Shen Limin,Li Feng,Peng Siwei,Si Yali

DOI: https://doi.org/10.1109/CSIE.2009.236

2009-01-01

Abstract:A method is proposed for enhancing SCADA systems survivability using exogenous isomorphic real-time monitor and simulation monitor. The formal definition of monitors is given. The fundamental principles of attack resistance, malicious operation detection and fault prediction are introduced, which are accomplished by using cooperation between the real-time monitor and simulation monitor. The real-time monitor is responsible for monitoring the states of SCADA systems, events and control commands, estimating whether there is faults and risk in systems based on states and implementation commands of system, and creating a simulation monitor if it is necessary. The simulation monitor is responsible for simulating implementation of control command, monitoring the process of simulation, forecasting the results of control commands, and estimating whether the commands are harmful based on the results. Finally, a water treatment system is given to illustrate the feasibility and effectiveness of the method.

Li Feng,Shen Limin,Si Yali,Niu Jingchun

DOI: https://doi.org/10.1109/ICMTMA.2009.263

2009-01-01

Abstract:This paper presents a new method which ensures the validity and availability of the essential services in SCADA systems using the real-time monitor and the simulation monitor. The real-time monitor is responsible for monitoring the states and critical control commands of systems, estimating whether there are faults and risk in systems based on security rules. The simulation monitor is responsible for simulating execution of control command, monitoring the simulation process, predicting the execution results of critical control commands, and estimating whether the control commands are dangerous and unsafe based on the results. The principles and process of attack detection, attack resistance, and potential faults prediction are introduced. Finally, a simplified water treatment system and its simulation results are given to illustrate the feasibility and effectiveness of the method.

Guoliang Hu,Guofang Gong,Huayong Yang

DOI: https://doi.org/10.3969/j.issn.1000-1298.2007.01.042

2007-01-01

Abstract:Aiming at the questions existed in the simulating test of shield tunnelling machine, a condition monitoring system of simulator test rig for shield tunnelling machine was designed using common configuration software “Kingview”, and the structure characteristics of hardware and software were also analyzed. The human machine interface of condition monitoring system was developed and designed, and the design idea was also expounded in detail. The experimental results show that the designed condition monitoring system has good operation performance and high security, which has been applied in the simulator tunnelling successfully.

Dinghua Wang,Dongqin Feng

DOI: https://doi.org/10.1109/iaeac.2018.8577543

2018-01-01

Abstract:Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

Wang Chunlei,Fang Lan,Dai Yiqi

DOI: https://doi.org/10.1109/ICMTMA.2010.603

2010-01-01

Abstract:Simulation experiment is an important means of analyzing and assessing the security of SCADA (Supervisory Control and Data Acquisition) system, however, the existing simulation environments have some limitations in flexibility and extensibility. According to the type of industrial infrastructure and the structure of SCADA system, the abstract models of SCADA system are established, the reference architecture of SCADA system simulation environment is proposed, and the simulation environment for analyzing and assessing the security of SCADA system is designed and implemented. This simulation environment has the characteristics of extensibilities and adaptability, and integrated several components including the simulated enterprise network, OPC Client/HMI, industrial OPC server, SCADA protocol tester, SCADA RTUs, and the sensors and actuators, etc. Finally, experiment on the representative SCADA system attack scenario of has been conducted in this simulation environment to analyze and assess their security status, and the results demonstrate the effectiveness and practicability of the simulation environment.

Chuan Sheng,Yu Yao,Qiang Fu,Wei Yang

DOI: https://doi.org/10.1016/j.comnet.2020.107677

IF: 5.493

2021-02-01

Computer Networks

Abstract:<p>Supervisory Control and Data Acquisition (SCADA) systems are becoming increasingly susceptible to the sophisticated and targeted cyber attacks which are typically carried out by exploiting the vulnerabilities of industrial control devices or protocols. However, most of the existing network intrusion detection methods only focus on detecting and characterizing cyber attacks against the SCADA system, but cannot fully describe their real impact on the system. In this paper, we propose a cyber-physical model for the SCADA system to detect intrusions from the SCADA network and evaluate their risk levels against the industrial process. The model aims at characterizing the network structure and industrial process of the SCADA system through extracting and correlating the communication patterns and states of ICS devices. And any violation of the model is considered abnormal behavior, which can be caused by false operation or network attacks. Through associating network intrusions with the status of the SCADA system, a risk assessment method is proposed to estimate the potential damage degree of the attack on the system, which provides network administrators with richer information about network attacks. Moreover, the comprehensive performance evaluation conducted on public SCADA network data sets shows that the proposed method outperforms the existing methods in detecting and analyzing various cyber attacks against the SCADA system.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Ruqi Ding,Min Cheng,Shen Zheng,Bing Xu

DOI: https://doi.org/10.1109/tmech.2020.3042605

2021-01-01

Abstract:Due to the complex control software based on electronic sensors, an independent metering control system (IMCS) has a higher risk of failures than a traditional electrohydraulic system. Considering the tough requirements of safety and reliability in mobile applications, this article innovatively proposes an active sensor-fault-tolerant controller (SFTC) for IMCSs. It is a model-free controller without any additional sensors. All the faults of the inlet, outlet, and supply pressure sensors are tolerated via analytical redundancy rather than hardware redundancy. The core of the analytical redundancy is to reconfigure the control loops of the normal controller by utilizing the cross-couplings among multivariables. To guarantee the switching stability from the normal controller to the SFTC, in this article, a bumpless transfer strategy based on latent tracking is designed, such that the abrupt output jump of the SFTC is suppressed and a smooth switching is obtained when the fault occurs. The feasibility of the SFTC system was evaluated by implementing the system on the two-ton excavator. The experimental results of boom motions verify the effectiveness of the controller under abrupt and random sensor faults.

Kuan‐Chu Lu,I‐Hsien Liu,Zong‐Chao Liu,Jung‐Shian Li

DOI: https://doi.org/10.1049/ntw2.12127

2024-06-08

IET Networks

Abstract:SCADA systems are increasingly used to manage the operations of dams and reservoirs. Thus, to ensure the safety and efficiency of the water distribution system, it is essential to develop effective mechanisms for detecting and thwarting attacks to dam SCADA systems. Supervisory control and data acquisition (SCADA) systems are vital in monitoring and controlling industrial processes through the web. However, while such systems result in lower costs, greater utilisation efficiency, and improved reliability, they are vulnerable to cyberattacks, with consequences ranging from the inconvenience and minor disruption to severe physical damage and even loss of life. The authors evaluate the security of the Dam system in the form of Common Criteria, develop safety goals to improve this safety, and focus on threats and risks to the dam SCADA system. Finally proposes an anomaly‐based machine‐learning framework for detecting malicious network attacks in the SCADA system of a dam. Three unsupervised classification algorithms are considered: hierarchical clustering, local outlier factor, and isolation forest. It is shown that the hierarchical clustering algorithm achieves the highest precision and F‐score of the three algorithms. Overall, the results confirm the effectiveness of anomaly‐based detection algorithms in enhancing the robustness of SCADA systems toward malicious attacks. At the same time, it complies with the security objectives of Common Criteria, achieving the safety and protection of the dam.

Yilin Mo,Rohan Chabukswar,Bruno Sinopoli

DOI: https://doi.org/10.3182/20110828-6-it-1002.03712

IF: 4.8

2013-01-01

IEEE Transactions on Control Systems Technology

Abstract:Ensuring security of systems based on supervisory control and data acquisition is a major challenge. The goal of this paper is to develop the model-based techniques capable of detecting integrity attacks on the sensors of a control system. In this paper, the effect of integrity attacks on the control systems is analyzed and countermeasures capable of exposing such attacks are proposed. The main contributions of this paper, beyond the novelty of the problem formulation, lies in enumerating the conditions of the feasibility of the replay attack, and suggesting countermeasures that optimize the probability of detection by conceding control performance. The methodologies are shown and the theoretical results are validated using several sets of simulations.

CHEN Pan-pan,WEI Bin,YANG Yan-fang,ZHANG Hong-jie,ZHU Jia-hui,QIU Ming

2012-01-01

Abstract:Based on structure characteristics and operation requirement of the superconducting magnet energy storage(SMES),the intelligent monitoring system has been designed and dynamical simulation experiments have been carried out with other components of SMES.The monitoring system which adopts intelligent instrument,virtual instrument technology and PXI bus,realizes real-time detection of a series parameters of voltage,current,temperature and power,and coordinated control of SMES subsystem.Many experiments have been carried out,such as cooling test,critical current test and dynamical simulation experiment.The experiment results show that the monitoring system can provide suitable detecting and monitoring functions for SMES system and reaches the design requirements.

Xin Chen,Sriram Sankaranarayanan

DOI: https://doi.org/10.1109/RTSS.2017.00035

2017-01-01

Abstract:The predictive monitoring problem asks whether a deployed system is likely to fail over the next T seconds under some environmental conditions. This problem is of the utmost importance for cyber-physical systems, and has inspired real-time architectures capable of adapting to such failures upon forewarning. In this paper, we present a linear model-predictive scheme for the real-time monitoring of linear systems governed by time-triggered controllers and time-varying disturbances. The scheme uses a combination of offline (advance) and online computations to decide if a given plant model has entered a state from which no matter what control is applied, the disturbance has a strategy to drive the system to an unsafe region. Our approach is independent of the control strategy used: this allows us to deal with plants that are controlled using model-predictive control techniques or even opaque machine-learning based control algorithms that are hard to reason with using existing reachable set estimation algorithms. Our online computation reuses the symbolic reachable sets computed offline. The real-time monitor instantiates the reachable set with a concrete state estimate, and repeatedly performs emptiness checks with respect to a safety property. We classify the various alarms raised by our approach in terms of what they imply about the system as a whole. We implement our real-time monitoring approach over numerous linear system benchmarks and show that the computation can be performed rapidly in practice. Furthermore, we also examine the alarms reported by our approach and show how some of the alarms can be used to improve the controller.

Guodong Sa,Zhengyang Jiang,Jiacheng Sun,Chan Qiu,Zhenyu Liu,Jianrong Tan

DOI: https://doi.org/10.1108/jimse-06-2024-0011

2024-01-01

Journal of Intelligent Manufacturing and Special Equipment

Abstract:Purpose – Real-time monitoring of the critical physical fields of core components in complex equipment is of great significance as it can predict potential failures, provide reasonable preventive maintenance strategies and thereby ensure the service performance of the equipment. This research aims to propose a hierarchical explicit–implicit combined sensing-based real-time monitoring method to achieve the sensing of critical physical field information of core components in complex equipment. Design/methodology/approach – Sensor deployable and non-deployable areas are divided based on the dynamic and static constraints in actual service. An integrated method of measurement point layout and performance evaluation is used to optimize sensor placement, and an association mapping between information in non-deployable and deployable areas is established, achieving hierarchical explicit–implicit combined sensing of key sensor information for core components. Finally, the critical physical fields of core components are reconstructed and visualized. Findings – The proposed method is applied to the spindle system of CNC machine tools, and the result shows that this method can effectively monitor the spindle system temperature field. Originality/value – This research provides an effective method for monitoring the service performance of complex equipment, especially considering the dynamic and static constraints during the service process and detecting critical information in non-deployable areas.

YAN Wen-jun,MAO Xue-zhen

DOI: https://doi.org/10.3969/j.issn.1001-4551.2005.03.010

2005-01-01

Abstract:This paper presents a remote automatic monitor and control system of small water power station rubber dam, based on S7-200 series PLC and WinCC HMI tool. The system takes the both advantages of automatic control and remote control and remains the local manual electrical or mechanical control function. It makes the work of rubber dam more robust, stable and safe, facilitates the users more flexible and improves the power generation efficiency.

Hanan Hindy,David Brosset,Ethan Bayne,Amar Seeam,Xavier Bellekens

DOI: https://doi.org/10.1007/978-3-030-12786-2_1

2019-03-06

Abstract:Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset.

Cryptography and Security,Machine Learning

Junhui Zhang,Dandan Wang,Ruqi Ding,Zheng Chen,Chengzhi Yang,Bing Xu,Min Cheng

DOI: https://doi.org/10.1016/j.measurement.2024.115707

IF: 5.6

2025-01-01

Measurement

Abstract:The independent metering control system (IMCS) demonstrates high control precision and energy efficiency for advanced electrohydraulic applications but tends to be faulty. Current model-based fault diagnosis methods face challenges in robustness and adaptability to high uncertainties and high nonlinearities of the IMCS. To enhance the safety and reliability of the IMCS, a novel fault detection and isolation method based on adaptive robust observer (ARO) is proposed. To reduce estimation errors, the designed ARO combines the advantages of the robust filter and parameter adaption, which can overcome the impact of uncertainties and nonlinearities. To detect the fault robustly and sensitively, three types of adaptive thresholds are designed according to the spool displacement residuals. To isolate the fault, a fault space is established, and spatial fault points are calculated. The verification experiments show that the proposed method can well estimate the spool displacement while accurately detecting and isolating faults of the IMCS.

Yi Qin,Yanxiang Tong,Yifei Xu,Chun Cao,Xiaoxing Ma

DOI: https://doi.org/10.1145/3660789

2024-01-01

Abstract:Control-based self-adaptive systems (control-SAS) are susceptible to deviations from their pre-identified nominal models. If this model deviation exceeds a threshold, the optimal performance and theoretical guarantees of the control-SAS can be compromised. Existing approaches detect these deviations by locating the mismatch between the control signal of the managing system and the response output of the managed system. However, vague observations may mask a potential mismatch where the explicit system behavior does not reflect the implicit variation of the nominal model. In this paper, we propose the Active Monitoring Mechanism (AMM for short) as a solution to this issue. The basic intuition of AMM is to stimulate the control-SAS with an active control signal when vague observations might mask model deviations. To determine the appropriate time for triggering the active signals, AMM proposes a stochastic framework to quantify the relationship between the implicit variation of a control-SAS and its explicit observation. Based on this framework, AMM’s monitor and remediator enhance model deviation detection by generating active control signals of well-designed timing and intensity. Results from empirical evaluations on three representative systems demonstrate AMM’s effectiveness (33.0% shorter detection delay, 18.3% lower FN rate, 16.7% lower FP rate) and usefulness (19.3% lower abnormal rates and 88.2% higher utility).

Zeyu Yang,Liang He,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/TDSC.2024.3384146

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Stealthy attacks manipulate the operation of Industrial Control Systems (ICSs) without being undetected, allowing persistent manipulation of system operation and thus the potential to cause destructive damage. This paper introduces a new vulnerability of ICS that can be exploited to mount stealthy attacks without requiring any domain knowledge. This vulnerability is caused by a common practice in system monitoring, i.e., the SCADA monitors ICS operation at a much lower frequency than system execution, causing a loss of precision when the SCADA tries to cross-validate the issued control commands using the collected sensory data. Exploiting this vulnerability, an attack called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PLC-SAGE</i> is designed to stealthily manipulate the system operation by identifying and injecting malicious control commands that will not be concluded as abnormal by the SCADA. This paper further discusses a preferred ICS engineering practice and an attestation strategy to mitigate the above vulnerability and protect ICS from <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PLC-SAGE</i> . Both <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">PLC-SAGE</i> and the proposed mitigations have been experimentally validated on two ICS platforms.

Min-jun Peng,Hang Wang,Xu Yang,Yong-kuo Liu,Liang-zhuang Guo,Wei Li,Nan Jiang

DOI: https://doi.org/10.1016/j.anucene.2017.04.041

IF: 1.9

2017-11-01

Annals of Nuclear Energy

Abstract:Human error is one of the leading factors in nuclear accidents. However, on-line monitoring may help operators to detect and locate the abnormality on time, and thus it has the benefit of reducing misoperation, improve the safety of nuclear power plants and guide the maintenance plan. This work presents a distributed on-line monitoring and fault detection methodology based on modeling and simulation of nuclear plant’s sub-units. This methodology utilizes quantitative calculation from the simulation model and combines the measurements gotten from instrumentation and control system to detect incipient faults. Under normal operation, the method allows real-time tracking to set dynamic thresholds. When a failure occurs, the corresponding parameters can be compared to detect the fault. Furthermore, the root cause, fault type and degree of the fault could be identified and calculated while considering compensation from the control system and trends of measurements. The performance of this method was evaluated and verified by applying it to the Reactor Coolant System of a PWR and comparing its result with the one obtained from Principal Component Analysis (PCA) method. The result of simulation analysis under steady operation and transients separately show the effectiveness and accuracy of this methodology when compared with PCA method; therefore, laying an essential foundation for the prediction of fault trends.

nuclear science & technology

Musse M. Ahmed,M. A. Parvez Mahmud,Ahmed Abu‐Siada,S. M. Muyeen,Farhana Yasmin,Md Ohirul Qays,Md Liton Hossain,Md Momtazur Rahman

DOI: https://doi.org/10.1002/ese3.1130

2022-03-29

Abstract:With the rapid increase of renewable energy generation worldwide, real‐time information has become essential to manage such assets, especially for systems installed offshore and in remote areas. To date, there is no cost‐effective condition monitoring technique that can assess the state of renewable energy sources in real‐time and provide suitable asset management decisions to optimize the utilization of such valuable assets and avoid any full or partial blackout due to unexpected faults. Based on the Internet of Things scheme, this paper represents a new application for the Supervisory Control and Data Acquisition (SCADA) system to monitor a hybrid system comprising photovoltaic, wind, and battery energy storage systems. Electrical parameters such as voltage, current, and power are monitored in real‐time via the ThingSpeak website. Network operators can control components of the hybrid power system remotely by the proposed SCADA system. The SCADA system is interfaced with the Matlab/Simulink software tool through KEPServerEX client. For cost‐effective design, low‐cost electronic components and Arduino Integrated Development Environment ATMega2560 remote terminal unit are employed to develop a hardware prototype for experimental analysis. Simulation and experimental results attest to the feasibility of the proposed system. Compared with other existing techniques, the developed system features advantages in terms of reliability and cost‐effectiveness. 1. Based on the Internet of Things scheme, this paper represents a new application for the Supervisory Control and Data Acquisition (SCADA) system to monitor a hybrid system comprising photovoltaic, wind, and battery energy storage systems. Based on the Internet of Things scheme, this paper represents a new application for the Supervisory Control and Data Acquisition (SCADA) system to monitor a hybrid system comprising photovoltaic, wind, and battery energy storage systems. 2. Electrical parameters such as voltage, current, and power are monitored in real‐time via the ThingSpeak website. Network operators can control components of the hybrid power system remotely by the proposed SCADA system. Electrical parameters such as voltage, current, and power are monitored in real‐time via the ThingSpeak website. Network operators can control components of the hybrid power system remotely by the proposed SCADA system. 3. The SCADA system is interfaced with the Matlab/Simulink software tool through KEPServerEX client. The SCADA system is interfaced with the Matlab/Simulink software tool through KEPServerEX client. 4. For cost‐effective design, low‐cost electronic components and Arduino integrated development environment ATMega2560 remote terminal unit are employed to develop a hardware prototype for experimental analysis. For cost‐effective design, low‐cost electronic components and Arduino integrated development environment ATMega2560 remote terminal unit are employed to develop a hardware prototype for experimental analysis.

energy & fuels

Jie Wang,Chunhui Zhao

DOI: https://doi.org/10.1109/tim.2022.3177217

IF: 5.6

2022-01-01

IEEE Transactions on Instrumentation and Measurement

Abstract:The supervisory control and data acquisition (SCADA) system provides information that can be used to free humans from laborious monitoring tasks, such as control performance monitoring (CPM). However, the existing CPM methods rely heavily on the quality of SCADA data. In practice, the missing of measurement and computed signals due to some random and man-induced factors will lead to failures of traditional CPM methods. This article develops a robust CPM model for varying-dimensional time-series data resulting from the missing variables in SCADA systems. Two attractive advantages of the proposed model are noticed. First, SCADA data with various variable dimensions and missing patterns can be handled through a structural feature extraction (SFE) module, which constructs specific graphs for input data and explicitly explores the inherent interaction mechanism among variables. A structural vector is then generated to characterize the interaction pattern of multiple variables. Second, the proposed model is designed with the generalization ability by developing parameters-shared node-effect and edge-effect graph neural networks (GNNs). In this way, the method shows good robustness to the previously unseen missing patterns. Experiments on the simulated and real datasets demonstrate the feasibility of this method.