Accessibility navigation


Revealing ongoing sensor attacks in industrial control system via setpoint modification

Dai, Z., He, L., Yang, S.-H. ORCID: https://orcid.org/0000-0003-0717-5009 and Leeke, M. (2023) Revealing ongoing sensor attacks in industrial control system via setpoint modification. In: IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC), 14-17 Nov 2023, Abu Dhabi, United Arab Emirates, https://doi.org/10.1109/dasc/picom/cbdcom/cy59711.2023.10361334.

Full text not archived in this repository.

It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing.

To link to this item DOI: 10.1109/dasc/picom/cbdcom/cy59711.2023.10361334

Abstract/Summary

A variety of Intrusion Detection Systems (IDSs) for Industrial Control Systems have been proposed to detect attacks and alert operators. Passive and active detection schemes are characterised by whether or not they interact with the process under control, though both categories of approach have limitations relating to either known correlations in the process data or the use of explicit system modelling. We propose setpoint modification as a strategy to address those limitations. The approach superimposes Gaussian noises on setpoint values, which aids in revealing latent correlations between setpoints and measurements, thereby allowing machine learning-based IDSs to learn them during training and verify during inference. We show that by applying the approach to a linear system with PID control, statistical tests can be configured such that the distortion power of sensor attacks is nullified. Building on this foundation, we further adapt passive IDSs for active discovery of sensor attacks in a process-agnostic fashion. The proposed strategy is evaluated using a nonlinear and simulated industrial benchmark, affirming that the approach enhances intrusion detection performance when the specific sensor under consideration is targeted whilst incurring marginal cost. Finally, we explore changing setpoints concurrently when the attacker could manipulate an arbitrary sensor, which also boosts detection performance and motivates the exploration of setpoint selection.

Item Type:Conference or Workshop Item (Paper)
Refereed:Yes
Divisions:Science > School of Mathematical, Physical and Computational Sciences > Department of Computer Science
ID Code:114553
Publisher:IEEE

University Staff: Request a correction | Centaur Editors: Update this record

Page navigation