Abstract
Cyber-physical systems (CPSs) have dependability requirements that are associated with controlling a physical process. Cyber-attacks can result in those requirements not being met. Consequently, it is important to monitor a CPS in order to identify deviations from normal operation. A major challenge is inferring the cause of these deviations in a trustworthy manner. This is necessary to support the implementation of correct and timely control decisions, in order to mitigate cyber-attacks and other causes of reduced dependability. This paper presents evidential networks as a solution to this problem. Through the evaluation of a representative use case for cyber-physical control systems, this paper shows novel approaches to integrate low-level sensors of different types, in particular those for cyber-attack detection, and reliabilities into evidential networks. The results presented indicate that evidential networks can identify system states with an accuracy that is comparable to approaches that use classical Bayesian probabilities to describe causality. However, in addition, evidential networks provide information about the uncertainty of a derived system state, which is a significant benefit, as it can be used to build trust in the results of automatic reasoning systems.
Highlights
As cyber-physical systems (CPS), such as the smart grid, rely increasingly on information and communication technology (ICT) the effects of cyber-attacks can directly influence the operation of physical processes
The results show that some claims in the related work lead to high false positive rates and inaccurate detection when multiple system states are considered; something that this work improves upon
The accuracy of the presented evidential network is compared to a reasoning approach based on classical Bayesian probabilities
Summary
As cyber-physical systems (CPS), such as the smart grid, rely increasingly on information and communication technology (ICT) the effects of cyber-attacks can directly influence the operation of physical processes. Intrusion detection systems (IDS) and other cyber-security sensors have to be analyzed and combined with sensor information from the physical domain, in order to distinguish different states Another problem is that different types of sensors provide different data, they operate with different reliability. This work discusses the use of evidential networks to accurately infer all types of system states ( cyberattacks) by reasoning about sensor evidence from the cybersecurity domain and the physical system. This is a necessity for operators and control algorithms that ensure dependable operation under the threat of cyber-attacks in CPS. Evidential networks provide additional information about the level of trust that should be placed in the results through the remaining uncertainty
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
