Data Fusion and Cyber-Physical Systems
The worldwide scientific community shows a keen interest in Cyber-Physical Systems that are a new technological revolution in the Industrial Control Systems’ world.
In fact, it is necessary to consider both the physical nature of the control system, and the way in which data go through the system. In an Industrial Control System data processing and transferring methods are extremely significant: a simple BIT, travelling within the network, is able to control actuators and produce physical actions.
The main concepts is that, in general, Cyber-Physical Systems (CPSs) integrate computing and communication capabilities with monitoring and controlling skills in the physical world.
It is possible to represents a CPS, using the following schema:
Where U is the control command and Y is the state of the system. The red devils represent the possible vulnerabilities that an attacker could exploit for its own purposes.
The researcher, under this general abstraction, can study and investigate the processes in SCADA Systems, Critical Infrastructures and Smart Grids interpreting the overall system as a Cyber-Physical System.
For anomaly detection and consequently for SCADA and Critical Infrastructures protection, many authors provides their solutions for the problem.
In particular, Pasqualetti et al. [1] , modelled a cyber-physical systems under attack as linear time-invariant descriptor systems subject to unknown inputs.
Other works use an explicit model of the system for cyber-physical anomaly detection (especially SCADA system: Svendsen and Wolthusen or Cardenas et al. [2] [3] [4]). The detection process in enhanced by using feedback control theory to predict future values and ultimately detect physical anomalies in the system.
This pure theoretical approaches, that consider only the mathematical description of the physical process, have brought many limitations in the developing of smart industrial controllers that have to react also to situations not completely modelled.
The solution, within the cyber-physical framework, can be found using a hybrid approach that use the data fusion process and the mathematical model provided by the “Evidence Theory”.
The aim is to exploit the close connection between cyber and physical world and develop an innovative unified framework and fusion rules for the design of new smart industrial controllers and intrusion detection systems to support automated decision making processes.
Using a notional smart grid architecture, shown in Figure 2, we propose a scenario that involves an attacker who compromises the operation of a piece of equipment (circuit breaker) via a telecommunication attacks (distributed denial-of-service attack). Using an extension of the Evidence Theory we propose a smart algorithm able to manage and model this situation.
For more, see our full papers:
- Riccardo Santini, Chiara Foglietta and Stefano Panzieri. “Evidence Theory for Smart Grid Diagnostics”. IEEE/PES European Conference: Innovative Smart Grid Technologies (ISGT 2013), Denmark, Copenhagen, October 2013.
- Riccardo Santini, Chiara Foglietta and Stefano Panzieri: “Evidence Theory for Cyber-Physical Systems”. Eighth Annual International Conference on Critical Infrastructure Protection (IFIP 2014), Virginia, USA ,March 2014.
References:
- [1] Pasqualetti, Dorfler e Bullo, «Cyber-Physical Attacks in Power Networks:Models, Fundamental Limitations and Monitor Design».
- [2] Cardenas, Amin e Sastry, «Secure Control: Towards Survivable Cyber-Physical Systems,» IEEE 2008.
- [3] Svendsen e Wolthusen, «Using Physical Models for Anomaly Detection in Control Systems,» vol. 311, n. pag 139-149.
- [4] Cardenas, Amin, Huang e Sastry, «Attacks Against Process Control Systems: Risk Assessment,Detection, and Response,» 2011.