Using Physical Models for Anomaly Detection in Control Systems. / Svendsen, Nils; Wolthusen, Stephen D.

Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Springer-Verlag, 2009. p. 139-149.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Using Physical Models for Anomaly Detection in Control Systems. / Svendsen, Nils; Wolthusen, Stephen D.

Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Springer-Verlag, 2009. p. 139-149.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Svendsen, N & Wolthusen, SD 2009, Using Physical Models for Anomaly Detection in Control Systems. in Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Springer-Verlag, pp. 139-149. https://doi.org/10.1007/978-3-642-04798-5_10

APA

Svendsen, N., & Wolthusen, S. D. (2009). Using Physical Models for Anomaly Detection in Control Systems. In Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (pp. 139-149). Springer-Verlag. https://doi.org/10.1007/978-3-642-04798-5_10

Vancouver

Svendsen N, Wolthusen SD. Using Physical Models for Anomaly Detection in Control Systems. In Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Springer-Verlag. 2009. p. 139-149 https://doi.org/10.1007/978-3-642-04798-5_10

Author

Svendsen, Nils ; Wolthusen, Stephen D. / Using Physical Models for Anomaly Detection in Control Systems. Critical Infrastructure Protection III: Proc. Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection. Springer-Verlag, 2009. pp. 139-149

BibTeX

@inproceedings{7e89d53a72ac4508813314076c55dc0f,
title = "Using Physical Models for Anomaly Detection in Control Systems",
abstract = "Supervisory control and data acquisition (SCADA) systems are increasingly used to operate critical infrastructure assets. However, the inclusion of advanced information technology and communications components and elaborate control strategies in SCADA systems increase the threat surface for external and subversion-type attacks. The problems are exacerbated by site-specific properties of SCADA environments that make subversion detection impractical; and by sensor noise and feedback characteristics that degrade conventional anomaly detection systems. Moreover, potential attack mechanisms are ill-defined and may include both physical and logical aspects.This paper employs an explicit model of a SCADA system in order to reduce the uncertainty inherent in anomaly detection. Detection is enhanced by incorporating feedback loops in the model. The effectiveness of the approach is demonstrated using a model of a hydroelectric power plant for which several attack vectors are described.",
author = "Nils Svendsen and Wolthusen, {Stephen D.}",
year = "2009",
month = mar,
day = "23",
doi = "10.1007/978-3-642-04798-5_10",
language = "English",
isbn = "978-3-642-04798-5",
pages = "139--149",
booktitle = "Critical Infrastructure Protection III",
publisher = "Springer-Verlag",

}

RIS

TY - GEN

T1 - Using Physical Models for Anomaly Detection in Control Systems

AU - Svendsen, Nils

AU - Wolthusen, Stephen D.

PY - 2009/3/23

Y1 - 2009/3/23

N2 - Supervisory control and data acquisition (SCADA) systems are increasingly used to operate critical infrastructure assets. However, the inclusion of advanced information technology and communications components and elaborate control strategies in SCADA systems increase the threat surface for external and subversion-type attacks. The problems are exacerbated by site-specific properties of SCADA environments that make subversion detection impractical; and by sensor noise and feedback characteristics that degrade conventional anomaly detection systems. Moreover, potential attack mechanisms are ill-defined and may include both physical and logical aspects.This paper employs an explicit model of a SCADA system in order to reduce the uncertainty inherent in anomaly detection. Detection is enhanced by incorporating feedback loops in the model. The effectiveness of the approach is demonstrated using a model of a hydroelectric power plant for which several attack vectors are described.

AB - Supervisory control and data acquisition (SCADA) systems are increasingly used to operate critical infrastructure assets. However, the inclusion of advanced information technology and communications components and elaborate control strategies in SCADA systems increase the threat surface for external and subversion-type attacks. The problems are exacerbated by site-specific properties of SCADA environments that make subversion detection impractical; and by sensor noise and feedback characteristics that degrade conventional anomaly detection systems. Moreover, potential attack mechanisms are ill-defined and may include both physical and logical aspects.This paper employs an explicit model of a SCADA system in order to reduce the uncertainty inherent in anomaly detection. Detection is enhanced by incorporating feedback loops in the model. The effectiveness of the approach is demonstrated using a model of a hydroelectric power plant for which several attack vectors are described.

U2 - 10.1007/978-3-642-04798-5_10

DO - 10.1007/978-3-642-04798-5_10

M3 - Conference contribution

SN - 978-3-642-04798-5

SP - 139

EP - 149

BT - Critical Infrastructure Protection III

PB - Springer-Verlag

ER -