anomaly detector
play

ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET - PowerPoint PPT Presentation

Aug 02, 2023 •267 likes •658 views

ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET TELECOM SUDPARIS FRANCE iCIS 9 th November 2018 Radboud University CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems

  1. ANOMALY DETECTOR FOR CYBER-PHYSICAL INDUSTRIAL SYSTEMS ANNA GUINET TELECOM SUDPARIS FRANCE iCIS 9 th November 2018 Radboud University

  2. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2 Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  3. 1 PRESENTATION

  4. 1 PRESENTATION 4 Master’s Degree Cybersecurity engineer Telecom SudParis Thales C&S Cybersecurity specialization Integration & risk analysis 2016 2017 2018 Senior Internship Research associate University of Malaga ( Ingénieure de recherche ) Trust metrics for the IoT Telecom SudParis CPS resilience • • Cryptography Industrial control systems (ICS) • • Network security (IP protocols) SCADA systems & protocols • • Darknets study (senior project) Human threats in CPS : HCI, etc. • Risk analysis : EBIOS 2010

  5. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2. Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  6. 2 CYBER-PHYSICAL SYSTEMS 6 2.1 PRESENTATION Cyber-Physical System (CPS): Systems that integrate Computation, Communication and Control-Physical processes _______________ Lee and Seshia (2016). Introduction to embedded systems: A cyber-physical systems approach. MIT Press. Moreover… Systems with integrated computational and physical capabilities that can interact with humans through many new modalities _______________ Baheti and Gill (2011). Cyber-physical systems. The impact of control technology.

  7. 2 CYBER-PHYSICAL SYSTEMS 7 2.1 PRESENTATION Cyber-physical systems have today the following features: ► Large scale – large number of physically distributed subsystems ► Complex – large number of variables, non-lineary & uncertainty ► Human in the loop – human beings & feedback control systems Examples: ► Industrial control systems ► Intelligent transportation systems ► Smart cities ► E-health

  8. 2 CYBER-PHYSICAL SYSTEMS 8 2.1 PRESENTATION Difference between ICT and ICS ICT ICS Aim Information protection Safety of services and people Lifetime <5 years >10 years Security Confidentiality Availability properties Integrity Integrity priorities Availability Confidentiality Network TCP/IP SCADA (and TCP/IP) Connectivity Connected to Internet Isolated (or strong restrictions)

  9. 2 CYBER-PHYSICAL SYSTEMS 9 2.1 PRESENTATION Cyber-physical resilience ► Offer critical functionalities (e.g. safety functions) under the presence of failures and attacks A resilient control systems should*: ► Identify threats ► Minimize their impact ► Mitigate them, or recover to a normal operation in a reasonable time *Queiroz (2012). A holistic approach for measuring the survivability of SCADA systems. PhD, RMIT University.

  10. 2 CYBER-PHYSICAL SYSTEMS 10 2.2 NETWORKED CONTROL SYSTEM Networked control system: Control system whose control loops are connected through a communication network ref. 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 ► Modeling of CPS using feedback control theory ► Controller commands the system using corrective feedback, based on the distance between a reference signal and the system output

  11. 2 CYBER-PHYSICAL SYSTEMS 11 2.3 CYBER-PHYSICAL ATTACKS A cyber-physical attack exploits vulnerabilities, to harm the physical processes through the network System knowledge of adversary Data or control confidentiality Integrity or availability violation Teixeira, Shames, Sandberg, & Johansson (2015). A secure control framework for resource-limited adversaries. Automatica , 51 , 135-148.

  12. 2 CYBER-PHYSICAL SYSTEMS 12 2.3 CYBER-PHYSICAL ATTACKS False-data injection attack ► How : Modification of sensors reading by physical interferences, by the communication channel or individual meters to generate wrong control decisions ► Attack capabilities : Limited knowledge of the physical system required ► Countermeasure: Comparison of sensor measurements and system dynamics 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 + 𝑧 𝑐𝑗𝑏𝑡 Adversary Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  13. 2 CYBER-PHYSICAL SYSTEMS 13 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Sensor 𝑧 𝑢 Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  14. 2 CYBER-PHYSICAL SYSTEMS 14 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Adversary Sensor Old records Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  15. 2 CYBER-PHYSICAL SYSTEMS 15 2.3 CYBER-PHYSICAL ATTACKS Replay attack ► How : Replay previous sensor measurements and modification of control inputs ► Attack capabilities : No knowledge of the physical system required ► Countermeasure: Add some protection on input control signals 𝑣 𝑢 Controller Actuator Plant Network Adversary Sensor Old records Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  16. 2 CYBER-PHYSICAL SYSTEMS 16 2.3 CYBER-PHYSICAL ATTACKS Covert attack ► How : Modification of control inputs and sensor measurements ► Attack capabilities : Knowledge of the physical system required ► Countermeasure: Undetectable from the regular system operation 𝑣 𝑢 Adversary Actuator Controller Transformation Plant Network Adversary Sensor Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  17. 2 CYBER-PHYSICAL SYSTEMS 17 2.3 CYBER-PHYSICAL ATTACKS DoS attack ► How : Disrupt the communication on a channel to isolate the monitor process Zero dynamic attack ► How: Disrupt the unobservable part of the system ► Countermeasure: Verify if all the states are observable Command injection attack ► How: Exploit protocols and devices vulnerabilities to inject false commands ► Countermeasure: Signature-based IDS Rubio-Hernan (2017). Detection of attacks against cyber-physical industrial systems , PhD, Institut National des Télécommunications.

  18. CONTENTS 1. PRESENTATION 2. CYBER-PHYSICAL SYSTEMS 2.1 Presentation 2.2 Networked control systems 2.3 Cyber-physical attacks 3. PIETC-WD 3.1 Presentation 3.2 Normal functioning 3.3 First sensor alarm 3.4 Second sensor alarm 3.5 Validation 4. CONCLUSION

  19. 3 PIETC-WD 19 3.1 PRESENTATION Periodic and intermittent event-triggered control watermark detector ► System specifications : ● Discrete linear time-invariant LTI system ● Linear Quadratic Gaussian LQG controller ► Strategy: ● Challenge-response authentication scheme ● Non-stationary watermark-based (noise) to verify the integrity of the control loop ► Countermeasure against adversaries that have partial or full knowledge of the system dynamics ► Penalty: performance loss Mo, Weerakkody, & Sinopoli. (2015). Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Systems , 35 (1), 93-109. Rubio-Hernan, De Cicco & Garcia-Alfaro (2016). Event-triggered watermarking control to handle cyber-physical integrity attacks. In Nordic Conference on Secure IT Systems (pp. 3-19). Springer, Cham.

  20. 3 PIETC-WD 20 3.1 PRESENTATION 𝑦 𝑢 Actuators Plant Sensors Network 𝑣 𝑢 𝑧 𝑢 Z -1 𝑣 𝑢−1 𝑦 𝑢 ො LQ regulator Kalman Filter LQG controller 𝑧 𝑢 = 𝐷𝑦 𝑢 + 𝑤 𝑢 𝑦 𝑢+1 = 𝐵𝑦 𝑢 + 𝐶𝑣 𝑢 + 𝑥 𝑢 𝐷 ∈ ℝ 𝑜×𝑞 output matrix 𝐵 ∈ ℝ 𝑞×𝑞 state matrix with with 𝐶 ∈ ℝ 𝑞×𝑛 input matrix 𝑤 𝑢 ∼ 𝑂 0, 𝑆 noise 𝑥 𝑢 ∼ 𝑂 0, 𝑅 noise

  21. 3 PIETC-WD 21 3.2 NORMAL FUNCTIONING Sensor measures & Sensor 1 𝑦 𝑢 non-stationary Local controller 1 watermarks … Actuators Plant (periodic) Sensor N 𝑠 𝑑 𝑢 + 𝚬𝒛 𝒅 𝒖 ∗ (+Δ𝑣 𝑢 ) Local controller N 𝑣 𝑢 = 𝑣 𝑢 ( 𝑠 𝑑 𝑢 = 𝑧 𝑢 − ℬො 𝑦 𝑢−1 ) Network ∗ 𝑣 𝑢 LQG controller 𝑠 𝑢 Δ𝑣 𝑢 Watermark Detector 𝑕(𝑢) Alarm? 𝑢 𝑈 𝒬 −1 𝑠 𝜐 𝑕 𝑢 = ෍ 𝑠 𝑗 𝑗 w 𝑗=𝑢−𝑥+1 𝑢

  22. 3 PIETC-WD 22 3.3 FIRST SENSOR ALARM Cyber-physical adversary ► Aim: Use identification methods to gain knowledge about the system parameters, from the network, to influence the physical behavior. Sensors Actuators Plant Local controllers Adversary Network Control center PIETC-WD

Recommend

Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of

Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of

Introduction Problem Proposed method Evaluation Discussion Conclusion Adding rigor to the comparison of anomaly detector outputs Romain Fontugne , National Institute of Informatics / SOKENDAI, Tokyo Pierre Borgnat , Physics Lab, CNRS, ENS

323 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four spacetime dimensions, an SU(2) gauge theory with a single multiplet of fermions that transform under SU(2) in the spin 1/2 representation is

820 views • 43 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background

Phonons in metals - Kohn in metals - Kohn anomaly anomaly Phonons ion background oscillation relative to (fixed) electron analog to plasma oscillation ion mass ion density ion charge screening of Coulomb by (fast) electrons Kohn

1.08k views • 8 slides
Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D

Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D

Strategic Plan for Detector R&amp;D at Fermilab Petra Merkel Fermilab Detector R&amp;D Coordinator September 27 th 2019 Detector R&amp;D Organization at Fermilab Detector Advisory Group : ~15 experts of different detector technologies

908 views • 32 slides
Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with

Sixteenth Session of the Forum on Regional Climate Monitoring, Assessment and Prediction for Asia (FOCRAII), May 7, 2020 ( ), y , Outlook of Summer Rainfall Anomaly in Asia with Outlook of Summer Rainfall Anomaly in Asia with SMART-based

457 views • 16 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

&lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series &lt;Title&gt; Yiqun Hu, SP Group Agenda Condition monitoring &amp; anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov

Introduction Anomaly Sum Rule Transition form factors of mesons Quark-hadron duality Corrections interplay and ex Axial anomaly and BABAR data Y.N. Klopot 1 , A.G. Oganesian 2 , O.V. Teryaev 1 1 Bogoliubov Laboratory of Theoretical Physics,

580 views • 34 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok

NVRAMOS 14 10.30. 2014 Resolving Journaling of Journal Anomaly via Weaving Recovery Information into DB Page Beomseok Nam UNIST Outline Motivation Journaling of Journal Anomaly How to resolve Journaling of Journal anomaly

606 views • 60 slides
The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially

The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially

The GSI Anomaly M. Lindner Max-Planck-Institut fr Kernphysik, Heidelberg Sildes partially adopted from F. Bosch What is the GSI Anomaly? Periodically modualted exponential -decay law of highly charged, stored ions at GSI by

246 views • 20 slides
Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu

Information Technology Efficient Anomaly Detection by Isolation using Nearest Neighbour Ensemble Tharindu Rukshan Bandaragoda Kai Ming Ting David Albrecht Fei Tony Liu Jonathan R. Wells Outline Overview of anomaly detection

657 views • 41 slides
A Medium Size Detector for the ILC ... what used to be the TESLA or LD detector concept Ties

A Medium Size Detector for the ILC ... what used to be the TESLA or LD detector concept Ties

A Medium Size Detector for the ILC ... what used to be the TESLA or LD detector concept Ties Behnke, DESY on behalf of the European and American large detector concept groups A medium size detector for the linear collider: Ties Behnke: A

380 views • 21 slides
Km3 neutrino detector workshop January 23 20.30-22.00 KM3 Cerenkov neutrino detector, the

Km3 neutrino detector workshop January 23 20.30-22.00 KM3 Cerenkov neutrino detector, the

1/60 Km3 neutrino detector workshop January 23 20.30-22.00 KM3 Cerenkov neutrino detector, the Cerenkov medium properties: ice, sea water, lake water. Their effect on Km3 neutrino detector workshop detector structure, effective area and

948 views • 60 slides
Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface

Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface

CISC meeting 13/02/2019 Interface between CISC and Detector Facilities A. Cervera S. Gollapinni Contents of interface document Introduction Detector Integration DUNE Detector Infrastructure Detector Support Structures (DSS)

1.05k views • 14 slides
Discussion of Anomaly Time Boone Bowles, Adam V. Reed, Matthew C. Ringgenberg, Jacob R.

Discussion of Anomaly Time Boone Bowles, Adam V. Reed, Matthew C. Ringgenberg, Jacob R.

Discussion of Anomaly Time Boone Bowles, Adam V. Reed, Matthew C. Ringgenberg, Jacob R. Thornock PRESENTER Patricia M. Dechow, University of Southern California, Marshall School of Business Anomaly Time Early Bird Gets The Worm

582 views • 37 slides
Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R Isolation trees Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Isolation tree DataCamp Anomaly Detection in R Isolation tree plots DataCamp Anomaly Detection in R

631 views • 19 slides
Conformal anomaly, entanglement entropy and boundaries Sergey N. Solodukhin University of Tours

Conformal anomaly, entanglement entropy and boundaries Sergey N. Solodukhin University of Tours

Conformal anomaly, entanglement entropy and boundaries Sergey N. Solodukhin University of Tours Talk at Oxford Holography Seminar February 9, 2016 Plan of the talk: 1. Brief review: local Weyl anomaly, entangle- ment entropy 2. Integral

812 views • 35 slides

More recommend