A degradation-based detection framework against covert cyberattacks on SCADA systems

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are commonly used in critical infrastructures. However, these systems are typically vulnerable to cyberattacks. Among the different types of cyberattacks, the covert attack is one of the hardest to detect – it is undetectable when the system is operating under normal conditions. In this article, we develop a data-driven detection framework that utilizes the degradation process of the system to detect covert attacks. We derive mathematical characteristics of the degradation processes under covert attacks that are used for developing a sequential likelihood ratio test method for attack detection. We verify our methodology through an extensive numerical study and a case study on a rotating machinery setup. Our results show that the methodology helps detect covert attacks within reasonable delay time and is applicable under real-world settings.

Keywords:

• Cybersecurity
• SCADA
• covert attack
• reliability
• attack detection

Acknowledgments

The authors would like to thank the editor and reviewers for their valuable comments and suggestions. This work was supported by the U.S. National Science Foundation (CMMI-1536555).

Additional information

Notes on contributors

Dan Li

Dan Li is a PhD candidate in industrial engineering at the H. Milton Stewart School of Industrial and Systems Engineering. She received a BS Automotive Engineering degree from Tsinghua University, Beijing, China. Her research interests include sensor-based data analytics and cyber-security for industrial control systems. She is currently working on data-driven cyberattack detection and diagnosis in industrial control systems. Dan is the recipient of the Energy Systems Division Best Student Paper Award in 2019 IISE Annual Conference, and the runner up of the DAIS Track Best Student Paper in 2019 IISE Annual Conference.

Kamran Paynabar

Professor Kamran Paynabar is the Fouts Family Early Career Professor and Associate professor in the H. Milton Stewart School of Industrial and Systems Engineering at Georgia Tech. He received his BSc and MSc in industrial engineering from university Iran in 2002 and 2004, respectively, and his PhD in industrial and operations engineering from The University of Michigan in 2012. He also holds an MA in statistics from The University of Michigan. His research interests comprise both applied and methodological aspects of machine-learning and statistical modeling integrated with engineering principles. He is a recipient of the INFORMS Data Mining Best Student Paper Award, the Best Application Paper Award from IIE Transactions, the Best QSR refereed paper from INFORMS, and the Best Paper Award from POMS. He has been recognized with the Georgia Tech campus level 2014 CETL/BP Junior Faculty Teaching Excellence Award and the Provost Teaching and Learning Fellowship. He served as the chair of QSR of INFORMS, and the president of QCRE of IISE.

Nagi Gebraeel

Professor Nagi Gebraeel is the Georgia Power Early Career Professor and professor in the H. Milton Stewart School of Industrial and Systems Engineering at Georgia Tech. He received his MS and PhD from Purdue University in 1998 and 2003, respectively. Dr. Gebraeel leads Predictive Analytics and Intelligent Systems (PAIS) research group at Georgia Tech’s Supply Chain and Logistics Institute. He also directs activities and testing at the Analytics and Prognostics Systems laboratory at Georgia Tech’s Manufacturing Institute. Formerly, Dr. Gebraeel served as an associate director at Georgia Tech’s Strategic Energy Institute (from 2014 until 2019) where he was responsible for identifying and promoting research initiatives and thought-leadership at the intersection of data science and energy applications. He was also the former president of the Institute of Industrial and Systems Engineers (IISE) Quality and Reliability Engineering Division and is currently a member of the Institute for Operations Research and the Management Sciences (INFORMS), and IISE (since 2005).