Abstract
Industrial Control System (ICS) can suffer of cyber-physical attacks resulting in accident, damage, or financial loss. The attacks can be detected in both in physical space or cyberspace of the ICS. The detection in physical space can be based on physical models of the system. To model the physical system this study uses a data-driven modeling approach as an alternative of the analytic one. This study models the system using the dynamic mode decomposition method with control (DMDc) assuming a full state measurement. The attack detector used in some researches with predictive physical models is the cumulative sum (CUSUM), which only applies to normally distribute residual data. To detect any cyber-physical attack, this research uses a nonparametric exponentially weighted moving average (EWMA) detector. This study uses a data set from a testbed of Secure Water Treatment (SWaT). The approach used in this study was successful in detecting 8 out of 10 attacks on the first SWaT subsystem. This study demonstrates that DMDc used in this study results a better goodness of fit and the nonparametric EWMA can be used as an alternative as detector when residual data do not follow a normal distribution.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
