Abstract
Both stochastic failures and cyber attacks can compromise the correct functionality of Cyber-Physical Systems (CPSs). Cyber attacks manifest themselves in the physical system and, can be misclassified as component failures, leading to wrong control actions and maintenance strategies. In this chapter, we illustrate the use of a nonparametric cumulative sum (NP-CUSUM) approach for online diagnostics of cyber attacks to CPSs. This allows for (i) promptly recognizing cyber attacks by distinguishing them from component failures, and (ii) guiding decisions for the CPSs recovery from anomalous conditions. We apply the approach to the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED) and its digital Instrumentation and Control (I&C) system. For this, an object-oriented model previously developed is embedded within a Monte Carlo (MC) engine that allows injecting into the I&C system both components (stochastic) failures (such as sensor bias, drift, wider noise and freezing) and cyber attacks (such as Denial of Service (DoS) attacks mimicking component failures).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Abbreviations
- CPS:
-
Cyber-Physical System
- NP-CUSUM:
-
Non-Parametric CUmulative SUM
- ALFRED:
-
Advanced Lead-cooled Fast Reactor European Demonstrator
- I&C:
-
Instrumentation and Control
- MC:
-
Monte Carlo
- NPP:
-
Nuclear Power Plant
- PI:
-
Proportional-Integral
- DoS:
-
Denial of Service
- PID:
-
Proportional-Integral-Derivative
- FDI:
-
False Data Injection
- SG:
-
Steam Generator
- FA:
-
Fuel Assembly
- CR:
-
Control Rod
- SISO:
-
Single Input Single Output
- DAC:
-
Digital-to-Analog Converter
- LSB:
-
Least Significant Bit
- P Th :
-
Thermal power
- h CR :
-
Height of control rods
- T L,hot :
-
Coolant core outlet temperature
- T L,cold :
-
Coolant SG outlet temperature
- Г :
-
Coolant mass flow rate
- T feed :
-
Feedwater SG inlet temperature
- T steam :
-
Steam SG outlet temperature
- p SG :
-
SG pressure
- G water :
-
Feedwater mass flow rate
- G att :
-
Attemperator mass flow rate
- kv :
-
Turbine admission valve coefficient
- P Mech :
-
Mechanical power
- K p,j :
-
Proportional gain value of j-th PI
- K i,j :
-
Integral gain value of j-th PI
- t :
-
Time
- t R :
-
Accident time
- t M :
-
Mission time
- Δt :
-
Sensor measuring time interval
- y :
-
Variable (safety parameter)
- y ref :
-
Reference value of controller set point value of y
- y real(t):
-
Real value of y
- y sensor(t):
-
Sensor measurement
- y feed(t):
-
Measurement received by the computing (feeding) subsystem
- y monitor(t):
-
Measurement received by the monitoring subsystem
- Y(t):
-
Redundant channel measure, Y = y feed and y monitor
- δ y(t):
-
Sensor measuring error
- q y(t):
-
Converter quantization error
- a :
-
Accidental scenario
- b :
-
Bias factor
- c :
-
Drift factor
- S Y(t):
-
Score function-based statistic of the collected Y(t), S Y(t) = \( {S}_y^{feed}(t) \) and \( {S}_y^{monitor}(t) \)
- h y :
-
Positive threshold
- τ Y :
-
Time to alarm, τ Y = \( {\tau}_y^{feed} \) and \( {\tau}_y^{monitor} \)
- Δτ y :
-
Delay difference between \( {\tau}_y^{feed} \) and \( {\tau}_y^{monitor} \)
- \( {\Gamma}_y^{ref} \) :
-
Reference delay difference
- c y :
-
NP-CUSUM parameter
- ε y :
-
NP-CUSUM parameter
- ω y :
-
NP-CUSUM positive weight
- g Y :
-
Score function
- Δg Y :
-
Score function difference value
- μ Y :
-
Pre-change mean value of Y
- θ Y :
-
Post-change mean value of Y
- \( {\widehat{\theta}}_Y(t) \) :
-
On-line estimate of θ Y
- \( {\mu}_{\Delta {g}_Y} \) :
-
Known pre-change mean value of Δg Y
- \( {\theta}_{\Delta {g}_Y} \) :
-
Unknown post-change mean value of Δg Y
- \( {\alpha}_y^h \) :
-
False alarm rate
- \( {\beta}_y^h \) :
-
Missed alarm rate
- \( \gamma \left({\Gamma}_{T_{L, cold}}^{ref}\right) \) :
-
Misclassification rate with respect to \( {\Gamma}_y^{ref} \)
References
Aldemir T, Guarro S, Mandelli D, Kirschenbaum J, Mangan LA, Bucci P et al (2010) Probabilistic risk assessment modeling of digital instrumentation and control systems using two dynamic methodologies. Reliab Eng Syst Saf 95(10):1011–1039
Alur R (2015) Principles of cyber-physical systems. MIT Press, Cambridge, MA
Authen S, Holmberg JE (2012) Reliability analysis of digital systems in a probabilistic risk analysis for nuclear power plants. Nucl Eng Technol 44(5):471–482
Aven T (2009) Identification of safety and security critical systems and activities. Reliab Eng Syst Saf 94(2):404–411
Boskvic JD, Mehra RK (2002) Stable adaptive multiple model-based control design for accommodation of sensor failures. In: American control conference, 2002. Proceedings of the 2002, IEEE, vol 3, pp 2046–2051
Bradley JM, Atkins EM (2015) Optimization and control of cyber-physical vehicle systems. Sensors 15(9):23020–23049
Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Internet Comput 10(1):82–89
Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(8):805–822
Di Maio F, Baraldi P, Zio E, Seraoui R (2013) Fault detection in nuclear power plants components by a combination of statistical methods. IEEE Trans Reliab 62(4):833–845
Duda RO, Hart PE, Stork DG (1973) Pattern classification, vol 2. Wiley, New York, pp 526–528
DYMOLA (2015) Dymola (Version 2015). France: Dassault Systèmes. Retrieved from http://www.3ds.com/products-services/catia/products/dymola
Eames DP, Moffett J (1999) The integration of safety and security requirements. In: International conference on computer safety, reliability, and security. Springer, Berlin/Heidelberg, pp 468–480
Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202
Fang Y, Sansavini G (2017) Optimizing power system investments and resilience against attacks. Reliab Eng Syst Saf 159:161–173
Fritzson P (2010) Principles of object-oriented modeling and simulation with Modelica 2.1. Wiley, Hoboken
Frogheri M, Alemberti A, Mansani L (2015) The lead fast reactor: demonstrator (ALFRED) and ELFR design. In: Fast reactors and related fuel cycles: safe technologies and sustainable scenarios (FR13). V. 1. Proceedings of an international conference
Grasso G, Petrovich C, Mikityuk K, Mattioli D, Manni F, Gugiu D (2013) Demonstrating the effectiveness of the European LFR concept: the ALFRED core design. In: Proceedings of the IAEA international conference on fast reactors and related fuel cycles: safe technologies and sustainable scenarios
Gray R, Neuhoff D (1998) Quantization. IEEE Trans Inf Theory 44(6):2325–2383
Hines JW, Garvey DR (2006) Development and application of fault detectability performance metrics for instrument calibration verification and anomaly detection. J Pattern Recogn Res 1(1):2–15
Hu X, Xu M, Xu S, Zhao P (2017) Multiple cyber attacks against a target with observation errors and dependent outcomes: characterization and optimization. Reliab Eng Syst Saf 159:119–133
IAEA (2009) Implementing digital instrumentation and control systems in the modernization of nuclear power plants. Technical report NP-T-1.4. IAEA
Jockenhövel-Barttfeld M, Taurines A, Hessler C (2016) Quantification of application software failures of digital I&C in probabilistic safety analyses. In: 13th international conference on probabilistic safety assessment and management, Seoul, Korea
Khaitan SK, McCalley JD (2015) Design techniques and applications of cyberphysical systems: a survey. IEEE Syst J 9(2):350–365
Kim KD, Kumar PR (2012) Cyber–physical systems: a perspective at the centennial. Proc IEEE 100(Special Centennial Issue):1287–1308
Kornecki AJ, Liu M (2013) Fault tree analysis for safety/security verification in aviation software. Electronics 2(1):41–56
Kriaa S, Pietre-Cambacedes L, Bouissou M, Halgand Y (2015) A survey of approaches combining safety and security for industrial control systems. Reliab Eng Syst Saf 139:156–178
Lee EA (2008) Cyber physical systems: design challenges. In: Object oriented real-time distributed computing (ISORC), 2008 11th IEEE international symposium on, IEEE, pp 363–369
Levine WS (ed) (1996) The control handbook. CRC Press, Boca Raton
Li J, Huang X (2016) Cyber attack detection of I&C systems in NPPS based on physical process data. In: 2016 24th international conference on nuclear engineering, American Society of Mechanical Engineers, pp V002T07A011–V002T07A011
Liang G, Zhao J, Luo F, Weller SR, Dong ZY (2017) A review of false data injection attacks against modern power systems. IEEE Trans Smart Grid 8(4):1630–1638
Machado, R. C., Boccardo, D. R., De Sá, V. G. P., & Szwarcfiter, J. L. (2016). Software control and intellectual property protection in cyber-physical systems. EURASIP J Inf Secur, 2016(1), 8
McNelles P, Zeng ZC, Renganathan G, Lamarre G, Akl Y, Lu L (2016) A comparison of fault trees and the dynamic flowgraph methodology for the analysis of FPGA-based safety systems part 1: reactor trip logic loop reliability analysis. Reliab Eng Syst Saf 153:135–150
Mo Y, Chabukswar R, Sinopoli B (2014) Detecting integrity attacks on SCADA systems. IEEE Trans Control Syst Technol 22(4):1396–1407
Mohammadpourfard M, Sami A, Seifi AR (2017) A statistical unsupervised method against false data injection attacks: a visualization-based approach. Expert Syst Appl 84:242–261
Moteff JD (2012) Critical infrastructure resilience: the evolution of policy and programs and issues for congress. Congressional Research Service, Library of Congress, Washington, DC
Ntalampiras S (2015) Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans Ind Inf 11(1):104–111
Ntalampiras S (2016) Automatic identification of integrity attacks in cyber-physical systems. Expert Syst Appl 58:164–173
Obama B (2013) Presidential policy directive 21: critical infrastructure security and resilience. The White House, Washington, DC
Page ES (1954) Continuous inspection schemes. Biometrika 41(1/2):100–115
Pajic M, Weimer J, Bezzo N, Sokolsky O, Pappas GJ, Lee I (2017) Design and implementation of attack-resilient cyberphysical systems: with a focus on attack-resilient state estimators. IEEE Control Syst 37(2):66–81
Piètre-Cambacédès L, Bouissou M (2013) Cross-fertilization between safety and security engineering. Reliab Eng Syst Saf 110:110–126
Ponciroli R, Bigoni A, Cammi A, Lorenzi S, Luzzi L (2014) Object-oriented modelling and simulation for the ALFRED dynamics. Prog Nucl Energy 71:15–29
Ponciroli R, Cammi A, Della Bona A, Lorenzi S, Luzzi L (2015) Development of the ALFRED reactor full power mode control system. Prog Nucl Energy 85:428–440
Qiu P, Hawkins D (2003) A nonparametric multivariate cumulative sum procedure for detecting shifts in all directions. J R Stat Soc Ser D Stat 52(2):151–164
Rahman MS, Mahmud MA, Oo AM, Pota HR (2017) Multi-agent approach for enhancing security of protection schemes in cyber-physical energy systems. IEEE Trans Ind Inf 13(2):436–447
Roberts SW (1959) Control chart tests based on geometric moving averages. Technometrics 1(3):239–250
Shi D, Guo Z, Johansson KH, Shi L (2018) Causality countermeasures for anomaly detection in cyber-physical systems. IEEE Trans Autom Control 63(2):386–401
Shin J, Son H, Heo G (2015) Development of a cyber security risk model using Bayesian networks. Reliab Eng Syst Saf 134:208–217
Skogestad S, Postlethwaite I (2007) Multivariable feedback control: analysis and design, vol 2. Wiley, New York, pp 359–368
Tan R, Nguyen HH, Foo EY, Yau DK, Kalbarczyk Z, Iyer RK, Gooi HB (2017) Modeling and mitigating impact of false data injection attacks on automatic generation control. IEEE Trans Inf Forensics Secur 12(7):1609–1624
Tartakovsky AG, Rozovskii BL, Blažek RB, Kim H (2006a) Detection of intrusions in information systems by sequential change-point methods. Stat Methodol 3(3):252–293
Tartakovsky AG, Rozovskii BL, Blazek RB, Kim H (2006b) A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans Signal Process 54(9):3372–3382
Tartakovsky AG, Polunchenko AS, Sokolov G (2013) Efficient computer network anomaly detection by changepoint detection methods. IEEE J Sel Top Sign Proces 7(1):4–11
Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Decision and control (CDC), 2010 49th IEEE conference on, IEEE, pp 5991–5998
Trabelsi Z, Rahmani H (2005) An anti-sniffer based on ARP cache poisoning attack. Inf Syst Secur 13(6):23–36
Wang W, Di Maio F, Zio E (2016) Component-and system-level degradation modeling of digital instrumentation and control systems based on a multi-state physics modeling approach. Ann Nucl Energy 95:135–147
Wang W, Cammi A, Di Maio F, Lorenzi S, Zio E (2017a) A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants. Reliab Eng Syst Saf 175:24–37
Wang W, Di Maio F, Zio E (2017b) Estimation of failure on-demand probability and malfunction rate values in cyber-physical systems of nuclear power plants. In: The 2017 international topical meeting on probabilistic safety assessment and analysis (PSA2017), Pittsburgh, USA, September, 2017, pp 24–28
Wald A (1973) Sequential analysis. Courier Corporation, New York
Widrow B (1961) Analysis of amplitude-quantized sampled-data systems. Electr Eng 80(6):450–450
Xiang Y, Wang L, Liu N (2017) Coordinated attacks on electric power systems in a cyber-physical environment. Electr Power Syst Res 149:156–168
Xie M, Goh TN, Ranjan P (2002) Some effective control chart procedures for reliability monitoring. Reliab Eng Syst Saf 77(2):143–150
Yuan Y, Zhu Q, Sun F, Wang Q, Başar T (2013) Resilient control of cyber-physical systems against denial-of-service attacks. In: Resilient control systems (ISRCS), 2013 6th international symposium on, IEEE, pp 54–59
Yuan W, Zhao L, Zeng B (2014) Optimal power grid protection through a defender–attacker–defender model. Reliab Eng Syst Saf 121:83–89
Zalewski J, Buckley IA, Czejdo B, Drager S, Kornecki AJ, Subramanian N (2016) A framework for measuring security as a system property in cyberphysical systems. Information 7(2):33
Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutorials 15(4):2046–2069
Zaytoon J, Lafortune S (2013) Overview of fault diagnosis methods for discrete event systems. Annu Rev Control 37(2):308–320
Zhao X, Chu PS (2010) Bayesian changepoint analysis for extreme events (typhoons, heavy rainfall, and heat waves): an RJMCMC approach. J Clim 23(5):1034–1046
Zio E (2009) Reliability engineering: old problems and new challenges. Reliab Eng Syst Saf 94(2):125–141
Zio E (2016) Challenges in the vulnerability and risk analysis of critical infrastructures. Reliab Eng Syst Saf 152:137–150
Zio E, Di Maio F (2009) Processing dynamic scenarios from a reliability analysis of a nuclear power plant digital instrumentation and control system. Ann Nucl Energy 36(9):1386–1399
Zio E, Zoia A (2009) Parameter identification in degradation modeling by reversible-jump Markov Chain Monte Carlo. IEEE Trans Reliab 58(1):123–131
Acknowledgement
The authors are thankful to Prof. Antonio Cammi and Dr. Stefano Lorenzi of the Energy Department, Politecnico di Milano, for providing guidance and training on code simulating the ALFRED reactor.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix A: The NP-CUSUM Algorithm
Appendix A: The NP-CUSUM Algorithm
Without loss of generality, let us consider an accidental scenario a simulated over a mission time t M, during which a cyber attack occurs at random time t R (t R < t M). Considering a time interval dt, we can define the pre-attack signal mean value \( {\mu}_Y\left(Y(t)\right)=\sum \limits_tY(t)/t \), t = dt, 2dt, …, t, (t < t R), where Y(t) is the measurement Y of a controlled variable y at time t under normal operation conditions (see Fig. A.1a, for example). Assume that DoS attacks lead to arbitrary and abrupt changes in the distributions of observations, such that the (unknown) post-attack mean value results to be \( {\theta}_Y\left(Y(t)\right)=\sum \limits_tY(t)/\left(t-{t}_R\right) \), t = t R, t R + dt, t R + 2dt, … .
We define a score function g Y(Y(t)) as:
where ω y is a positive weight that is used for normalizing Λ(Y(t)) and chosen equal to 1/σ Y, where σ Y is the standard deviation of Y(t), t = dt, 2dt, …, and the parameter c y(t) depends on the past t-1 measurements as in Eq. (A.2):
where ε y is a tuning parameter belonging to the interval (0,1) and \( {\widehat{\theta}}_Y(t) \) is an estimate of the unknown mean value θ Y(Y(t)). In practice, it is difficult to estimate \( {\widehat{\theta}}_Y(t) \) on-line. Hence, Eq. (A.1) is simplified in:
The score function S Y(t) adopted in the NP-CUSUM algorithm is, then, defined as:
where, S Y(0) = 0.
In practice, with respect to a stream of measurement Y(t), the NP-CUSUM statistics S Y(t) remain close to zero or slightly positive under normal operation conditions, whereas, it starts drifting and increasing when a cyber attack occurs at time t R and, ends up with exceeding a predefined positive threshold h y (see Fig. A.1b). An alarm can be triggered when S Y(t) reaches h y at the time of alarm:
The detection delay dτ Y between t R and τ Y depends on the choice of h y. A good diagnostic algorithm is expected to perform with a low False Alarm Rate (FAR) and a small value dτ Y.
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Wang, W., Di Maio, F., Zio, E. (2019). A Non-parametric Cumulative Sum Approach for Online Diagnostics of Cyber Attacks to Nuclear Power Plants. In: Flammini, F. (eds) Resilience of Cyber-Physical Systems. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-95597-1_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-95597-1_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95596-4
Online ISBN: 978-3-319-95597-1
eBook Packages: Computer ScienceComputer Science (R0)