Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-automaton, serve as reference attacks. A potentially large set of attacks is then created by systematically applying the mutation operators to each reference attack. In a case study, SCM was applied to a timed-automata model of a water treatment plant to assess its effectiveness in testing a distributed anomaly detector. Results attest to the value of SCM in identifying weaknesses in an anomaly detector, prior to its deployment, and improving its effectiveness in detecting process anomalies.

当基础工厂偏离其预期行为时，在关键基础架构中部署分布式异常检测器，以发出警报。提出了一种新颖的方法，称为SCM，它使用定义明确的状态和命令突变算符，在部署此类检测器之前对其进行测试。网络攻击，每个都建模为定时自动机，可作为参考攻击。然后，通过系统地将变异算子应用于每个参考攻击，来创建潜在的大量攻击。在一个案例研究中，将SCM应用于水处理厂的定时自动机模型，以评估其在测试分布式异常检测器中的有效性。结果证明了SCM的价值 在部署异常检测器之前发现其缺陷，并提高其检测过程异常的有效性。