Abstract

Supervisory Control and Data Acquisition (SCADA) systems are commonly used in critical infrastructures. However, these systems are typically vulnerable to cyberattacks. Among the different types of cyberattacks, the covert attack is one of the hardest to detect – it is undetectable when the system is operating under normal conditions. In this article, we develop a data-driven detection framework that utilizes the degradation process of the system to detect covert attacks. We derive mathematical characteristics of the degradation processes under covert attacks that are used for developing a sequential likelihood ratio test method for attack detection. We verify our methodology through an extensive numerical study and a case study on a rotating machinery setup. Our results show that the methodology helps detect covert attacks within reasonable delay time and is applicable under real-world settings.

摘要

监督控制和数据采集（SCADA）系统通常用于关键基础架构中。但是，这些系统通常容易受到网络攻击。在不同类型的网络攻击中，秘密攻击是最难检测到的攻击之一-当系统在正常条件下运行时无法检测到。在本文中，我们开发了一个数据驱动的检测框架，该框架利用系统的降级过程来检测隐蔽攻击。我们得出秘密攻击下退化过程的数学特征，这些特征用于开发用于攻击检测的顺序似然比测试方法。我们通过广泛的数值研究和有关旋转机械设置的案例研究来验证我们的方法。