Comparison of Design-Centric and Data-Centric Methods for Distributed Attack Detection in Cyber-Physical Systems
Cyber-physical systems are vulnerable to a variety of cyber, physical and cyber-physical attacks. The security of cyber-physical systems can be enhanced beyond what can be achieved through firewalls and trusted components by building trust from observed and/or expected behaviors. These behaviors can be encoded as invariants. Information flows that do not satisfy the invariants are used to identify and isolate malfunctioning devices and cyber intrusions. However, the distributed architectures of cyber-physical systems often contain multiple access points that are physically and/or digitally linked. Thus, invariants may be difficult to determine and/or computationally prohibitive to check in real time. Researchers have employed various methods for determining the invariants by analyzing the designs of and/or data generated by cyber-physical systems such as water treatment plants and electric power grids. This chapter compares the effectiveness of detecting attacks on a water treatment plant using design-centric invariants versus data-centric rules, the latter generated using a variety of data mining methods. The methods are compared based on the maximization of true positives and minimization of false positives.
J. Leopold et al., "Comparison of Design-Centric and Data-Centric Methods for Distributed Attack Detection in Cyber-Physical Systems," IFIP Advances in Information and Communication Technology, vol. 596, pp. 261-279, Springer Verlag, Jan 2020.
The definitive version is available at https://doi.org/10.1007/978-3-030-62840-6_13
IFIP Advances in Information and Communication Technology
Keywords and Phrases
Cyber-physical attacks; data mining; invariants; water treatment plant
International Standard Book Number (ISBN)
International Standard Serial Number (ISSN)
Article - Conference proceedings
© 2020 Springer Verlag, All rights reserved.
01 Jan 2020