LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

Detection and Differentiation of Replay Attack and Equipment Faults in SCADA Systems

Photo by nampoh from unsplash

Supervisory control and data acquisition (SCADA) systems are widely used for industrial control of critical infrastructures, such as power plants and manufacturing systems. There is abundant evidence of SCADA systems… Click to show full abstract

Supervisory control and data acquisition (SCADA) systems are widely used for industrial control of critical infrastructures, such as power plants and manufacturing systems. There is abundant evidence of SCADA systems being subject to cyberattacks. With increasing interest in industrial digitization, the cybersecurity of SCADA systems is poised to be even more important. Equipment faults and cyberattacks can manifest themselves in a similar fashion, i.e., they can exhibit similar signatures. This article focuses on methods that are capable of distinguishing equipment faults from bona fide cyberattacks. Especially, we consider a relatively sophisticated form of cyberattack known as the “replay attack” (RA). We derive mathematical formalisms that distinguish the RA from several classes of equipment faults and verify our methodology through an extensive numerical study. Note to Practitioners—This article is motivated by the problem of detecting replay cyberattacks in industrial control systems and differentiating it from equipment faults. Existing approaches mainly focus on the detection aspect but usually ignore the importance of differentiation. We an ensembled statistical process monitoring approach based on five statistical metrics. The statistical metrics are derived based on a theoretical analysis that shows the data characteristics under each system anomaly, including replay attack (RA), controller fault, and plant fault. We mathematically prove that the signatures generated by the derived metrics can be used to differentiate an RA from the equipment faults. We conduct a sensitivity analysis of the detection delay of our method regarding the magnitude of the cyberattack. Physical experiments on a rotating machinery setup show that the proposed approach applies to some simple real-world settings. In future research, we will address the scalability issue of our method as well as more generalized nonlinear system settings.

Keywords: equipment; equipment faults; scada systems; replay attack

Journal Title: IEEE Transactions on Automation Science and Engineering
Year Published: 2021

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.