anomaly detector
play

ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET - PowerPoint PPT Presentation

Aug 02, 2023 •267 likes •658 views

ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET TELECOM SUDPARIS FRANCE iCIS 9 th November 2018 Radboud University CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems

  1. ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET TELECOM SUDPARIS FRANCE iCIS 9 th November 2018 Radboud University

  2. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2 Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  3. 1 PRESENTATION

  4. 1 PRESENTATION 4 Master’s Degree Cybersecurity engineer Telecom SudParis Thales C&S Cybersecurity specialization Integration & risk analysis 2016 2017 2018 Senior Internship Research associate University of Malaga ( Ingénieure de recherche ) Trust metrics for the IoT Telecom SudParis CPS resilience • • Cryptography Industrial control systems (ICS) • • Network security (IP protocols) SCADA systems & protocols • • Darknets study (senior project) Human threats in CPS : HCI, etc. • Risk analysis : EBIOS 2010

  5. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2. Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  6. 2 CYBER-PHYSICAL SYSTEMS 6 2.1 PRESENTATION Cyber-Physical System (CPS): Systems that integrate Computation, Communication and Control-Physical processes _______________ Lee and Seshia (2016). Introduction to embedded systems: A cyber-physical systems approach. MIT Press. Moreover… Systems with integrated computational and physical capabilities that can interact with humans through many new modalities _______________ Baheti and Gill (2011). Cyber-physical systems. The impact of control technology.

  7. 2 CYBER-PHYSICAL SYSTEMS 7 2.1 PRESENTATION Cyber-physical systems have today the following features: ► Large scale – large number of physically distributed subsystems ► Complex – large number of variables, non-lineary & uncertainty ► Human in the loop – human beings & feedback control systems Examples: ► Industrial control systems ► Intelligent transportation systems ► Smart cities ► E-health

  8. 2 CYBER-PHYSICAL SYSTEMS 8 2.1 PRESENTATION Difference between ICT and ICS ICT ICS Aim Information protection Safety of services and people Lifetime <5 years >10 years Security Confidentiality Availability properties Integrity Integrity priorities Availability Confidentiality Network TCP/IP SCADA (and TCP/IP) Connectivity Connected to Internet Isolated (or strong restrictions)

  9. 2 CYBER-PHYSICAL SYSTEMS 9 2.1 PRESENTATION Cyber-physical resilience ► Offer critical functionalities (e.g. safety functions) under the presence of failures and attacks A resilient control systems should*: ► Identify threats ► Minimize their impact ► Mitigate them, or recover to a normal operation in a reasonable time *Queiroz (2012). A holistic approach for measuring the survivability of SCADA systems. PhD, RMIT University.

  10. 2 CYBER-PHYSICAL SYSTEMS 10 2.2 NETWORKED CONTROL SYSTEM Networked control system: Control system whose control loops are connected through a communication network ref. 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 ► Modeling of CPS using feedback control theory ► Controller commands the system using corrective feedback, based on the distance between a reference signal and the system output

  11. 2 CYBER-PHYSICAL SYSTEMS 11 2.3 CYBER-PHYSICAL ATTACKS A cyber-physical attack exploits vulnerabilities, to harm the physical processes through the network System knowledge of adversary Data or control confidentiality Integrity or availability violation Teixeira, Shames, Sandberg, & Johansson (2015). A secure control framework for resource-limited adversaries. Automatica , 51 , 135-148.

  12. 2 CYBER-PHYSICAL SYSTEMS 12 2.3 CYBER-PHYSICAL ATTACKS False-data injection attack ► How : Modification of sensors reading by physical interferences, by the communication channel or individual meters to generate wrong control decisions ► Attack capabilities : Limited knowledge of the physical system required ► Countermeasure: Comparison of sensor measurements and system dynamics 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 + 𝑧 𝑐𝑗𝑏𝑡 Adversary Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  13. 2 CYBER-PHYSICAL SYSTEMS 13 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  14. 2 CYBER-PHYSICAL SYSTEMS 14 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Adversary Sensor Old records Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  15. 2 CYBER-PHYSICAL SYSTEMS 15 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Adversary Sensor Old records Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  16. 2 CYBER-PHYSICAL SYSTEMS 16 2.3 CYBER-PHYSICAL ATTACKS Covert attack ► How : Modification of control inputs and sensor measurements ► Attack capabilities : Knowledge of the physical system required ► Countermeasure: Undetectable from the regular system operation 𝑣 𝑢 Adversary Actuator Controller Transformation Plant Network Adversary Sensor Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  17. 2 CYBER-PHYSICAL SYSTEMS 17 2.3 CYBER-PHYSICAL ATTACKS DoS attack ► How : Disrupt the communication on a channel to isolate the monitor process Zero dynamic attack ► How: Disrupt the unobservable part of the system ► Countermeasure: Verify if all the states are observable Command injection attack ► How: Exploit protocols and devices vulnerabilities to inject false commands ► Countermeasure: Signature-based IDS Rubio-Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  18. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2 Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  19. 3 PIETC-WD 19 3.1 PRESENTATION Periodic and intermittent event-triggered control watermark detector ► System specifications : ● Discrete linear time-invariant LTI system ● Linear Quadratic Gaussian LQG controller ► Strategy: ● Challenge-response authentication scheme ● Non-stationary watermark-based (noise) to verify the integrity of the control loop ► Countermeasure against adversaries that have partial or full knowledge of the system dynamics ► Penalty: performance loss Mo, Weerakkody, & Sinopoli. (2015). Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Systems , 35 (1), 93-109. Rubio-Hernan, De Cicco & Garcia-Alfaro (2016). Event-triggered watermarking control to handle cyber-physical integrity attacks. In Nordic Conference on Secure IT Systems (pp. 3-19). Springer, Cham.

  20. 3 PIETC-WD 20 3.1 PRESENTATION 𝑦 𝑢 Actuators Plant Sensors Network 𝑣 𝑢 𝑧 𝑢 Z -1 𝑣 𝑢−1 𝑦 𝑢 ො LQ regulator Kalman Filter LQG controller 𝑧 𝑢 = 𝐷𝑦 𝑢 + 𝑤 𝑢 𝑦 𝑢+1 = 𝐵𝑦 𝑢 + 𝐶𝑣 𝑢 + 𝑥 𝑢 𝐷 ∈ ℝ 𝑜×𝑞 output matrix 𝐵 ∈ ℝ 𝑞×𝑞 state matrix with with 𝐶 ∈ ℝ 𝑞×𝑛 input matrix 𝑤 𝑢 ∼ 𝑂 0, 𝑆 noise 𝑥 𝑢 ∼ 𝑂 0, 𝑅 noise

  21. 3 PIETC-WD 21 3.2 NORMAL FUNCTIONING Sensor measures & Sensor 1 𝑦 𝑢 non-stationary Local controller 1 watermarks … Actuators Plant (periodic) Sensor N 𝑠 𝑑 𝑢 + 𝚬𝒛 𝒅 𝒖 ∗ (+Δ𝑣 𝑢 ) Local controller N 𝑣 𝑢 = 𝑣 𝑢 ( 𝑠 𝑑 𝑢 = 𝑧 𝑢 − ℬො 𝑦 𝑢−1 ) Network ∗ 𝑣 𝑢 LQG controller 𝑠 𝑢 Δ𝑣 𝑢 Watermark Detector 𝑕(𝑢) Alarm? 𝑢 𝑈 𝒬 −1 𝑠 𝜐 𝑕 𝑢 = ෍ 𝑠 𝑗 𝑗 w 𝑗=𝑢−𝑥+1 𝑢

  22. 3 PIETC-WD 22 3.3 FIRST SENSOR ALARM Cyber-physical adversary ► Aim: Use identification methods to gain knowledge about the system parameters, from the network, to influence the physical behavior. Sensors Actuators Plant Local controllers Adversary Network Control center PIETC-WD

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of

Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of

Introduction Problem Proposed method Evaluation Discussion Conclusion Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of Informatics / SOKENDAI, Tokyo Pierre Borgnat , Physics Lab, CNRS, ENS

323 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four spacetime dimensions, an SU(2) gauge theory with a single multiplet of fermions that transform under SU(2) in the spin 1/2 representation is

820 views • 43 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background oscillation relative to (fixed) electron analog to plasma oscillation ion mass ion density ion charge screening of Coulomb by (fast) electrons Kohn

1.08k views • 8 slides
Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D

Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D

Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D Coordinator September 27 th 2019 Detector R&amp;D Organization at Fermilab Detector Advisory Group : ~15 experts of different detector technologies

908 views • 32 slides
Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Sixteenth Session of the Forum on Regional Climate Monitoring, Assessment and Prediction for Asia (FOCRAII), May 7, 2020 ( ), y , Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with SMART-based

457 views • 16 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series &lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Introduction Anomaly Sum Rule Transition form factors of mesons Quark-hadron duality Corrections interplay and ex Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov Laboratory of Theoretical Physics,

580 views • 34 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

NVRAMOS 14 10.30. 2014 Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok Nam UNIST Outline Motivation Journaling of Journal Anomaly How to resolve Journaling of Journal anomaly

606 views • 60 slides
Announcements Wednesday, November 01 WeBWorK 3.1, 3.2 are due today at 11:59pm. The quiz

Announcements Wednesday, November 01 WeBWorK 3.1, 3.2 are due today at 11:59pm. The quiz

Announcements Wednesday, November 01 WeBWorK 3.1, 3.2 are due today at 11:59pm. The quiz on Friday covers 3.1, 3.2. My office is Skiles 244. Rabinoffice hours are Monday, 13pm and Tuesday, 911am. Section 5.2 The

798 views • 22 slides
Towards Pseudometric Graded Semantics Paul Wild Friedrich-Alexander-Universitt

Towards Pseudometric Graded Semantics Paul Wild Friedrich-Alexander-Universitt

Towards Pseudometric Graded Semantics Paul Wild Friedrich-Alexander-Universitt Erlangen-Nrnberg Paul Wild Pseudometric Graded Semantics Quantitative algebraic reasoning Introduced by Mardare, Panangaden, Plotkin [2]. Basic idea: build an

374 views • 14 slides
Mathematical Expressions Return to Table of Contents Slide 5 / 185 Expressions Algebra

Mathematical Expressions Return to Table of Contents Slide 5 / 185 Expressions Algebra

Slide 1 / 185 Slide 2 / 185 7th Grade Math Expressions 2015-11-17 www.njctl.org Slide 3 / 185 Table of Contents Mathematical Expressions Click on a topic to go to that section. Order of Operations The Distributive Property Like Terms

647 views • 62 slides
IC3D 2016 Towards an Interactive Navigation in Large Virtual Microscopy Images on 3D Displays J.

IC3D 2016 Towards an Interactive Navigation in Large Virtual Microscopy Images on 3D Displays J.

IC3D 2016 Towards an Interactive Navigation in Large Virtual Microscopy Images on 3D Displays J. Sarton 1 , N. Courilleau 1,2 , Y. Remion 1 , L. Lucas 1 1. Universit de Reims Champagne-Ardenne, CReSTIC 2. Neoxia, France 2016 December 13

692 views • 16 slides
Production Control System Upgrade - SCADA Pre-Proposal Meeting July 10, 2018 Robert Pina

Production Control System Upgrade - SCADA Pre-Proposal Meeting July 10, 2018 Robert Pina

Production Control System Upgrade - SCADA Pre-Proposal Meeting July 10, 2018 Robert Pina Director Enterprise Solutions, SAWS Janie M. Powell Contract Administrator, SAWS Susan Rodriquez SMWVB Program Specialist, SAWS Nabil Antary

564 views • 30 slides
Outline CS 188: Artificial Intelligence Zero-sum deterministic two player games Spring 2011

Outline CS 188: Artificial Intelligence Zero-sum deterministic two player games Spring 2011

Outline CS 188: Artificial Intelligence Zero-sum deterministic two player games Spring 2011 Minimax Evaluation functions for non-terminal states Alpha-Beta pruning Lecture 8: Games, MDPs Stochastic games 2/14/2010 Single

247 views • 7 slides
Backpropagation Many slides attributable to: Prof. Mike Hughes Erik Sudderth (UCI), Emily Fox

Backpropagation Many slides attributable to: Prof. Mike Hughes Erik Sudderth (UCI), Emily Fox

Tufts COMP 135: Introduction to Machine Learning https://www.cs.tufts.edu/comp/135/2020f/ Backpropagation Many slides attributable to: Prof. Mike Hughes Erik Sudderth (UCI), Emily Fox (UW), Finale Doshi-Velez (Harvard) James, Witten, Hastie,

426 views • 23 slides
Intention Interleaving Via Classical Replanning Mengwei Xu , Kim Bauters, Kevin McAreavey, Weiru

Intention Interleaving Via Classical Replanning Mengwei Xu , Kim Bauters, Kevin McAreavey, Weiru

Intention Interleaving Via Classical Replanning Mengwei Xu , Kim Bauters, Kevin McAreavey, Weiru Liu Extending Belief-Desire-Intention (BDI) Agents to Managing Intention Interleaving Intention Resolution: to avoid negative interference Guarantee

745 views • 29 slides

More recommend