Detection and isolation of fault from cyber attack in SCADA systems using network parameters

Document Type : Original Article

Authors

Faculty of Electrical Engineering, K. N. Toosi University of Technology, Tehran, Iran

Abstract

The SCADA system is a vital system that monitors and controls industrial processes. In these systems, a cyber attack occurs by infiltrating the communication channels between sensors, actuators and servers. In recent years, cyber-attacks have created problems for industrial control systems. A cyber attack has a function similar to a fault in terms of system malfunction. Having instantaneous network parameters such as latency, packet loss, and network traffic can probably make the difference between a fault and a cyber attack. The purpose of this initial research is to detect and then isolate the fault from the cyber attack of the SCADA system using different networks. To do this, a fluid passage system with a controller is modeled. A fault detection filter (BFDF) was designed, which detects various anomalies of the system, If at the time of detection of the anomaly by the filter, the network parameters also show abnormal conditions, a cyber attack is detected. The simulations were performed in Omnet ++ software. The research results showed the effectiveness of this method in distinguishing between fault and cyber attack.

Keywords


[1]           D. Bhamare, M. Zolanvari, A. Erbad, R. Jain, K. Khan, and N. Meskin, "Cybersecurity for industrial control systems: A survey," computers & security, vol. 89, p. 101677, 2020.
[2]           Y. Cherdantseva et al., "A review of cyber security risk assessment methods for SCADA systems," Computers & security, vol. 56, pp. 1-27, 2016.
[3]           S. Feng and P. Tesi, "Resilient control under denial-of-service: Robust design," Automatica, vol. 79, pp. 42-51, 2017.
[4]           A.-Y. Lu and G.-H. Yang, "Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service," IEEE Transactions on Automatic Control, vol. 63, no. 6, pp. 1813-1820, 2017.
[5]           T.-Y. Zhang and D. Ye, "Distributed secure control against denial-of-service attacks in cyber-physical systems based on K-connected communication topology," IEEE transactions on cybernetics, vol. 50, no. 7, pp. 3094-3103, 2020.
[6]           D. Ye, T.-Y. Zhang, and G. Guo, "Stochastic coding detection scheme in cyber-physical systems against replay attack," Information Sciences, vol. 481, pp. 432-444, 2019.
[7]           Y. Li, D. Shi, and T. Chen, "False data injection attacks on networked control systems: A Stackelberg game analysis," IEEE Transactions on Automatic Control, vol. 63, no. 10, pp. 3503-3509, 2018.
[8]           C.-Z. Bai, F. Pasqualetti, and V. Gupta, "Data-injection attacks in stochastic control systems: Detectability and performance tradeoffs," Automatica, vol. 82, pp. 251-260, 2017.
[9]           G. Park, C. Lee, H. Shim, Y. Eun, and K. H. Johansson, "Stealthy adversaries against uncertain cyber-physical systems: Threat of robust zero-dynamics attack," IEEE Transactions on Automatic Control, vol. 64, no. 12, pp. 4907-4919, 2019.
[10]         C.-Z. Bai, V. Gupta, and F. Pasqualetti, "On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds," IEEE Transactions on Automatic Control, vol. 62, no. 12, pp. 6641-6648, 2017.
[11]         Z. Guo, D. Shi, K. H. Johansson, and L. Shi, "Worst-case stealthy innovation-based linear attack on remote state estimation," Automatica, vol. 89, pp. 117-124, 2018.
[12]         L. Hu, Z. Wang, Q.-L. Han, and X. Liu, "State estimation under false data injection attacks: Security analysis and system protection," Automatica, vol. 87, pp. 176-183, 2018.
[13]         T.-Y. Zhang and D. Ye, "False data injection attacks with complete stealthiness in cyber–physical systems: A self-generated approach," Automatica, vol. 120, p. 109117, 2020.
[14]         J. Rønneberg, "Reference Topologies and Scenarios for Cyber-Physical Systems in the Norwegian Cyber Range," NTNU, 2019.
[15]         A. W. Werth, "Towards distinguishing between cyber-attacks and faults in cyber-physical systems," 2014.
[16]         مرضیه نجار، سید محمدحسین معطر، «تشخیص نفوذ شبکه با استفاده از رویکرد ترکیبی مدل مخفی مارکوف و یادگیری ماشین مفرط»، مجله مهندسی برق دانشگاه تبریز، جلد ۴۸،شماره ۴، صفحات ۱۸۰۷-۱۸۱۷، ۱۳۹۷.
[17]         D. Du, "Fault detection for discrete-time linear systems based on descriptor observer approach," Applied Mathematics and Computation, vol. 293, pp. 575-585, 2017.
[18]         Z. Gao, "Fault estimation and fault-tolerant control for discrete-time dynamic systems," IEEE Transactions on Industrial Electronics, vol. 62, no. 6, pp. 3874-3884, 2015.
[19]         F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas, "Coding schemes for securing cyber-physical systems against stealthy data injection attacks," IEEE Transactions on Control of Network Systems, vol. 4, no. 1, pp. 106-117, 2016.
[20]         A. Barboni, H. Rezaee, F. Boem, and T. Parisini, "Distributed detection of covert attacks for interconnected systems," in 2019 18th European Control Conference (ECC), 2019: IEEE, pp. 2240-2245.
[21]         M. Taheri, K. Khorasani, I. Shames, and N. Meskin, "Cyber Attack and Machine Induced Fault Detection and Isolation Methodologies for Cyber-Physical Systems," arXiv preprint arXiv:2009.06196, 2020.
[22]         بهنام همایی، سعید اباذری، مجتبی برخورداری یزدی، «تشخیص حمله‌ی سایبری تزریق داده‌ی غلط در شبکه‌ی‌ برق مبتنی‌بر PMU با استفاده از فیلتر‌ کالمن»، مجله مهندسی برق دانشگاه تبریز، جلد ۴۹، شماره ۴، صفحات ۱۸۹۵-۱۹۰۳، ۱۳۹۸.