International Journal of Critical Infrastructure Protection ( IF 4.1 ) Pub Date : 2019-10-15 , DOI: 10.1016/j.ijcip.2019.100324 Gayathri Sugumar , Aditya Mathur
Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-automaton, serve as reference attacks. A potentially large set of attacks is then created by systematically applying the mutation operators to each reference attack. In a case study, SCM was applied to a timed-automata model of a water treatment plant to assess its effectiveness in testing a distributed anomaly detector. Results attest to the value of SCM in identifying weaknesses in an anomaly detector, prior to its deployment, and improving its effectiveness in detecting process anomalies.
中文翻译:
一种测试分布式异常检测器的方法
当基础工厂偏离其预期行为时,在关键基础架构中部署分布式异常检测器,以发出警报。提出了一种新颖的方法,称为SCM,它使用定义明确的状态和命令突变算符,在部署此类检测器之前对其进行测试。网络攻击,每个都建模为定时自动机,可作为参考攻击。然后,通过系统地将变异算子应用于每个参考攻击,来创建潜在的大量攻击。在一个案例研究中,将SCM应用于水处理厂的定时自动机模型,以评估其在测试分布式异常检测器中的有效性。结果证明了SCM的价值 在部署异常检测器之前发现其缺陷,并提高其检测过程异常的有效性。