Abstract

Prompt online detection of anomalies induced by malicious attacks enhances the efficacy of real-time operation and mitigation of attack, an indispensable part of any cyber-physical system (CPS) management. This article proposes a novel online rapid detection scheme that continuously monitors the data packet stream and infers the sequence of probability distributions, estimated as histograms, and alerts when a change in the histogram is detected, reporting both the attack as well as an estimate of its instant of commencement. A statistical data-driven attack model is proposed and employed that is general enough to represent two ubiquitous types of attacks on CPS: 1) replay and 2) bias-injection. The proposed detection framework relies on the fact that CPSs possess well-defined dynamics that are affected by quasistationary noise, which allows the histogram sequences of the system data packets to converge (to different distributions under the presence of the attack versus the absence of attack). The proposed online scheme detects an attack, and estimates the attack commencement time by relying on the computed distance between real-time estimated histogram versus apriori learned nominal histogram. Our formulation further sheds light on two different attack initiation-time-based subcases, “early” (attack starts before sufficient data of nominal behavior was collected to allow its histogram sequence to be closer to its nominal value) versus “late.” The designed algorithm of our scheme has linear time complexities in the dimension of data packets and algorithm parameters, which makes it suited for rapid detection. The proposed algorithm is implemented and validated on two real supervisory control and data acquisition system datasets, where a low detection delay demonstrates the effectiveness of the scheme.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.