https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Worst-Case Impact Assessment of Multi-Alarm Stealth Attacks Against Control Systems with CUSUM-Based Anomaly Detection
Mälardalen University, School of Innovation, Design and Engineering, Innovation and Product Realisation.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0002-1364-8127
2023 (English)In: 2023 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING AND SELF-ORGANIZING SYSTEMS, ACSOS, 2023, no 4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), p. 117-126Conference paper, Published paper (Other academic)
Abstract [en]

Manipulating sensor data can deceive cyber-physical systems (CPSs), leading to hazardous conditions in physical plants. An Anomaly Detection System (ADS) like CUSUM detects ongoing attacks by comparing sensor signals with those generated by a model. However, physics-based methods are threshold-based, which can result in both false positives and undetectable attacks. This can lead to undetected attacks impacting the system state and potentially causing large deviations from the desired behavior. In this paper, we introduce a metric called transparency that uniquely quantifies the effectiveness of an ADS in terms of its ability to prevent state deviation. While existing research focuses on designing optimal zero-alarm stealth attacks, we address the challenge of detecting more sophisticated multi-alarm attacks that generate alarms at a rate comparable to the system noise. Through our analysis, we identify the conditions that require the inclusion of multi-alarm scenarios in worst-case impact assessments. We also propose an optimization problem designed to identify multi-alarm attacks by relaxing the constraints of a zero-alarm attack problem. Our findings reveal that multi-alarm attacks can cause a more significant state deviation than zero-alarm attacks, emphasizing their critical importance in the security analysis of control systems.

Place, publisher, year, edition, pages
2023. no 4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), p. 117-126
Keywords [en]
security, control systems, optimization
National Category
Control Engineering
Identifiers
URN: urn:nbn:se:mdh:diva-65354DOI: 10.1109/ACSOS58161.2023.00029ISI: 001122711700013Scopus ID: 2-s2.0-85181772989ISBN: 979-8-3503-3744-0 (print)OAI: oai:DiVA.org:mdh-65354DiVA, id: diva2:1828580
Conference
4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Toronto, Canada, 25-29 September, 2023
Available from: 2024-01-17 Created: 2024-01-17 Last updated: 2024-01-17Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Gualandi, GabrielePapadopoulos, Alessandro

Search in DiVA

By author/editor
Gualandi, GabrielePapadopoulos, Alessandro
By organisation
Innovation and Product RealisationEmbedded Systems
Control Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 42 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf