On Study of Stealthy Attacks in a Process Control System with Model-based Anomaly Detection Protection

• Main Author: 黃啟彥
• Other Authors: 黃育綸
• Format: Others
• Language: en_US
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/68172228210520738824

碩士 === 國立交通大學 === 電控工程研究所 === 98 === Process control systems (PCS) are widely used in modern infrastructures and industrial plants for stabilizing safety-critical processes. Any disruption in such systems may cause serious human injuries and environmental disasters. In 2008, Lin et al.~proposed a model-based anomaly detection module (abbreviated to mADM) to assure the security and stability of a well-studied Tennessee-Eastman process control system (TE-PCS). By taking advantages of cumulating the differences between real and simulated signals, mADM was able to detect an attack that compromises one or more sensors to crash the system. To evaluate the robustness of mADM, we study the stealthy attacks launched by an insider who may (1) know the detection and response strategies of mADM or (2) adjust the parameters of mADM so that these stealthy attacks may successfully attack the system without being detected by mADM. After analyzing mADM, we prove that a general stealthy attack signal can be represented by three types of curves, convex curve (cv), slope (sl), and concave curve (cc), depending on the cumulative differences of signals. By conducting a series of experiments on TE-PCS, we can identify the weakest sensor and the most effective way to stealthily attack this sensor. We also show that, if an insider cannot adjust the parameter settings and the parameters are well configured, he may not be able to crash the system. In the case that the insider obtains the permission to adjust the parameter settings, mADM should self-check whether the settings fall within valid ranges. Over-the-threshold settings may lead to a crash without being detected while under-the-threshold values may result in frequent false alarms and increase the operating costs. In the end, we also demonstrate three case studies to discuss that stealthy attacks may decrease the profits from 0.06% to 41%, depending on the ratio of costs and sales prices.