Sequential detection of cyber-physical attacks on industrial systems
- Creators
- Do, van Long
- Fillatre, Lionel
- Nikiforov, Igor
- Others:
- Viettel Research and Development Institute
- Laboratoire d'Informatique, Signaux, et Systèmes de Sophia-Antipolis (I3S) / Projet MEDIACODING ; Signal, Images et Systèmes (Laboratoire I3S - SIS) ; Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S) ; Université Nice Sophia Antipolis (1965 - 2019) (UNS) ; COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Université Nice Sophia Antipolis (1965 - 2019) (UNS) ; COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S) ; Université Nice Sophia Antipolis (1965 - 2019) (UNS) ; COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Université Nice Sophia Antipolis (1965 - 2019) (UNS) ; COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)
- Laboratoire Modélisation et Sûreté des Systèmes (LM2S) ; Institut Charles Delaunay (ICD) ; Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)
Description
It is assumed that the observations represent a linear superposition of unknown nuisance parameters (stochastic or deterministic), random noise and a system parameter abruptly changing its current value from nominal to abnormal at an unknown but non-random change-point. It is assumed that this statistical model characterizes the cyber-physical attacks on industrial systems, like SCADA. The negative impact of unknown nuisance parameter on the detector is eliminated by utilizing the invariant statistics technique or statistical filtering technique. The statistical decision problem is formulated as a detection of abruptly arriving transient changes of finite duration. The criterion of optimality seeks to minimize the worst-case probability of missed detection subject to an acceptable level of the worst-case probability of false alarm within a given time period. To solve the problem, an optimal solution in a subclass of open-ended sequential tests with variable thresholds is proposed. The Variable Threshold Window Limited CUmulative SUM (VTWL CUSUM) test, previously developed for independent observations, is adapted now to the observation model with nuisance parameters. Finally, the variable threshold of the VTWL CUSUM test is optimized with respect to the optimality criterion and the probabilities of missed detection and false alarm are studied.
Abstract
International audience
Additional details
- URL
- https://hal-utt.archives-ouvertes.fr/hal-02884669
- URN
- urn:oai:HAL:hal-02884669v1
- Origin repository
- UNICA