Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Abhishek Chaudhary,Junseo Han,Seongah Kim,Aram Kim,Sunoh Choi

DOI: https://doi.org/10.3390/electronics13224428

IF: 2.9

2024-11-13

Electronics

Abstract:Industries are increasingly adopting digital systems to improve control and accessibility by providing real-time monitoring and early alerts for potential issues. While digital transformation fuels exponential growth, it exposes these industries to cyberattacks. For critical sectors such as nuclear power plants, a cyberattack not only risks damaging the facility but also endangers human lives. In today's digital world, enormous amounts of data are generated, and the analysis of these data can help ensure effectiveness, including security. In this study, we analyzed the data using a deep learning model for early detection of abnormal behavior. We first examined the Asherah Nuclear Power Plant simulator by initiating three different cyberattacks, each targeting a different system, thereby collecting and analyzing data from the simulator. Second, a Bi-LSTM model was used to detect anomalies in the simulator, which detected it before the plant's protection system was activated in response to a threat. Finally, we applied explainable AI (XAI) to acquire insight into how distinctive features contribute to the detection of anomalies. XAI provides valuable explanations of model behavior by revealing how specific features influence anomaly detection during attacks. This research proposes an effective anomaly detection technique and interpretability to better understand counter-cyber threats in critical industries, such as nuclear plants.

engineering, electrical & electronic,computer science, information systems,physics, applied

Ruochen Zhou,Zhiyun Wang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9347104

2020-01-01

Abstract:Programmable logic controller (PLC) is one of the critical infrastructure in industrial control system, which is therefore vulnerable to a variety of cyber-attacks. To mitigate this issue, we design an anomaly detection system, a novel non-invasive intrusion detection method for PLC. Our system utilizes the magnetic side-channel information around the power supply module of PLC and analyzes the running status rely on the fact that different programs will result in various magnetic characteristic. We design a classification algorithm which can extract representational features from the raw signal, as well as avoid the interference of environmental noise. To validate the idea, we design 3 types of attacks and implement on the prototype of thermal power plant in laboratory. The evaluation shows our system is feasible to detect attacks and achieve an overall detection accuracy above 90%.

Gauthama Raman,Aditya Mathur

DOI: https://doi.org/10.3390/electronics13122267

IF: 2.9

2024-06-10

Electronics

Abstract:Accurate detection of process anomalies is crucial for maintaining reliable operations in critical infrastructures such as water treatment plants. Traditional methods for creating anomaly detection systems in these facilities typically focus on either design-based strategies, which encompass physical and engineering aspects, or on data-driven models that utilize machine learning to interpret complex data patterns. Challenges in creating these detectors arise from factors such as dynamic operating conditions, lack of design knowledge, and the complex interdependencies among heterogeneous components. This paper proposes a novel fusion detector that combines the strengths of both design-based and machine learning approaches for accurate detection of process anomalies. The proposed methodology was implemented in an operational secure water treatment (SWaT) testbed, and its performance evaluated during the Critical Infrastructure Security Showdown (CISS) 2022 event. A comparative analysis against four commercially available anomaly detection systems that participated in the CISS 2022 event revealed that our fusion detector successfully detected 19 out of 22 attacks, demonstrating high accuracy with a low rate of false positives.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yu-jun Xiao,Wen-yuan Xu,Zhen-hua Jia,Zhuo-ran Ma,Dong-lian Qi

DOI: https://doi.org/10.1631/fitee.1601540

2017-01-01

Abstract:Industrial control systems (ICSs) are widely used in critical infrastructures, making them popular targets for attacks to cause catastrophic physical damage. As one of the most critical components in ICSs, the programmable logic controller (PLC) controls the actuators directly. A PLC executing a malicious program can cause significant property loss or even casualties. The number of attacks targeted at PLCs has increased noticeably over the last few years, exposing the vulnerability of the PLC and the importance of PLC protection. Unfortunately, PLCs cannot be protected by traditional intrusion detection systems or antivirus software. Thus, an effective method for PLC protection is yet to be designed. Motivated by these concerns, we propose a non-invasive powerbased anomaly detection scheme for PLCs. The basic idea is to detect malicious software execution in a PLC through analyzing its power consumption, which is measured by inserting a shunt resistor in series with the CPU in a PLC while it is executing instructions. To analyze the power measurements, we extract a discriminative feature set from the power trace, and then train a long short-term memory (LSTM) neural network with the features of normal samples to predict the next time step of a normal sample. Finally, an abnormal sample is identified through comparing the predicted sample and the actual sample. The advantages of our method are that it requires no software modification on the original system and is able to detect unknown attacks effectively. The method is evaluated on a lab testbed, and for a trojan attack whose difference from the normal program is around 0.63%, the detection accuracy reaches 99.83%.

Omer Sen,Mehdi Akbari Gurabi,Milan Deruelle,Andreas Ulbig,Stefan Decker

2024-12-06

Abstract:The shift to smart grids has made electrical power systems more vulnerable to sophisticated cyber threats. To protect these systems, holistic security measures that encompass preventive, detective, and reactive components are required, even with encrypted data. However, traditional intrusion detection methods struggle with encrypted traffic, our research focuses on the low-level communication layers of encrypted power grid systems to identify irregular patterns using statistics and machine learning. Our results indicate that a harmonic security concept based on encrypted traffic and anomaly detection is promising for smart grid security; however, further research is necessary to improve detection accuracy.

Cryptography and Security

Jan von der Assen,Chao Feng,Alberto Huertas Celdrán,Róbert Oleš,Gérôme Bovet,Burkhard Stiller

2024-01-31

Abstract:Although ransomware has received broad attention in media and research, this evolving threat vector still poses a systematic threat. Related literature has explored their detection using various approaches leveraging Machine and Deep Learning. While these approaches are effective in detecting malware, they do not answer how to use this intelligence to protect against threats, raising concerns about their applicability in a hostile environment. Solutions that focus on mitigation rarely explore how to prevent and not just alert or halt its execution, especially when considering Linux-based samples. This paper presents GuardFS, a file system-based approach to investigate the integration of detection and mitigation of ransomware. Using a bespoke overlay file system, data is extracted before files are accessed. Models trained on this data are used by three novel defense configurations that obfuscate, delay, or track access to the file system. The experiments on GuardFS test the configurations in a reactive setting. The results demonstrate that although data loss cannot be completely prevented, it can be significantly reduced. Usability and performance analysis demonstrate that the defense effectiveness of the configurations relates to their impact on resource consumption and usability.

Cryptography and Security

Dheyaaldin Alsalman

DOI: https://doi.org/10.1109/access.2024.3359033

IF: 3.9

2024-02-03

IEEE Access

Abstract:Anomaly detection is a critical aspect of various applications, including security, healthcare, and network monitoring. In this study, we introduce FusionNet, an innovative ensemble model that combines the strengths of multiple machine learning algorithms, namely Random Forest, K-Nearest Neighbors, Support Vector Machine, and Multi-Layer Perceptron, for enhanced anomaly detection. FusionNet's architecture leverages the diversity of these algorithms to achieve high accuracy and precision. We evaluate FusionNet's performance on two distinct datasets, Dataset 1 and Dataset 2, and compare it with traditional machine learning models, including SVM, KNN, and RF. The results demonstrate that FusionNet consistently outperforms these models across both datasets in terms of accuracy, precision, recall, and F1 score. On Dataset 1, FusionNet achieves an accuracy of 98.5% and on Dataset 2, it attains an accuracy of 99.5%. FusionNet's remarkable ability to detect anomalies with exceptional accuracy underscores its potential for real-world applications. This study highlights the significance of FusionNet as a robust model for anomaly detection and provides insights into its superior performance over traditional models. The results emphasize the promising prospects of FusionNet in security, healthcare, and other domains where accurate anomaly detection is crucial.

computer science, information systems,telecommunications,engineering, electrical & electronic

Suman Sourav,Partha P. Biswas,Vyshnavi Mohanraj,Binbin Chen,Daisuke Mashima

DOI: https://doi.org/10.48550/arXiv.2302.05949

2023-02-12

Cryptography and Security

Abstract:Electrical substations are becoming more prone to cyber-attacks due to increasing digitalization. Prevailing defense measures based on cyber rules are often inadequate to detect attacks that use legitimate-looking measurements. In this work, we design and implement a bad data detection solution for electrical substations called ResiGate, that effectively combines a physics-based approach and a machine-learning-based approach to provide substantial speed-up in high-throughput substation communication scenarios, while still maintaining high detection accuracy and confidence. While many existing physics-based schemes are designed for deployment in control centers (due to their high computational requirement), ResiGate is designed as a security appliance that can be deployed on low-cost industrial computers at the edge of the smart grid so that it can detect local substation-level attacks in a timely manner. A key challenge for this is to continuously run the computationally demanding physics-based analysis to monitor the measurement data frequently transmitted in a typical substation. To provide high throughput without sacrificing accuracy, ResiGate uses machine learning to effectively filter out most of the non-suspicious (normal) data and thereby reducing the overall computational load, allowing efficient performance even with a high volume of network traffic. We implement ResiGate on a low-cost industrial computer and our experiments confirm that ResiGate can detect attacks with zero error while sustaining a high throughput.

Xuelei Wang,Colin Fidge,Ghavameddin Nourbakhsh,Ernest Foo,Zahra Jadidi,Calvin Li

DOI: https://doi.org/10.1109/access.2022.3142022

IF: 3.9

2022-01-01

IEEE Access

Abstract:In recent decades, cyber security issues in IEC 61850-compliant substation automation systems (SASs) have become growing concerns. Many researchers have developed various strategies to detect malicious behaviours of SASs during the system operational stage, such as anomaly-based detection. However, most existing anomaly-based detection methods identify an abnormal behaviour by checking every single network packet without any association. These traditional methods cannot effectively detect “stealthy” attacks which modify legitimate messages slightly while imitating patterns of benign behaviours. In this paper, we present feature selection and extraction methods to generalise and summarise critical features when detecting insider attacks triggering from untrusted control devices within SASs. By applying a sliding window-based sequential classification mechanism, our detection method can detect anomalies across multiple devices without the need to learn datasets collected from all devices. Firstly, to generalise critical features and summarise systems’ behaviours so that it is unnecessary to collect all datasets, we selected and extracted six critical network features from generic object-oriented substation events (GOOSE) messages and seven summarised physical features based on the general architecture of the primary plant of distribution substations. After that, to improve detection accuracy and reduce computational costs, we applied sliding window algorithms to divide datasets into different overlapped window-based snippets. Then we applied a sequential classification model based on Bidirectional Long Short-Term Memory networks to train and test those datasets. As a result, our method can detect insider attacks across multiple devices accurately with a false-negative rate of less than 1%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fan Zhang,Jamie B. Coble

DOI: https://doi.org/10.1016/j.pnucene.2020.103446

IF: 2.461

2020-10-01

Progress in Nuclear Energy

Abstract:Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramatically over recent years. Therefore, one of the most significant challenges that digital I&C systems bring is the issue of cybersecurity, which should be enhanced before their deployment.Several different types of cyber-attacks can be introduced to NPPs; a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down.To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point, and the PWR simulator was utilized to simulate the nuclear system and response for parameters outside of the SG. Three false data injection attacks were conducted towards the testbed to generate the data needed for the localized kit development and evaluation. The results show the cyber-attack detection model is effective under false data injection scenarios and the inference model is promising as a signal reconstruction method.

nuclear science & technology

Abiodun Ayodeji,Antonio Di Buono,Iestyn Pierce,Hafiz Ahmed

DOI: https://doi.org/10.1016/j.nucengdes.2024.113277

IF: 1.7

2024-05-06

Nuclear Engineering and Design

Abstract:Global interest in advanced reactors has been reignited by recent investments in small modular reactors and micro-reactor design. The use of digital devices is essential for meeting the size and modularity requirements of small modular reactor controls. By fully digitizing the small modular reactor control systems, critical information can be obtained to optimize control, reduce costs, and extend the reactor's lifetime. However, the potential for cyber-attacks on digital devices leaves digital control systems vulnerable. To address this risk, this study presents a novel wavy-attention network for sensor attack detection in nuclear plants. The wavy-attention network comprises stacks of batch-normalized, dilated, one-dimensional convolution neural networks, and sequential self-attention modules, superior to conventional single-layer networks on sequence classification tasks. To evaluate the proposed wavy-attention network architecture, the International Atomic Energy Agency's Asherah Nuclear Simulator and a false data injection toolbox found in the literature, both implemented in MATLAB/SIMULINK, are utilized. This approach leverages changes in process measurements to identify and classify cyber-attacks on priority signals using the proposed wavy-attention network. Three false data injection attacks are simulated on the simulator's pressure, temperature, and level sensors to obtain representative process measurements. The wavy-attention network is trained and validated with normal and compromised process variables obtained from the simulator. The performance of the wavy-attention network to discriminate between the reactor states using the test set shows 99% accuracy, as opposed to other baseline models such as vanilla convolution neural networks, long short-term memory networks, and bi-directional long short-term memory networks with 90%, 77%, and 91% accuracy, respectively. An ablation study is also conducted to test the contribution of each component of the proposed architecture. The theoretical framework of the proposed wavy-attention network and its implementation for nuclear reactor digital sensor attack detection are discussed in this paper.

nuclear science & technology

K. Gokulraj,C. B. Venkatramanan

DOI: https://doi.org/10.1080/15325008.2024.2346790

IF: 1.276

2024-05-09

Electric Power Components and Systems

Abstract:In a landscape dominated by the digitalization of energy networks, safeguarding cyber-physical microgrids and against breaches anomalies emerges as a critical imperative. This study pioneers inventive methodologies for Intelligent Detection of Intrusions and Anomalies in Inverter-centric Cyber-Physical Microgrids, leveraging state-of-the-art machine learning paradigms. Using the combined power of LSTM and Convolutional Neural Networks, our suggested approach finds breaches and aberrations in microgrid structures with remarkable accuracy and efficiency. Additionally, we integrate the effectiveness of Gradient Boosting Machines to enhance the overall detection capabilities. Experimental findings underscore the efficacy of our machine learning-driven approach, with CNN achieving a precision of 95%, recall of 92%, and F1-score of 93% in intrusion detection, while LSTM attains a precision of 93%, recall of 91%, and F1-score of 92% in anomaly identification. Furthermore, GBM contributes to achieving an overall efficiency of 96%. Our approach not only bolsters microgrid resilience but also lays the foundation for a secure energy future. In an increasingly interconnected world, the integration of these sophisticated techniques not only bolsters microgrid resilience but also lays the foundation for a secure energy future. By embracing innovation at the convergence of machine learning and energy systems, we stride toward fortified and dependable cyber-physical microgrids.

engineering, electrical & electronic

Lixia Hu,Ya Liu,Wei Qiu

DOI: https://doi.org/10.1155/2022/6391750

2022-09-21

Abstract:Cyber-attacks on specialized industrial control systems are increasing in frequency and sophistication, which means stronger countermeasures need to be implemented, requiring the designers of the equipment in question to re-evaluate and redefine their methods for actively protecting against advanced mass cyber-attacks. The attacks in question have huge motivations, ranging from corporate espionage to political targets, but in any case, they have a substantial financial impact and severe real-world implications. It should also be said that it is challenging to defend against cyber threats because a single point of entry can be enough to destroy an entire organization or put it out of business. This paper examines threats to the digital security of vibration monitoring systems used in petroleum infrastructure protection services, such as pipelines, pumps, and tank farms, where malicious interventions can cause explosions, fires, or toxic releases, with incalculable economic and environmental consequences. Specifically, a deep spiking neural network anomaly detection method is presented, which models the spike sequences and the internal presentation mechanisms of the information to discover with very high accuracy anomalies in vibration analysis systems used in oil infrastructure protection services. This is achieved by simulating the complex structures of the human brain and the way neural information is processed and transmitted. This work uses a particularly innovative form of the Galves-Löcherbach Spiking Model (GLSM) [1], which is a spiking neural network model with intrinsic stochasticity, ideal for modeling complex spatiotemporal situations, which is enhanced with possibilities of exploiting confidence intervals by modeling optimally stochastic variable-length memory chains that have a finite state space.

Basem AL-Madani,Ahmad Shawahna,Mohammad Qureshi

DOI: https://doi.org/10.48550/arXiv.1911.05692

2019-11-02

Abstract:Industrial Control Networks (ICN) such as Supervisory Control and Data Acquisition (SCADA) systems are widely used in industries for monitoring and controlling physical processes. These industries include power generation and supply, gas and oil production and delivery, water and waste management, telecommunication and transport facilities. The integration of internet exposes these systems to cyber threats. The consequences of compromised ICN are determine for a country economic and functional sustainability. Therefore, enforcing security and ensuring correctness operation became one of the biggest concerns for Industrial Control Systems (ICS), and need to be addressed. In this paper, we propose an anomaly detection approach for ICN using the physical properties of the system. We have developed operational baseline of electricity generation process and reduced the feature set using greedy and genetic feature selection algorithms. The classification is done based on Support Vector Machine (SVM), k-Nearest Neighbor (k-NN), and C4.5 decision tree with the help from the inter-arrival curves. The results show that the proposed approach successfully detects anomalies with a high degree of accuracy. In addition, they proved that SVM and C4.5 produces accurate results even for high sensitivity attacks when they used with the inter-arrival curves. As compared to this, k-NN is unable to produce good results for low and medium sensitivity attacks test cases.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Systems and Control

Sangdo Lee,Jun-Ho Huh,Yonghoon Kim

DOI: https://doi.org/10.3390/electronics9091467

IF: 2.9

2020-09-08

Electronics

Abstract:The Republic of Korea also suffered direct and indirect damages from the Fukushima nuclear accident in Japan and realized the significance of security due to the cyber-threat to the Republic of Korea Hydro and Nuclear Power Co., Ltd. With such matters in mind, this study sought to suggest a measure for improving security in the nuclear power plant. Based on overseas cyber-attack cases and attacking scenario on the control facility of the nuclear power plant, the study designed and proposed a nuclear power plant control network traffic analysis system that satisfies the security requirements and in-depth defense strategy. To enhance the security of the nuclear power plant, the study collected data such as internet provided to the control facilities, network traffic of intranet, and security equipment events and compared and verified them with machine learning analysis. After measuring the accuracy and time, the study proposed the most suitable analysis algorithm for the power plant in order to realize power plant security that facilitates real-time detection and response in the event of a cyber-attack. In this paper, we learned how to apply data for multiple servers and apply various security information as data in the security application using logs, and match with regard to application of character data such as file names. We improved by applying gender, and we converted to continuous data by resetting based on the risk of non-continuous data, and two optimization algorithms were applied to solve the problem of overfitting. Therefore, we think that there will be a contribution in the connection experiment of the data decision part and the optimization algorithm to learn the security data.

engineering, electrical & electronic,computer science, information systems,physics, applied

Andrea Pinto,Luis-Carlos Herrera,Yezid Donoso,Jairo A. Gutierrez

DOI: https://doi.org/10.1007/s44196-024-00644-z

IF: 2.259

2024-09-11

International Journal of Computational Intelligence Systems

Abstract:Traditional security detection methods face challenges in identifying zero-day attacks in critical infrastructures (CIs) integrated with the industrial internet of things (IIoT). These attacks exploit unknown vulnerabilities and are difficult to detect due to their connection to physical systems. The integration of legacy ICS networks with modern computing and networking technologies has significantly expanded the attack surface, making these systems more susceptible to cyber-attacks. Despite existing security measures, attackers continually find ways to breach these operating networks. Anomaly detection systems are critical in protecting these CIs from current cyber threats. This study investigates the effectiveness of unsupervised anomaly detection models in detecting operational anomalies that could lead to cyber-attacks, thereby disrupting and negatively impacting quality of life. We preprocess the data with a focus on cybersecurity and chose the SWAT dataset because it accurately represents the types of attack vectors that critical infrastructures commonly encounter. We evaluated the performance of isolation forest (IF), local outlier factor (LOF), one-class SVM (OCSVM), and Autoencoder algorithms—trained exclusively on normal data—in enhancing cybersecurity within IIoT environments. Our comprehensive analysis includes an assessment of each model's detection capabilities. The findings highlight the VAE-LSTM model's potential to identify cyber-attacks within seconds in a high-frequency dataset, suggesting near real-time detection capability. The final model combines the reconstruction ability of the variational autoencoder (VAE) with regularization using the Kullback–Leibler divergence, reflecting the non-Gaussian nature of industrial system data. Our model successfully detected 23 out of 26 attack scenarios in the SWAT dataset, demonstrating its effectiveness in improving the security of IIoT-based CIs.

computer science, artificial intelligence, interdisciplinary applications

Abhijeet Sahu,Katherine Davis

DOI: https://doi.org/10.3390/s22062100

2022-03-09

Abstract:False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster-Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector's performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

Hussam Tarazi,Sara Sutton,John Olinjyk,Benjamin Bond,Julian Rrushi

DOI: https://doi.org/10.1016/j.ijcip.2024.100660

IF: 3.683

2024-01-20

International Journal of Critical Infrastructure Protection

Abstract:The security of cyber–physical systems (CPS) presents new challenges stemming from computations that work primarily with live physics data. Although there is a body of previous research on detection of malware on CPS, more effective designs are needed to address limitations such mimicry attacks and other forms of evasive techniques. Relay algorithms in particular, such as differential and harmonic protection algorithms, are essential to protecting physical equipment such as power transformers from faults. Relay algorithms, though, are often disabled, altered, or otherwise suppressed by malware. In this paper, we first provide background on the main types of failures that may occur in an electrical power substation after relay algorithms are disabled by malware. We also provide some initial insights into malware methods that involve physics-informed data manipulations, which in turn may lead to power outages and physical damage to power transformers. We then describe the design of a watchdog algorithm that is continuously on the look out for anomalies in the execution time of relay algorithms along with their associated performance counters. We implemented the watchdog approach in Python, and evaluated it empirically on emulations of differential and harmonic protection algorithms on a computing machine.

engineering, multidisciplinary,computer science, information systems

Ezgi Gursel,Bhavya Reddy,Katy Daniels,Jamie Baalis Coble,Mahboubeh Madadi,Vivek Agarwal,Ronald Boring,Vaibhav Yadav,Anahita Khojandi

DOI: https://doi.org/10.1080/00295450.2024.2338507

IF: 1.667

2024-06-09

Nuclear Technology

Abstract:In nuclear power plants (NPPs), anomalies arising from sensors or human errors (HEs) can undermine the performance and reliability of plant operations. Anomaly detection models can be employed to detect sensor errors and HEs. Additionally, physics-informed machine learning models can utilize the known physics of the system, as described by mathematical equations, to ensure that sensor values are consistent with physical laws. Hence, we propose SPIDARman: System-level Physics-Informed Detection of Anomalies in Reactor Collected Data Considering Human Errors, a holistic physics-informed anomaly detection approach based on generative adversarial networks (GANs) to detect anomalies in both automatically collected sensor data and manually collected surveillance data. We test our approach on data collected from a flow loop testbed, showcasing its potential to detect anomalies. Results demonstrate that the proposed model performs better than the baseline GAN-based models in detecting sensor and surveillance anomalies, suggesting the potential of physics-informed anomaly detection GAN models in NPPs.

nuclear science & technology