion may not be readily apparent as data and computational states can be controlled to give an appearance of normality, and sensor and control systems have limited accuracy. To counter these, we propose to consider indirect relations between sensor readings to detect such attacks through concurrent observations as determined by control laws and constraints.
We use a brewery bulk and fill pasteurizer as a specimen for biochemical processes. We motivate our approach by considering possible attacks and means of detection. Here we rely on the existence of non-linear relationships which allow us to attach a greater significance to small differences in sensor readings than would otherwise be the case and demonstrate the insufficiency of existing sensor placement and measurement frequency to detect such attacks.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Creery, A., Byrnes, E.J.: Industrial Cybersecurity for Power System and SCADA Networks. In: Proceedings of the 52nd Annual Petroleum and Chemical Industry Conference, Denver, CO, USA, pp. 303–309. IEEE Press, Los Alamitos (2005)
Coutinho, M.P., Lambert-Torres, G., da Silva, L.E.B., da Silva, J.G.B., Neto, J.C., Bortoni, E., Lazarek, H.: Attack and Fault Identification in Electric Power Control Systems: An Approach to Improve the Security. In: Proceedings of Power Tech 2007, Lausanne, Switzerland, pp. 103–107. IEEE Press, Los Alamitos (2007)
Verba, J., Milvich, M.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: Proceedings of the 2008 IEEE Conference on Technologies for Homeland Security, Waltham, MA, USA, pp. 469–473. IEEE Press, Los Alamitos (2008)
Svendsen, N.K., Wolthusen, S.D.: Modeling and Detection of Anomalies in Critical Infrastructure Networks. In: Papa, M., Shenoi, S. (eds.) Proceedings of the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Critical Infrastructure Protection II, Arlington, VA, USA, pp. 101–107. Springer, Heidelberg (2008)
Watts, D.: Security & Vulnerability in Electric Power Systems. In: Proceedings of the 35 North American Power Symposium (NAPS 2003), Rolla, MO, USA, October 2003, pp. 559–566 (2003)
Motta Pires, P.S., Oliveira, L.A.H.G.: Security Aspects of SCADA and Corporate Network Interconnection: An Overview. In: Proceedings of the 2006 International Conference on Dependability of Computer Systems (DepCos – RELCOMEX 2006), Szklarska Proeba, Poland, pp. 127–134. IEEE Press, Los Alamitos (2006)
Krutz, R.L.: Securing SCADA Systems. John Wiley & Sons, New York (2006)
Byres, E., Hoffman, D.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. Technical report, Department of Computer Science, University of Victoria, Victoria, BC, Canada (April 2004)
Gamez, D., Nadjm-Tehrani, S., Bigham, J., Balducelli, C., Burbeck, K., Chyssler, T.: Safeguarding Critical Infrastructures. In: Dependable Computing Systems: Paradigms, Performance Issues, and Applications, New York, NY, USA. John Wiley & Sons, Chichester (2005)
Yang, D., Usynin, A., Hines, J.W.: Anomaly-Based Intrusion Detection for SCADA Systmes. Technical report, Department of Nuclear Engineering, University of Tennessee, Knoxville, TN, USA (September 2006)
Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using Model-based Intrusion Detection for SCADA Networks. In: Proceedings of the SCADA Security Scientific Symposium, Miami Beach, FL, USA, January 2007, pp. 127–134 (2007)
Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA Systems with Anomaly Detection. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 171–182. Springer, Heidelberg (2003)
Schlesser, J.E., Armstrong, D.J., Cinar, A., Ramanauskas, P., Negiz, A.: Automated Control and Monitoring of Thermal Processing Using High Temperature, Short Time Pasteurization. Journal of Dairy Science 80(10), 2291–2296 (1997)
Wang, X.R., Lizier, J.T., Obst, O., Prokopenko, M., Wang, P.: Spatiotemporal Anomaly Detection in Gas Monitoring Sensor Networks. In: Verdone, R. (ed.) EWSN 2008. LNCS, vol. 4913, pp. 90–105. Springer, Heidelberg (2008)
Pearl, J.: Causality: Models, Reasoning, and Inference. Cambridge University Press, Cambridge (2000)
McEvoy, T.R., Wolthusen, S.D.: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Environments. In: Proceedings of IT Incident Management and IT Forensics (IMF 2008), Mannheim, Germany. Lecture Notes in Informatics, vol. 140, pp. 55–72. GI (2008)
Mouss, H., Mouss, D., Mouss, N., Sefouhi, L.: Test of Page-Hinckley: An Approach for Fault Detection in an Agro-Alimentary Production System. In: Proceedings of the 5th Asian Control Conference, Melbourne, Australia, vol. 2, pp. 815–818. IEEE Press, Los Alamitos (2004)
Qin, S.J., Badgwell, T.A.: An Overview of Nonlinear Model Predictive Control. In: Nnolinear Model Predictive Control, Boston, MA, USA. Birkhäuser, Basel (2000)
Zhao, Y., Zhou, S., Li, L.: Dynamic Characteristics Modeling of a Heat Exchanger Using Neural Network. In: Proceedings of the First International Conference on Intelligent Networks and Intelligent Systems (ICINIS 2008), Wuhan, China, pp. 13–18. IEEE Press, Los Alamitos (2008)
Jalili-Kharaajoo, M., Araabi, B.N.: Neural Network Based Predictive Control of a Heat Exchanger Nonlinear Process. Istanbul University Journal of Electrical & Electronics Engineering 4(2), 1219–1226 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
McEvoy, T.R., Wolthusen, S.D. (2010). Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems. In: Rome, E., Bloomfield, R. (eds) Critical Information Infrastructures Security. CRITIS 2009. Lecture Notes in Computer Science, vol 6027. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14379-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-14379-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14378-6
Online ISBN: 978-3-642-14379-3
eBook Packages: Computer ScienceComputer Science (R0)