libra etd
Online Archive of University of Virginia Scholarship

Initial Application of Fault Detection Techniques to Cybersecurity Intrusion Detection 1101 views

Author

DiValentin, Louis, Systems Engineering - School of Engineering and Applied Science, University of Virginia

Advisors

  • Horowitz, Barry , Department of Systems and Information Engineering , University of Virginia

Abstract

Industrial control systems recently have become the targets of cyber-attacks that manipulate the parameters of their normal operating procedures to produce unstable behavior. Previous research has shown that security solutions embedded within the system being protected can provide a method for cyber-attack detection. Fault detection, specifically system identification, can offer multiple methods of detection of deviations from set system parameters in a dynamic model representation of the industrial control system using the measurements obtained and the inputs specified during operation. In particular, this research effort uses different system identification techniques to determine if a system is operating as designed and configured. During the investigation for this Thesis a detection algorithm was created that monitors a system by comparing real time estimates of the dynamic model of the system with the known designed system dynamic model. When sufficient deviations between the estimated dynamic model and the known dynamic model are judged by the similarity algorithms, the detection algorithm informs system operators of the possible existence of an attack. The operators of the systems then use a series of guidelines created in this Thesis that examines the conditions and the situational disutility surrounding the event to help determine the likelihood of a cyber-attack versus a hardware or software failure. This Thesis will compare multiple existing systems identification techniques to determine how effective the selected techniques are at detecting cyber-attacks, with the criteria of success being the true positive rates, the false alarm rates, and the detection time.

Degree

MS (Master of Science)

Keywords

attack; industrial; estimation; linear; detection; control; filtering; identification; stuxnet; cyber; security; parameter; dynamic; kalman; systems; subspace

Language

English

Rights

All rights reserved (no additional license for public reuse)

Issued Date

2013-09-13

Persistent Link

https://doi.org/10.18130/V3CW8Q

Suggested Citation

DiValentin, Louis. Initial Application of Fault Detection Techniques to Cybersecurity Intrusion Detection. University of Virginia, Systems Engineering - School of Engineering and Applied Science, MS (Master of Science), 2013-09-13, https://doi.org/10.18130/V3CW8Q.

Files

Thesis with Sig.pdf
Downloads: 492
Download
opens in a new window