A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical Systems
Paper i proceeding, 2021

Process-aware attack detection plays a key role in securing cyber-physical systems. A process-aware detection system (PADS) identifies a baseline behaviour of the physical process in cyber-physical systems and continuously attempts to detect deviations from the baseline attributed to malicious modifications in the process operation. Typically, a PADS triggers an alarm whenever the detection score crosses a fixed and predetermined threshold. In this paper, we argue that in the context of securing cyber-physical systems, relying on a single fixed threshold can undermine the effectiveness of the PADS, and propose a context-aware framework for determining two-dimensional thresholds that enhance the sensibility and reliability of such detection systems by rendering them more robust to false detection. In addition, we propose an algorithm, out of many possible, within this framework as a practical example.

process-aware defense

threshold

cyber-physical systems

attack detection

Författare

Wissam Aoudi

Chalmers, Data- och informationsteknik, Nätverk och system

Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Australasian Information Security Conference, AISC 2021

Australasian Information Security Conference
Dunedin, New Zealand,

RIOT: Ett resilient sakernas internet

Myndigheten för samhällsskydd och beredskap, 2019-01-01 -- 2023-12-31.

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap, 2015-09-01 -- 2020-08-31.

KIDSAM: Kunskap- och informationssdelning i digitala samverkansprojekt

VINNOVA, 2018-11-01 -- 2021-11-30.

VINNOVA, 2018-11-01 -- 2021-11-30.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

Europeiska kommissionen (EU), 2017-11-01 -- 2020-04-30.

Ämneskategorier

Annan data- och informationsvetenskap

Datavetenskap (datalogi)

Datorsystem

DOI

10.1145/3437378.3437393

Mer information

Senast uppdaterat

2020-11-21