1. Model based anomaly detection in cyber physical power systems.
- Author
-
Awad, Ahmed Mutar, Ali Alheeti, Khattab M., and Najem, Abdul Kream A. H.
- Subjects
CYBER physical systems ,ANOMALY detection (Computer security) ,INDUSTRIALISM ,STRUCTURAL optimization ,ALGORITHMS ,INTRUSION detection systems (Computer security) ,DEEP learning - Abstract
The pervasive integration of technology into our daily lives is a commonplace occurrence, extending its influence to operators of industrial systems who are increasingly harnessing the potential of new technologies. Adapting the use of cyber-physical systems (CPS) beyond their original scope is often necessary to support evolving applications. However, this heightened interconnectivity and exposure to the Internet make these systems more vulnerable to attacks, given the expanded attack surface. Timely detection of security issues in Cyber-Physical Systems (CPS) is critical due to their integration with the real environment, as delayed detection could lead to significant harm. Anomaly and intrusion detection play a pivotal role in identifying potential threats, serving as a prerequisite for initiating a prompt incident response. To address the industrial sector's specific needs, we illustrate the process of transferring and adapting existing detection systems. However, the restricted availability of data in industrial applications can pose challenges to the utilization of current detection systems, despite their indispensable nature. Consequently, we delve into valuable data exploration and introduce two Cyber-Physical Systems (CPS)-specific approaches to obtain essential information for existing intrusion detection algorithms. To optimize the efficient gathering of real-world data, we suggest employing a streamlined and effective compression technique tailored specifically for industrial network data. Recognizing the constraints of direct capture in specific scenarios, we illustrate the generation of suitable datasets through the simulation of underlying processes. In the domain of anomaly detection, we present an innovative approach crafted to address the unique conditions prevalent in Cyber-Physical Systems (CPSs). Harnessing the power of deep learning, we formulate a method for efficient feature learning and anomaly detection that can be applied to various industrial field bus protocols. Not requiring knowledge of data encoding in the protocols, this approach achieves detection rates as high as 99% for specific attack types. Building upon these foundational components, we investigate the behavior of distributed detection methods in Cyber-Physical Systems (CPS). Leveraging simulations of complex CPS networks allows for the evaluation and optimization of specific configurations. Through this process, optimal configurations can be derived, minimizing the time before detection or maximizing detection rates while considering resource limitations. In conclusion, this study provides crucial insights into the deployment of anomaly and intrusion detection systems within the industrial sector. The application of these measures in practical scenarios empowers operators to detect security issues at an earlier stage, thereby mitigating potential severe damages through prompt incident response. [ABSTRACT FROM AUTHOR]
- Published
- 2024
- Full Text
- View/download PDF