Diagnosis approaches for detection and isolation of cyber attacks and faults on a two-tank system

Recently, a two-tank benchmark for detection and isolation of cyber-attacks has been proposed to the diagnosis research community to test different diagnosis methods. In this work, we use this benchmark, add some scenarios, and test several diagnosis techniques to evaluate their diagnos-ability power. We propose to use a well-known model-based diagnosis approach to identify the groups of faults and attacks that are not isolable or detectable. In a second part, we investigate improvements provided by data-based diagnosis techniques and show that they succeed to isolate faults and attack for this benchmark.

[1]  D. Rotondo,et al.  A two-tank benchmark for detection and isolation of cyber attacks , 2018 .

[2]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[3]  Elodie Chanthery,et al.  Fusion of Model-based and Data-based Fault Diagnosis Approaches , 2018 .

[4]  Sylvain Verron,et al.  A generic framework for decision fusion in Fault Detection and Diagnosis , 2018, Eng. Appl. Artif. Intell..

[5]  Fuwen Yang,et al.  Analysis and synthesis of control systems over wireless digital channels , 2017, J. Frankl. Inst..

[6]  Damiano Rotondo,et al.  Detection of replay attacks in cyber-physical systems using a frequency-based signature , 2019, J. Frankl. Inst..

[7]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[8]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[9]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[10]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[11]  Ramesh Karri,et al.  Cybersecurity for Control Systems: A Process-Aware Perspective , 2016, IEEE Design & Test.

[12]  Stéphane Lafortune,et al.  Detection and Mitigation of Classes of Attacks in Supervisory Control Systems , 2018, Autom..

[13]  Shaikshavali Chitraganti,et al.  Medium access scheduling for input reconstruction under deception attacks , 2017, J. Frankl. Inst..

[14]  Józef Korbicz,et al.  AN EXTENDED UNKNOWN INPUT OBSERVER-BASED APPROACH TO FAULT DIAGNOSIS OF A TWO-TANK SYSTEM , 2007 .

[15]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[16]  Marcel Staroswiecki,et al.  Analytical redundancy relations for fault detection and isolation in algebraic dynamic systems , 2001, Autom..

[17]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[18]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[19]  Franck Sicard,et al.  Critical States Distance Filter Based Approach for Detection and Blockage of Cyberattacks in Industrial Control Systems , 2018 .

[20]  Wei-Yin Loh,et al.  Classification and regression trees , 2011, WIREs Data Mining Knowl. Discov..

[21]  J. Friedman Regularized Discriminant Analysis , 1989 .

[22]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.