https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A hybrid behavior- and Bayesian network-based framework for cyber–physical anomaly detection
Unit of Automatic Control, University Campus Bio-Medico di Roma, Via Alvaro del Portillo 21, 00128, Rome, Italy.
Mälardalen University, School of Innovation, Design and Engineering, Innovation and Product Realisation.ORCID iD: 0000-0002-2833-7196
Unit of Automatic Control, University Campus Bio-Medico di Roma, Via Alvaro del Portillo 21, 00128, Rome, Italy.ORCID iD: 0000-0001-8700-4749
IDSIA USI-SUPSI, Department of Innovative Technologies, University of Applied Sciences and Arts of Southern Switzerland, 6962 Lugano, Switzerland.
2023 (English)In: Computers & electrical engineering, ISSN 0045-7906, E-ISSN 1879-0755, Vol. 112, article id 108988Article in journal (Refereed) Published
Abstract [en]

In recent years, the increasing Internet connectivity and heterogeneity of industrial protocols have been raising the number and nature of cyber-attacks against Industrial Control Systems (ICS). Such cyber-attacks may lead to cyber anomalies and further to the failure of physical components, thus leading to cyber–physical attacks. In this paper, we present a novel unsupervised cyber–physical anomaly detection framework based on a hybrid “multi-formalism” approach that combines the outcomes of multiple unsupervised behavior-based anomaly detectors through a Bayesian network-based probabilistic modeling of the ICS. More precisely, the framework consists of two behavior-based anomaly detection modules that monitor separately and simultaneously the behavior of cyber and physical data acquired from the ICS. The outputs of such modules are filtered and combined through a Bayesian network-based modeling in order to improve the trustworthiness of the detected anomalies and to provide the detection probability of cyber, physical, and cyber–physical anomalies, taking into account possible cascading effects over the cyber–physical process. The outcomes achieved through the implementation of our framework on the hardware-in-the-loop Water Distribution Testbed (WDT) dataset show very high detection performance with a strong ability to reject false positive events and to isolate and localize the anomalies over the cyber–physical process.

Place, publisher, year, edition, pages
2023. Vol. 112, article id 108988
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:mdh:diva-64624DOI: 10.1016/j.compeleceng.2023.108988ISI: 001098266200001Scopus ID: 2-s2.0-85174801411OAI: oai:DiVA.org:mdh-64624DiVA, id: diva2:1807712
Available from: 2023-10-27 Created: 2023-10-27 Last updated: 2023-12-07Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Flammini, Francesco

Search in DiVA

By author/editor
Flammini, FrancescoGuarino, Simone
By organisation
Innovation and Product Realisation
In the same journal
Computers & electrical engineering
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 34 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf