an end to end infrastructure for cyber physical intrusion
play

An End-to-End Infrastructure for Cyber-Physical Intrusion Detection - PowerPoint PPT Presentation

Dec 02, 2022 •13 likes •123 views

An End-to-End Infrastructure for Cyber-Physical Intrusion Detection REINHARD GENTZ, MAHDI JAMEI, ANNA SCAGLIONE ARIZONA STATE UNIVERSITY, USA CREDC Workshop 2017 1 What is Cyber Physical Intrusion Detection CPS Cyber Physical System

  1. An End-to-End Infrastructure for Cyber-Physical Intrusion Detection REINHARD GENTZ, MAHDI JAMEI, ANNA SCAGLIONE ARIZONA STATE UNIVERSITY, USA CREDC Workshop 2017 1

  2. What is Cyber Physical Intrusion Detection CPS – Cyber Physical System System In a system Cyber & Physical environment is connected Physical -> Attacks affect both environments Properties (Physical) -> We should sense both environments for best attack detection Control & Monitoring (Cyber) CPS-IDS goes beyond the traditional monitoring solutions adopted in EDS-operations. It requires new elements : ◦ High resolution physical-sensing (PMUs) Cyber ◦ Combined network traffic collection & filtering and Physical Challenge: Big Data Problem System 2

  3. Hierarchical Architecture We propose hierarchical architecture: Do as much of the processing locally and only ship what is necessary  Reduced CPS-IDS network load  More resilient to network failure – Outages; Attacks  Distribute computational load – Scalability  Prioritize important messages (Attacks!) over status messages Stage 1 Server Stage 2 Server Central Server μ PMU DSCADA Grid μ PMU DSCADA 3

  4. Stage I (Local Processor) Sensor Data Local Rules e.g.,: - Validity of I = Y V Analytics - Power Quality Limits Message Stage 1 Data Analytics Hi Prio Queue Analytics Decide the Queue Low Prio Queue  Gather Local Data:  Analyze it & based on the result  PMUs produce large quantities of precise data  Prioritize the message  Reduce the message size a uPMU with a BBB attached 4

  5. Stage I (Local Processor) Sensor Data Local Rules e.g.,: - Validity of I = Y V Analytics - Power Quality Limits Message Stage 1 Data Analytics Hi Prio Queue Analytics Decide the Queue Low Prio Queue The BBB minicomputer shields the sensor from the Modular Design outside world The analytics systems are plug-in modules One minicomputer system to maintain - Easy to update and replace – Not one per sensor type - Analytics can be done by different programmer (Only API knowledge needed) Independence from sensor vendor security updates a uPMU with a BBB attached 5

  6. Stage II Power Distribution Grid 29 28 12 27 11 22 26 10 R1 1 2 3 4 6 7 8 13 14 30 31 32 21 25 Messaging System 9 20 Substation 33 23 24 5 T1 R2 34 From Downstream To Upstream Analytics Results 19 15 16 17 18 Raw Data & Preprocessed Analytics Local Local Local Analytics and Analytics and Analytics and Analytics 1 prioritization prioritization prioritization (BBB) (BBB) (BBB) Aggregated Analytics N Stage 2 Publisher Subscriber Messaging Analytics Database for Database for  Aggregate Data from multiple sensors Search Archiving (Elasticsearch) (Cassandra)  & Fuse it with static information, (e.g. reference model for subnetwork)  Decrease false positive and false negatives Frontend generate actionable alarms with low latency Cyber-Physical Security Architecture  Targeted request of input data with a publisher subscriber model  Stage can be repeated for scaling, wide area deployment 6

  7. Central Stage/Human Machine Interface Power Distribution Grid 29 28 12 27 11 22 26 10 R1 1 2 3 4 6 7 8 13 14 30 31 32 21 25 9 20 Substation 33 Different databases have 23 24 5 T1 R2 34 19 different strengths 15 16 17 18 - Especially for big data Local Local Local Analytics and Analytics and Analytics and prioritization prioritization prioritization (BBB) (BBB) (BBB) Search for Retrieve lots Aggregated properties? of raw data? Publisher Subscriber Messaging Analytics Elasticsearch Cassandra Database for Search Database for Archiving (Elasticsearch) (Cassandra) Central Stage Frontend Cyber-Physical Security Architecture  Archive the data & analytics results  Frontend to the user 7

  8. Example Analytics - Localizing Fault BBB 2 BBB 1 No Alarm No Alarm BBB 3 Stage 2’s View No Alarm No Alarm Voltage Sag Voltage Sag => Threshold crossed Fault localized downstream of Results found from data analysis. uPMU 3 Priority for transmission 8

  9. Thank you Questions? 9

  10. Stage II Validation - We see how the measurements are correlated Sensor 1 2 nd floor Sensor 2 Basement ServerRack 10

  11. Stage II Validation Voltage Dip in the whole building - We see how the measurements are correlated Min/Max Sensor 1 2 nd floor Min/Max Sensor 2 Basement ServerRack Question: Is this pattern possible with the specific electrical grid in place? => Further validation 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 ,

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 ,

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 , Aron Laszka 2 , Yevgeniy Vorobeychik 1 , Xenofon Koutsoukos 1 1 Institute for Software Integrated Systems, Vanderbilt University 2 Electrical

495 views • 24 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
Executive Forum/Workshop on Physical and Cyber Infrastructure Supporting the Future Grid Summary

Executive Forum/Workshop on Physical and Cyber Infrastructure Supporting the Future Grid Summary

Executive Forum/Workshop on Physical and Cyber Infrastructure Supporting the Future Grid Summary Mladen Kezunovic Texas A&M University (kezunov@ece.tamu.edu) PSERC Webinar May 3, 2016 Outline Background: - Workshop goals -

458 views • 27 slides
AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center (C2PS) SECURITY OF THE GLOBAL ICT INFRASTRUCTURE Network and Communications Security Business Process Security and Privacy Security and

667 views • 15 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner,

Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner,

Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner, Gregory Malecha University of California, San Diego veridrone.ucsd.edu Cyber-Physical Systems Cyber-Physical Systems Cyber-Physical Systems

1.04k views • 90 slides
Practical approaches to managing and securing cyber-physical systems Sanjiv Doshi, Principal

Practical approaches to managing and securing cyber-physical systems Sanjiv Doshi, Principal

Practical approaches to managing and securing cyber-physical systems Sanjiv Doshi, Principal Engineer - Cisco Nov 2018 Ciscos take on Cyber-Physical Systems Cyber-Physical Systems are fundamentally integration of three components

321 views • 13 slides
S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems: Diversity-driven Strategies Lionel Briand COW 57, London, UK Cyber-Physical Systems A system of collaborating computational elements controlling

808 views • 41 slides
Sensor Data Analytics for Intrusion Detection Tech Tesfay, Prof. Anna Scaglione Tech Tesfay,

Sensor Data Analytics for Intrusion Detection Tech Tesfay, Prof. Anna Scaglione Tech Tesfay,

Sensor Data Analytics for Intrusion Detection Tech Tesfay, Prof. Anna Scaglione Tech Tesfay, Prof. Anna Scaglione (ASU) Mar. 30, 2018 1 / 29 Outline Motivation for cyber-physical intrusion detection Reconnaissance activity identification

481 views • 34 slides
The Inaugural USEA Advanced Energy Technology Forum July 17, 2019 Washington, D.C. A University

The Inaugural USEA Advanced Energy Technology Forum July 17, 2019 Washington, D.C. A University

The Inaugural USEA Advanced Energy Technology Forum July 17, 2019 Washington, D.C. A University Perspective Sudhakar Neti Lehigh University Institute for Cyber Physical Infrastructure & Energy q Cyber Physical Infrastructure and Energy

168 views • 14 slides
Co-simulation Design towards Cyber-Physical Robotic Applications Leveraging on FMI Standard and

Co-simulation Design towards Cyber-Physical Robotic Applications Leveraging on FMI Standard and

Co-simulation Design towards Cyber-Physical Robotic Applications Leveraging on FMI Standard and CSP Semantics Zhou Lu and Jan Broenink Robotics and Mechatronics, University of Twente 22 Aug, 2017 Introduction - Context Cyber-Physical

784 views • 31 slides
What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

What about Virtualization? Basic Goals Basic goals: Stephen Hand et al (Xen,

Cyber-Physical Systems (CPS) OS / Middleware for Cyber-Physical New innovations needed for software infrastructures Systems Communication, computation & physical system aspects to be considered Example applications: Richard West

274 views • 3 slides
ARTINALI: Dynamic Invariant Detec4on for Cyber-Physical System Security Maryam Raiyat Aliabadi,

ARTINALI: Dynamic Invariant Detec4on for Cyber-Physical System Security Maryam Raiyat Aliabadi,

ARTINALI: Dynamic Invariant Detec4on for Cyber-Physical System Security Maryam Raiyat Aliabadi, Amita Kamath, Julien Gascon-Samson, Karthik Pa8abiraman Cyber-Physical Systems Distributed Controllers C2 C3 C1 Network a1 s2 s1 a2 Physical

482 views • 19 slides
Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the state of art, CEER is a game changer. A generational leap in capabilities for Cyber- Physical Experimentation in the Electric Power Grid Increased

792 views • 49 slides
CSCE 496/896 Lecture 5: Stephen Scott Autoencoders Introduction Basic Idea Stacked AE Stephen

CSCE 496/896 Lecture 5: Stephen Scott Autoencoders Introduction Basic Idea Stacked AE Stephen

CSCE 496/896 Lecture 5: Autoencoders CSCE 496/896 Lecture 5: Stephen Scott Autoencoders Introduction Basic Idea Stacked AE Stephen Scott Transposed Convolutions Denoising AE (Adapted from Eleanor Quint and Ian Goodfellow) Sparse AE

601 views • 41 slides
Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey

Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey

Anomalies Detection for HEP Experiments Maxim Borisyak Denis Derkach, Fedor Ratnikov, Andrey Ustyuzhanin HEP/ML Group, Yandex School of Data Analysis, National Research University High School of Economics with incredible help from CMS

401 views • 21 slides
Extraction and Applications of Implicit Networks from Unstructured Text Andreas Spitz Heidelberg

Extraction and Applications of Implicit Networks from Unstructured Text Andreas Spitz Heidelberg

Extraction and Applications of Implicit Networks from Unstructured Text Andreas Spitz Heidelberg University, Institute of Computer Science Database Systems Research Group spitz@informatik.uni-heidelberg.de Max Planck Institute for Informatics

884 views • 76 slides
EdgeL 3 : Compressing L 3 -Net for Mote-Scale Urban Noise Monitoring Sangeeta Kumari Dhrubojyoti

EdgeL 3 : Compressing L 3 -Net for Mote-Scale Urban Noise Monitoring Sangeeta Kumari Dhrubojyoti

EdgeL 3 : Compressing L 3 -Net for Mote-Scale Urban Noise Monitoring Sangeeta Kumari Dhrubojyoti Roy Mark Cartwright Ohio State University Ohio State University New York University Juan Pablo Bello Anish Arora New York University Ohio

579 views • 44 slides
SUBROUTINES AND CONTROL ABSTRACTION PRINCIPLES OF PROGRAMMING LANGUAGES Norbert Zeh Winter 2018

SUBROUTINES AND CONTROL ABSTRACTION PRINCIPLES OF PROGRAMMING LANGUAGES Norbert Zeh Winter 2018

SUBROUTINES AND CONTROL ABSTRACTION PRINCIPLES OF PROGRAMMING LANGUAGES Norbert Zeh Winter 2018 Dalhousie University 1/47 ABSTRACTIONS AS PROGRAM BUILDING BLOCKS Programming is about building abstractions. Subroutines are the main method to

1.11k views • 107 slides
Subroutines Control abstraction Subroutine design If a subroutine does not fit on the

Subroutines Control abstraction Subroutine design If a subroutine does not fit on the

Subroutine Subroutines Control abstraction Subroutine design If a subroutine does not fit on the screen, it is too long Problem should be divided into smaller pieces Subroutine = If some task X is needed twice, make it a

716 views • 23 slides
EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF

EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF

1 2 EE 109 Unit 15 Subroutines Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF RELEVANT CONCEPTS Stacks 3 4 Review of Program Counter GPR's Used for Subroutine Support Assembler Name Reg. Number Description PC is

70 views • 6 slides
Stack 2 Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF RELEVANT CONCEPTS 3

Stack 2 Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF RELEVANT CONCEPTS 3

1 EE 109 Unit 11 Subroutines and Stack 2 Program Counter and GPRs (especially $sp, $ra, and $fp) REVIEW OF RELEVANT CONCEPTS 3 Review of Program Counter PC is used to fetch an instruction PC contains the address of the next

693 views • 35 slides

More recommend