Please wait a minute...
浙江大学学报(工学版)  2018, Vol. 52 Issue (9): 1738-1746    DOI: 10.3785/j.issn.1008-973X.2018.09.014
刘大龙, 冯冬芹
浙江大学 工业控制技术国家重点实验室 智能系统与控制研究所, 浙江 杭州 310027
Deceptive attack detection of control system using multi-scale principal component analysis
LIU Da-long, FENG Dong-qin
State Key Laboratory of Industrial Control Technology, Institute of Cyber-Systems and Control, Zhejiang University, Hangzhou 310027, China
 全文: PDF(1208 KB)   HTML



As industrial control system is threatened by sinusoidal attack, the mathematical model was established using a typical loop of the control system; the Fourier transform and wavelet analysis was used to analyze its different characteristics in the aspect of attack ability and concealment. Then, an algorithm was developed against sinusoidal attack using multi-scale principal component analysis (MSPCA) with online implementation. Simulation of sinusoidal attack on Tenessee Eastman (TE) process show that sinusoidal attack not only causes physical damage, but also conceals the damage. When the frequency of sinusoidal attack is higher, the attack can not be detected by the traditional principal component analysis (PCA) method, meanwhile, our method can detect the attack quickly and accurately.

收稿日期: 2017-07-18 出版日期: 2018-09-20
CLC:  TU277  


通讯作者: 冯冬芹,男,教授.orcid.org0000-0002-3034-0933.     E-mail: 冯冬芹,男,教授
作者简介: 刘大龙(1993-),男,硕士生,从事工业控制系统网络安全相关研究
E-mail Alert


刘大龙, 冯冬芹. 采用多尺度主成分分析的控制系统欺骗攻击检测[J]. 浙江大学学报(工学版), 2018, 52(9): 1738-1746.

LIU Da-long, FENG Dong-qin. Deceptive attack detection of control system using multi-scale principal component analysis. JOURNAL OF ZHEJIANG UNIVERSITY (ENGINEERING SCIENCE), 2018, 52(9): 1738-1746.


[1] AMIN S, LIN Z S, HUANG Y L, et al. Attacks against process control systems:risk assessment, detection, and response[C]//Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. Hong Kong:ACM, 2011:355-366.
[2] HUANG Y L, CARDENAS A A, AMIN S, et al. Understanding the physical and economic consequences of attacks on control systems[J]. International Journal of Critical Infrastructure Protection, 2009, 2(3):73-83.
[3] BARBOSA R R R, SADRE R, PRAS A. Towards periodicity based anomaly detection in SCADA networks[C]//Emerging Technologies & Factory Automation. Krakow:IEEE, 2012:1-4.
[4] HONG J, LIU C C, GOVINDARASU M. Integrated anomaly detection for cyber security of the substations[J]. IEEE Transactions on Smart Grid, 2014, 5(4):1643-1653.
[5] KWON Y J, KIM H K, YONG H L, et al. A behavior-based intrusion detection technique for smart grid infrastructure[C]//PowerTech, 2015 IEEE Eindhoven. Eindhoven:IEEE, 2015:1-6.
[6] 张云贵, 佟为明, 赵永丽. CUSUM异常检测算法改进及在工控系统入侵检测中的应用[J]. 冶金自动化, 2014(5):1-5 ZHANG Yun-gui, TONG Wei-ming, ZHAO Yong-li. Improvement of CUSUM algorithm and its application in intrusion detection for industry control systems[J]. Metallurgical Industry Automation, 2014(5):1-5
[7] AMIN S, LITRICO X, SASTRY S, et al. Cyber security of water SCADA systems-Part I:analysis and experimentation of stealthy deception attacks[J]. IEEE Transactions on Control Systems Technology, 2013, 21(5):1963-1970.
[8] MO Y, CHABUKSWAR R, SINOPOLI B. Detecting integrity attacks on SCADA systems[J]. IEEE Transactions on Control Systems Technology, 2014, 22(4):1396-1407.
[9] LIU Y, NING P, REITER M K. False data injection attacks against state estimation in electric power grids[J]. ACM Transactions on Information & System Security, 2009, 14(1):21-32.
[10] KWON C, LIU W, HWANG I. Security analysis for cyber-physical systems against stealthy deception attacks[C]//American Control Conference (ACC), 2013. Washington:IEEE, 2013, pp. 3344-3349.
[11] 张环宇, 陈凯. 基于零动态的工控系统攻击检测识别安全模型[J]. 计算机工程, 2017, 43(10):98-103 ZHANG Huan-yu, CHEN Kai. Industrial control system security model of attack detection and identification based on zero dynamics[J]. Computer Engineering, 2017, 43(10):98-103
[12] 甄玉磊. 网络控制系统中重放攻击的检测与对策[D]. 北京:北京交通大学, 2016. ZHEN Yu-lei, Detection and countermeasure of replay attack in networked control system[D]. Beijing:Beijing Jiaotong University, 2016.
[13] BARBOSA R R R, SADRE R, PRAS A. A first look into SCADA network traffic[C]//Network Operations and Management Symposium. IEEE, 2017:518-521.
[14] MIRIN S N S, WAHAB N A. Fault detection and monitoring using multiscale principal component analysis at a sewage treatment plant[J]. Jurnal Teknologi, 2014, 70(3).
[15] LANGNER R. Stuxnet:dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011, 9(3):49-51.
[16] FUBEERF. 深度:震网病毒的秘密(二)[EB/OL]. (2013-12-26).[2017-07-18].
[17] BAKSHI B R. Multiscale PCA with application to multivariate statistical process monitoring[J]. AIChE Journal, 1998, 44(7):1596-1610.
[18] 钱叶魁, 陈鸣, 叶立新, 等. 基于多尺度主成分分析的全网络异常检测方法[J]. 软件学报, 2012, 23(2):361-377 QIAN Ye-kui, CHEN M, YE Li-xin, et al. Network-Wide anomaly detection method based on multiscale principal component analysis[J]. Journal of Software, 2012, 23(2):361-377
[19] CHIANG L H, RUSSELL E L, BRAATZ R D. Fault detection and diagnosis in industrial systems[M]. 2nd ed. London:Springer-Verlag, 2001.

No related articles found!