期刊
COMPUTERS IN INDUSTRY
卷 137, 期 -, 页码 -出版社
ELSEVIER
DOI: 10.1016/j.compind.2022.103609
关键词
Industrial Cyber-physical systems; Industrial Internet of Things; Anomaly detection; Security detection; Stuxnet
资金
- Key Program of National Natural Science Foundation of China [61333008]
This paper investigates anomaly detection for industrial cyber-physical systems (ICPS) in the process industry, proposing a novel detection framework that quantifies dynamic variations of a generalized model implied by operating data. The detector, designed using subspace technique and quantization method, can be deployed independently in active ICPS without causing any loss of control performance. The experimental results show that the detector can detect attacks within 28 seconds and distinguish between different attack types.
Integrity and availability attacks can cause serious damage to modern industrial cyber-physical systems (ICPS). It is critical to detect and identify these attacks promptly and accurately. This paper investigates the anomaly detection for ICPS in the process industry. Three typical attacks, the Stuxnet-like, denial-of-service, and false data injection, are taken as specific defense targets. We propose to detect anomalies by quantifying the dynamic variations of generalized model implied by operating data, and present a mode division as the novel detection framework. The subspace technique and a quantization method for the amplitude-frequency characteristic deviation are employed to design the detector, which can be deployed independently in the active ICPS and does not cause any loss of control performance. An attack-defense experimental platform is developed to evaluate the detector under the attack scenarios of interest. The results show that the detector can detect any of the three attacks in a maximum of 28 s after the attack onset, and that these attacks can be distinguished by combining the state estimation residuals and system errors.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据