Cross-layer anomaly detection in industrial cyber-physical systems

Within the frame of the fourth industrial revolution, also known as Industry 4.0, industrial cyber-physical production systems (ICPS) have experienced a significant progress. To this end, Industry 4.0 has brought upon an improved, flexible, and cost-efficient system architecture that can sustain the development of innovative applications and services. Nonetheless, this technological advancement also exposed ICPS to significant cyber threats. This paper contributes to the development of a cross-layer anomaly detection system (ADS) for ICPS by defining a lightweight detection methodology that leverages Dempster-Shafer's "Theory of Evidence" in order to: infer the system's state; fuse evidence from a wide range of monitored parameters; and deliver a comprehensive and scalable detection system. The proposed approach is validated in the context of a real natural gas transportation installation.

[1]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[2]  Mark Hagerott,et al.  Stuxnet and the vital role of critical infrastructure operators and engineers , 2014, Int. J. Crit. Infrastructure Prot..

[3]  William H. Sanders,et al.  Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[4]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[5]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[6]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[7]  Béla Genge,et al.  Designing Optimal and Resilient Intrusion Detection Architectures for Smart Grids , 2017, IEEE Transactions on Smart Grid.

[8]  Béla Genge,et al.  A clustering-based approach to detect cyber attacks in process control systems , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[9]  Nils Kalstad Svendsen,et al.  Modeling And Detecting Anomalies In Scada Systems , 2008, Critical Infrastructure Protection.

[10]  Béla Genge,et al.  Data fusion-base anomay detection in networked critical infrastructures , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[11]  Rainer Drath,et al.  Industrie 4.0: Hit or Hype? [Industry Forum] , 2014, IEEE Industrial Electronics Magazine.

[12]  Thomas M. Chen,et al.  Lessons from Stuxnet , 2011, Computer.

[13]  Meikang Qiu,et al.  Cloud-assisted Industrial Systems and Applications , 2016, Mob. Networks Appl..