Please wait a minute...
浙江大学学报(工学版)  2018, Vol. 52 Issue (9): 1738-1746    DOI: 10.3785/j.issn.1008-973X.2018.09.014
计算机技术     
采用多尺度主成分分析的控制系统欺骗攻击检测
刘大龙, 冯冬芹
浙江大学 工业控制技术国家重点实验室 智能系统与控制研究所, 浙江 杭州 310027
Deceptive attack detection of control system using multi-scale principal component analysis
LIU Da-long, FENG Dong-qin
State Key Laboratory of Industrial Control Technology, Institute of Cyber-Systems and Control, Zhejiang University, Hangzhou 310027, China
 全文: PDF(1208 KB)   HTML
摘要:

针对工业控制系统中存在的正弦欺骗攻击,以控制系统的典型回路为研究对象,建立数学模型;利用傅里叶变换、小波分析,从时间-尺度域分析其在攻击能力和隐蔽性方面与一般性欺骗攻击的不同特性;将多尺度主元分析(MSPCA)用于正弦攻击检测,提出在线检测算法.在TE过程上进行仿真研究,结果表明,正弦攻击不但能够造成物理破坏,而且伤害较隐蔽.当正弦攻击的频率较高时,通过传统的主成分分析(PCA)方法无法检测,所提出的方法能快速准确地检测出攻击.

Abstract:

As industrial control system is threatened by sinusoidal attack, the mathematical model was established using a typical loop of the control system; the Fourier transform and wavelet analysis was used to analyze its different characteristics in the aspect of attack ability and concealment. Then, an algorithm was developed against sinusoidal attack using multi-scale principal component analysis (MSPCA) with online implementation. Simulation of sinusoidal attack on Tenessee Eastman (TE) process show that sinusoidal attack not only causes physical damage, but also conceals the damage. When the frequency of sinusoidal attack is higher, the attack can not be detected by the traditional principal component analysis (PCA) method, meanwhile, our method can detect the attack quickly and accurately.

收稿日期: 2017-07-18 出版日期: 2018-09-20
CLC:  TU277  
基金资助:

国家自然科学基金资助项目(61433006)

通讯作者: 冯冬芹,男,教授.orcid.org0000-0002-3034-0933.     E-mail: 冯冬芹,男,教授.orcid.org0000-0002-3034-0933.E-mail:dongqinfeng@zju.edu.cn
作者简介: 刘大龙(1993-),男,硕士生,从事工业控制系统网络安全相关研究.orcid.org0000-0002-6641-6768.E-mail:ldliu@zju.edu.cn
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
作者相关文章  

引用本文:

刘大龙, 冯冬芹. 采用多尺度主成分分析的控制系统欺骗攻击检测[J]. 浙江大学学报(工学版), 2018, 52(9): 1738-1746.

LIU Da-long, FENG Dong-qin. Deceptive attack detection of control system using multi-scale principal component analysis. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2018, 52(9): 1738-1746.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2018.09.014        http://www.zjujournals.com/eng/CN/Y2018/V52/I9/1738

[1] AMIN S, LIN Z S, HUANG Y L, et al. Attacks against process control systems:risk assessment, detection, and response[C]//Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. Hong Kong:ACM, 2011:355-366.
[2] HUANG Y L, CARDENAS A A, AMIN S, et al. Understanding the physical and economic consequences of attacks on control systems[J]. International Journal of Critical Infrastructure Protection, 2009, 2(3):73-83.
[3] BARBOSA R R R, SADRE R, PRAS A. Towards periodicity based anomaly detection in SCADA networks[C]//Emerging Technologies & Factory Automation. Krakow:IEEE, 2012:1-4.
[4] HONG J, LIU C C, GOVINDARASU M. Integrated anomaly detection for cyber security of the substations[J]. IEEE Transactions on Smart Grid, 2014, 5(4):1643-1653.
[5] KWON Y J, KIM H K, YONG H L, et al. A behavior-based intrusion detection technique for smart grid infrastructure[C]//PowerTech, 2015 IEEE Eindhoven. Eindhoven:IEEE, 2015:1-6.
[6] 张云贵, 佟为明, 赵永丽. CUSUM异常检测算法改进及在工控系统入侵检测中的应用[J]. 冶金自动化, 2014(5):1-5 ZHANG Yun-gui, TONG Wei-ming, ZHAO Yong-li. Improvement of CUSUM algorithm and its application in intrusion detection for industry control systems[J]. Metallurgical Industry Automation, 2014(5):1-5
[7] AMIN S, LITRICO X, SASTRY S, et al. Cyber security of water SCADA systems-Part I:analysis and experimentation of stealthy deception attacks[J]. IEEE Transactions on Control Systems Technology, 2013, 21(5):1963-1970.
[8] MO Y, CHABUKSWAR R, SINOPOLI B. Detecting integrity attacks on SCADA systems[J]. IEEE Transactions on Control Systems Technology, 2014, 22(4):1396-1407.
[9] LIU Y, NING P, REITER M K. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information & System Security, 2009, 14(1):21-32.
[10] KWON C, LIU W, HWANG I. Security analysis for cyber-physical systems against stealthy deception attacks[C]//American Control Conference (ACC), 2013. Washington:IEEE, 2013, pp. 3344-3349.
[11] 张环宇, 陈凯. 基于零动态的工控系统攻击检测识别安全模型[J]. 计算机工程, 2017, 43(10):98-103 ZHANG Huan-yu, CHEN Kai. Industrial control system security model of attack detection and identification based on zero dynamics[J]. Computer Engineering, 2017, 43(10):98-103
[12] 甄玉磊. 网络控制系统中重放攻击的检测与对策[D]. 北京:北京交通大学, 2016. ZHEN Yu-lei, Detection and countermeasure of replay attack in networked control system[D]. Beijing:Beijing Jiaotong University, 2016.
[13] BARBOSA R R R, SADRE R, PRAS A. A first look into SCADA network traffic[C]//Network Operations and Management Symposium. IEEE, 2017:518-521.
[14] MIRIN S N S, WAHAB N A. Fault detection and monitoring using multiscale principal component analysis at a sewage treatment plant[J]. Jurnal Teknologi, 2014, 70(3).
[15] LANGNER R. Stuxnet:dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011, 9(3):49-51.
[16] FUBEERF. 深度:震网病毒的秘密(二)[EB/OL]. (2013-12-26).[2017-07-18]. http://www.freebuf.com/news/19199.html.
[17] BAKSHI B R. Multiscale PCA with application to multivariate statistical process monitoring[J]. AIChE Journal, 1998, 44(7):1596-1610.
[18] 钱叶魁, 陈鸣, 叶立新, 等. 基于多尺度主成分分析的全网络异常检测方法[J]. 软件学报, 2012, 23(2):361-377 QIAN Ye-kui, CHEN M, YE Li-xin, et al. Network-Wide anomaly detection method based on multiscale principal component analysis[J]. Journal of Software, 2012, 23(2):361-377
[19] CHIANG L H, RUSSELL E L, BRAATZ R D. Fault detection and diagnosis in industrial systems[M]. 2nd ed. London:Springer-Verlag, 2001.

No related articles found!