Abstract
Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-automaton, serve as reference attacks. A potentially large set of attacks is then created by systematically applying the mutation operators to each reference attack. In a case study, SCM was applied to a timed-automata model of a water treatment plant to assess its effectiveness in testing a distributed anomaly detector. Results attest to the value of SCM in identifying weaknesses in an anomaly detector, prior to its deployment, and improving its effectiveness in detecting process anomalies.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
