towards automatic state machine reconstruction from
play

Towards automatic state machine reconstruction from legacy PLC using - PowerPoint PPT Presentation

Mar 25, 2023 •534 likes •954 views

Towards automatic state machine reconstruction from legacy PLC using data collection Daniil Chivilikhin, Sandeep Patil, Anthony Cordonnier, Valeriy Vyatkin IEEE INDIN 2019, Helsinki, Finland 24 July 2019 Goal Legacy PLC IEC 61131-3 (black

  1. Towards automatic state machine reconstruction from legacy PLC using data collection Daniil Chivilikhin, Sandeep Patil, Anthony Cordonnier, Valeriy Vyatkin IEEE INDIN 2019, Helsinki, Finland 24 July 2019

  2. Goal Legacy PLC IEC 61131-3 (black box) IEC 61499 state machine 2

  3. Contributions 1. Hardware and software architecture for collecting behavioral data from legacy PLCs in production 2. Algorithm based on translation to Boolean satisfiability problem (SAT) for reconstructing controller logic in the form of a state machine from data collected from PLC 3. Demonstration of the proposed solution on an example of a laboratory scale model of a distribution station 3

  4. Overview of the proposed approach 4

  5. Data collection

  6. Hardware architecture for data collection ● Black-box PLC ● Data collection PLC running IEC 61499 app ● Reconstructed PLC 6

  7. Example system: Festo distribution station 7

  8. Data preprocessing (1/4) Raw data: Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] 8

  9. Data preprocessing (2/4) Raw data: Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] 9

  10. Data preprocessing (3/4) Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] 10

  11. Data preprocessing (4/4) Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] Input=[01000101001001] Output=[10000010] <REQ[01000101001001], CNF[10000010]>; <REQ[11000101001001], CNF[00000010]> Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] Input=[11000101001001] Output=[00000010] 11

  12. Basic function block model Boolean input/output vars 12

  13. State machine reconstruction

  14. Background • Minimum deterministic finite automaton construction from labeled data is NP-complete [Gold, 1978] T + ={ab, b, ba, bbb} T ₋ ={abbb, baba} Heuristics, Metaheuristic, SAT-based e.g. state e.g. genetic merging, k-tails algorithms 14

  15. SAT-based state machine synthesis (1/3) Propositional Solution encoding reconstruction SAT-solver Data Solution ● Heule et al. Exact DFA Identification Using SAT Solvers [ICGI’10] ● ... ● Ulyantsev et al. Exact finite-state machine identification from scenarios and temporal properties [STTT’18] ● Chivilikhin et al. Function block finite-state model identification using SAT and CSP solvers [TII’19] 15 https://srlabs.de/bites/minisat-intro/

  16. SAT-based state machine synthesis (2/3) T + ={ab, b, ba, bbb} T ₋ ={abbb, baba} 16

  17. SAT-based state machine synthesis (3/3) Translation function f Traces T 〈 ... 〉 , ... , 〈 ... 〉 Values of Automaton 〈 ... 〉 , ... , 〈 ... 〉 variables Trace tree 〈 ... 〉 , ... , 〈 ... 〉 𝕎 Boolean SAT construction formula solver No Number of solution states N (UNSAT) N := N + 1 17

  18. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 1 i 3 o 0 o 1 o 1 o 2 o 2 18

  19. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 1 i 3 o 0 o 1 o 1 o 2 o 2 19

  20. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 1 i 3 o 1 o 1 o 2 o 2 20

  21. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 1 i 3 o 1 o 1 o 2 o 2 21

  22. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 3 o 1 o 2 o 2 22

  23. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 2 i 3 o 1 o 2 o 2 23

  24. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 3 o 2 o 2 24

  25. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 3 o 2 o 2 25

  26. Example i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 3 o 2 o 2 i 2 i 2 i 1 o 0 o 1 o 1 o 4 26

  27. Example: fail! i 2 i 3 i 4 i 1 o 0 o 1 o 1 o 2 o 2 i 2 i 3 o 2 o 2 i 2 o 4 Difference in scan cycles of PLCs leads to inconsistent traces! 27

  28. Challenges & approach Challenges 1. Traces contain errors due to trace collection procedure 2. We do not know the ground truth Approach 1. Account for errors in the SAT reduction 2. Enumerate all possible solutions 28

  29. Trace tree → Trace graph 29

  30. Error model for trace graph Add multi-edges on the interface between different outputs ● Simple model, richer models are possible ○ Up to fully connected graph in the worst case 30

  31. Constraints... 31

  32. Color graph nodes in N colors = map graph nodes to automaton states 32

  33. Only one of the multi-edges may be used for each pair of nodes i 2 i 4 i 1 o 1 o 1 o 2 o 2 i 3 33

  34. Find all solutions with different alternative edge choices 34

  35. Find all solutions with different alternative edge choices Still, exponential number of solutions! 35

  36. Coping with exponential number of solutions ● Zakirzyanov et al. Efficient Symmetry Breaking for SAT-Based Minimum DFA Inference [LATA’19] ● Minimize parameters of state machine ○ N – number of states ○ K – outgoing degree of states ○ R – number of transitions 36

  37. Algorithm 37

  38. Experiment with distribution station • 12 inputs, 8 outputs • Six logs for different use cases with varying complexity and length of runs • Algorithm found 63 different state machines that satisfy the traces with respect to the error model • Launch simulation of use cases in NxtStudio • Only one (!) state machine was truly correct 38

  39. Generated state machine 39

  40. Conclusion & Future work • Developed hardware and software architecture for data collection from PLC • Developed algorithm for reconstructing state machine from (noisy) PLC traces Future work • Improve synthesis algorithm • Automate validation against legacy system (model) • Improve data collection, add time synchronization • Target distributed controller reconstruction • Move data storage and synthesis to the cloud 40

  41. Thank you! Daniil Chivilikhin, chivdan@itmo.ru

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming

A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming

A Hands-On Introduction to Automatic Machine Learning Lars Kotthofg University of Wyoming larsko@uwyo.edu AutoML Workshop, 28 August 2018, Nanjing 1 Machine Learning Data Machine Learning Predictions 2 Automatic Machine Learning

744 views • 33 slides
3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video

3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video

3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video Using Kinect Raw Depth Image Infrared laser projector Monochrome CMOS sensor Demo Kinect Raw data Real-time Reconstruction Pipeline Measurement

508 views • 34 slides
Automatic Itinerary Reconstruction from Texts L. Moncla (LIUPPA, IAAA), M. Gaio (LIUPPA), S.

Automatic Itinerary Reconstruction from Texts L. Moncla (LIUPPA, IAAA), M. Gaio (LIUPPA), S.

Automatic Itinerary Reconstruction from Texts L. Moncla (LIUPPA, IAAA), M. Gaio (LIUPPA), S. Mustire (COGIT) L. Moncla ludovic.moncla@univ-pau.fr GIScience 2014 GIScience 2014 2/56 Automatic Itinerary Reconstruction from Texts L.

874 views • 56 slides
Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P .

Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P .

Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P . Sadayappan The Ohio State University January 24, 2012 HiPEAC Conference Paris, France Introduction: HiPEAC12 Vectorization Observations

346 views • 22 slides
Volumetric Scene Reconstruction Volumetric Scene Reconstruction Goal Goal from Multiple

Volumetric Scene Reconstruction Volumetric Scene Reconstruction Goal Goal from Multiple

Image Image- -Based Scene Reconstruction Based Scene Reconstruction Volumetric Scene Reconstruction Volumetric Scene Reconstruction Goal Goal from Multiple Views from Multiple Views Automatic construction of photo Automatic

378 views • 21 slides
Choosing the Right Evaluation for Machine Translation An Examination of Annotator and Automatic

Choosing the Right Evaluation for Machine Translation An Examination of Annotator and Automatic

Choosing the Right Evaluation for Machine Translation An Examination of Annotator and Automatic Metric Performance on Human Judgment Tasks Michael Denkowski and Alon Lavie Language Technologies Institute Carnegie Mellon University November 3,

752 views • 50 slides
Warrens Abstract Machine A Tutorial Reconstruction Hassan A t-Kaci ICLP91

Warrens Abstract Machine A Tutorial Reconstruction Hassan A t-Kaci ICLP91

Warrens Abstract Machine A Tutorial Reconstruction Hassan A t-Kaci ICLP91 Pre-Conference Tutorial [1] I dedicate this modest work to a most outstanding W A M I am referring of course to Wolfgang Amadeus Mozart 1756

1.49k views • 138 slides
Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 23: Speech

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 23: Speech

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 23: Speech Synthesis (Part I) Instructor: Preethi Jyothi Oct 30, 2017 T ext- T o- S peech Systems Storied History Von Kempelens speaking machine (1791)

290 views • 8 slides
Sparse optimization and machine learning in image reconstruction Aleksandra Pi zurica Group

Sparse optimization and machine learning in image reconstruction Aleksandra Pi zurica Group

Sparse optimization and machine learning in image reconstruction Aleksandra Pi zurica Group for Artificial Intelligence and Sparse Modelling (GAIM) Department Telecommunications and Information Processing Ghent University 2 nd Annual Meeting

821 views • 60 slides
FLEECEmax The Automatic Felt Application Machine with cutback from KMF www.kmf.at 1 -

FLEECEmax The Automatic Felt Application Machine with cutback from KMF www.kmf.at 1 -

- engineering your visions - FLEECEmax The Automatic Felt Application Machine with cutback from KMF www.kmf.at 1 - engineering your visions - Facts and Figures Established 1874 Production area 12.000m 2 5th generation family run

697 views • 13 slides
Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu , Youjian Zhao, Haowen Xu, Yongqian Sun, Dan Pei, Jiao Luo, Xiaowei Jing, Mei Feng 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn) KPIs and

545 views • 42 slides
AUTOMATIC BUSINESS ATTRIBUTE LABELING FROM YELP REVIEWS : A MACHINE LEARNING APPLICATION by

AUTOMATIC BUSINESS ATTRIBUTE LABELING FROM YELP REVIEWS : A MACHINE LEARNING APPLICATION by

AUTOMATIC BUSINESS ATTRIBUTE LABELING FROM YELP REVIEWS : A MACHINE LEARNING APPLICATION by Michael Iannelli and Ephraim Rosenfeld Search Engine Architecture(CSCI-GA 3033-006 - Spring 2017) Courant Institute of Mathematical Sciences

141 views • 11 slides
Computer Vision and Machine Learning for ICARUS Physics Reconstruction Francois Drielsma ,

Computer Vision and Machine Learning for ICARUS Physics Reconstruction Francois Drielsma ,

Computer Vision and Machine Learning for ICARUS Physics Reconstruction Francois Drielsma , Kazuhiro Terao, Laura Domine SLAC National Accelerator Lab. ICARUS Collaboration Meeting @ FNAL September 12th 2019 1 Computer Vision and LArTPC Image

950 views • 17 slides
Automatic acquisition of Named Entities for Rule-Based Machine Translation Antonio Toral , Andy

Automatic acquisition of Named Entities for Rule-Based Machine Translation Antonio Toral , Andy

Introduction MINELex Methodology Evaluation Conclusions Automatic acquisition of Named Entities for Rule-Based Machine Translation Antonio Toral , Andy Way DCU 2 nd International Workshop on Free/Open-Source Rule-Based Machine Translation

944 views • 69 slides
Surface Reconstruction Methodologies Global Structure Data-driven User-Driven State of the Art

Surface Reconstruction Methodologies Global Structure Data-driven User-Driven State of the Art

Surface Reconstruction Methodologies Global Structure Data-driven User-Driven State of the Art in Surface Reconstruction from Point Clouds Berger, T agliasacchi, Seversky, Alliez, Levine, Sharf, Silva Global Regularities Objects share many

348 views • 15 slides
Breast Reconstruction in the U.S. The State of Antibiotic Use in Implant Based Breast

Breast Reconstruction in the U.S. The State of Antibiotic Use in Implant Based Breast

3/7/2015 Breast Reconstruction in the U.S. The State of Antibiotic Use in Implant Based Breast Reconstruction Each year approximately 100,000 breast reconstructions are performed in the U.S. Greater than 2/3 of reconstructions are

416 views • 6 slides
Principles and Practices of Transformation Pearson case study Learn Build Measure Sonja

Principles and Practices of Transformation Pearson case study Learn Build Measure Sonja

Principles and Practices of Transformation Pearson case study Learn Build Measure Sonja Kresojevic GOTO Accelerate 2016 Disruptive Environment Most likely outcome Pearsons challenge Unbalanced portfolio, lots of duplication Big

254 views • 24 slides
Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat

Who Whos Really Attacking Y s Really Attacking Your our #WHOAMI Threat Researcher at Trend Micro- research and blogger on criminal underground, persistent threats,

792 views • 44 slides
Grid Checkpointing John Mehnert-Spahn Heinrich-Heine University Duesseldorf, Germany XtreemOS

Grid Checkpointing John Mehnert-Spahn Heinrich-Heine University Duesseldorf, Germany XtreemOS

Grid Checkpointing John Mehnert-Spahn Heinrich-Heine University Duesseldorf, Germany XtreemOS Summer School, Gnzburg, Germany, 2010 XtreemOS IP project is funded by the European Commission under contract IST-FP6-033576 XtreemOS IP project 1

707 views • 47 slides
Retrospective Spectrum Access Protocol: A Completely Uncoupled Learning Algorithm for Cognitive

Retrospective Spectrum Access Protocol: A Completely Uncoupled Learning Algorithm for Cognitive

Retrospective Spectrum Access Protocol: A Completely Uncoupled Learning Algorithm for Cognitive Networks Marceau Coupechoux , Stefano Iellamo , Lin Chen + TELECOM ParisTech (INFRES/RMS) and CNRS LTCI + University Paris XI Orsay (LRI)

433 views • 26 slides
Photon Linear Linear Collider Collider - - Photon or the the fusion fusion of of light

Photon Linear Linear Collider Collider - - Photon or the the fusion fusion of of light

Photon Linear Linear Collider Collider - - Photon or the the fusion fusion of of light light or Florence, , September September 2007 2007 Florence General overview overview General LHC- -ILC ILC- -PLC PLC synergy synergy LHC

805 views • 56 slides
Slide 1 ___________________________________ Moving Forward with the

Slide 1 ___________________________________ Moving Forward with the

Slide 1 ___________________________________ Moving Forward with the ___________________________________ Primary Language Curriculum Special School ___________________________________ Teacher CPD Stages 1 - 4

507 views • 21 slides
Multichannel number counting Multichannel number counting experiments experiments V.Zhukov

Multichannel number counting Multichannel number counting experiments experiments V.Zhukov

Multichannel number counting Multichannel number counting experiments experiments V.Zhukov M.Bonsch KIT, Karlsruhe 18.01.2011 PHYSTAT2011 1 Valery Zhukov Multichannel searches at LHC searches at LHC Multichannel Beyond SM(eg. SUSY) can

438 views • 18 slides
Class 1: Class 1: What is Introduction Introduction Computer Science ? CS150 Spring 2009

Class 1: Class 1: What is Introduction Introduction Computer Science ? CS150 Spring 2009

Class 1: Class 1: What is Introduction Introduction Computer Science ? CS150 Spring 2009 University of Virginia Computer Science Westley Weimer http://www.cs.virginia.edu/cs150 #2 The note on the inflected line is Let AB and CD be the two

690 views • 10 slides

More recommend