当前位置: X-MOL 学术Int. J. Crit. Infrastruct. Prot. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A method for testing distributed anomaly detectors
International Journal of Critical Infrastructure Protection ( IF 4.1 ) Pub Date : 2019-10-15 , DOI: 10.1016/j.ijcip.2019.100324
Gayathri Sugumar , Aditya Mathur

Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-automaton, serve as reference attacks. A potentially large set of attacks is then created by systematically applying the mutation operators to each reference attack. In a case study, SCM was applied to a timed-automata model of a water treatment plant to assess its effectiveness in testing a distributed anomaly detector. Results attest to the value of SCM in identifying weaknesses in an anomaly detector, prior to its deployment, and improving its effectiveness in detecting process anomalies.



中文翻译:

一种测试分布式异常检测器的方法

当基础工厂偏离其预期行为时,在关键基础架构中部署分布式异常检测器,以发出警报。提出了一种新颖的方法,称为SCM,它使用定义明确的状态和命令突变算符,在部署此类检测器之前对其进行测试。网络攻击,每个都建模为定时自动机,可作为参考攻击。然后,通过系统地将变异算子应用于每个参考攻击,来创建潜在的大量攻击。在一个案例研究中,将SCM应用于水处理厂的定时自动机模型,以评估其在测试分布式异常检测器中的有效性。结果证明了SCM的价值 在部署异常检测器之前发现其缺陷,并提高其检测过程异常的有效性。

更新日期:2019-10-15
down
wechat
bug