Who’s There? Evaluating Data Source Integrity and Veracity in IIoT Using Multivariate Statistical Process Control

  • Iñaki GaritanoEmail author
  • Mikel Iturbe
  • Enaitz Ezpeleta
  • Urko Zurutuza
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


The security landscape in Industrial settings has completely changed in the last decades. From the initial primitive setups, industrial networks have evolved into massively interconnected environments, thus developing the Industrial Internet of Things (IIoT) paradigm. In IIoT, multiple, heterogeneous devices collaborate by collecting, sending and processing data. These data-driven environments have made possible to develop added-value services based on data that improve industrial process operation. However, it is necessary to audit incoming data to determine that the decisions are made based on correct data. In this chapter, we present an IIoT Anomaly Detection System (ADS), that audits the integrity and veracity of the data received from incoming connections. For this end, the ADS includes field data (physical qualities based on data) and connection metadata (interval between incoming connections and packet size) in the same anomaly detection model. The approach is based on multivariate statistical process Control and has been validated using data from a real water distribution plant.


Industrial internet of things Anomaly detection Source trust 



This work has been developed by the intelligent systems for industrial systems group supported by the Department of Education, Language policy and Culture of the Basque Government. This work has been partially funded by the European Unions Horizon 2020 research and innovation programme project PROPHESY, under Grant Agreement no. 766994, and the Basque Government’s Economic Development and Infrastructure departments Elkartek program project Cyberprest under agreement KK-2018/00076. Author Iñaki Garitano is partially supported by the INCIBE grant “INCIBEC-2015-02495” corresponding to the “Ayudas para la Excelencia de los Equipos de Investigación avanzada en ciberseguridad”.


  1. 1.
    Falliere N, Murchu LO, Chien E (2011) W32.Stuxnet dossier. White paper, Symantec Corporation, Security ResponseGoogle Scholar
  2. 2.
    Homan J, McBride S, Caldwell R (2016) Irongate ICS Malware: nothing to see here… masking malicious activity on SCADA systems [Online]. Available: (Retrieved: 2018-07-13)
  3. 3.
    Cheminod M, Durante L, Valenzano A (2013) Review of security issues in industrial networks. IEEE Trans Ind Inf 9(1):277–293CrossRefGoogle Scholar
  4. 4.
    Ding D, Han QL, Xiang Y, Ge X, Zhang XM (2018) A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275:1674–1683CrossRefGoogle Scholar
  5. 5.
    Urbina DI, Giraldo J, Cardenas AA, Valente J, Faisal M, Tippenhauer NO, Ruths J, Candell R, Sandberg H (2016) Survey and new directions for physics-based attack detection in control systems. NIST GCR 16–010. Technical report, National Institute of Standards and TechnologyGoogle Scholar
  6. 6.
    Sadeghi AR, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial internet of things. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pp 1–6Google Scholar
  7. 7.
    Sajid A, Abbas H, Saleem K (2016) Cloud-assisted IoT-based SCADA systems security: a review of the state of the art and future challenges. IEEE Access 4:1375–1384CrossRefGoogle Scholar
  8. 8.
    Rajasegarar S, Leckie C, Palaniswami M (2014) Hyperspherical cluster based distributed anomaly detection in wireless sensor networks. J Parall Distrib Comput 74(1):1833–1847CrossRefGoogle Scholar
  9. 9.
    Thanigaivelan NK, Nigussie E, Kanth RK, Virtanen S, Isoaho J (2016) Distributed internal anomaly detection system for internet-of-things. In: 2016 13th IEEE annual consumer communications networking conference (CCNC), pp 319–320Google Scholar
  10. 10.
    Summerville DH, Zach KM, Chen Y (2015) Ultra-lightweight deep packet anomaly detection for internet of things devices. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), pp 1–8Google Scholar
  11. 11.
    Stiawan D, Idris MY, Malik RF, Nurmaini S, Budiarto R (2016) Anomaly detection and monitoring in internet of things communication. In: 2016 8th International Conference on Information Technology and Electrical Engineering (ICITEE), pp 1–4Google Scholar
  12. 12.
    Sicari S, Rizzardi A, Grieco L, Coen-Porisini A (2015) Security, privacy and trust in internet of things: the road ahead. Comput Netw 76:146–164CrossRefGoogle Scholar
  13. 13.
    Bao F, Chen IR (2012) Dynamic trust management for internet of things applications. In: Proceedings of the 2012 International Workshop on Self-Aware Internet of Things. Self-IoT’12, New York. ACM, pp 1–6Google Scholar
  14. 14.
    Mahalle PN, Thakre PA, Prasad NR, Prasad R (2013) A fuzzy approach to trust based access control in internet of things. In: Wireless VITAE 2013, pp 1–5Google Scholar
  15. 15.
    Wang JP, Bin S, Yu Y, Niu XX (2013) Distributed trust management mechanism for the internet of things. Appl Mech Mater 347:2463–2467Google Scholar
  16. 16.
    Liu Y, Chen Z, Xia F, Lv X, Bu F (2012) An integrated scheme based on service classification in pervasive mobile services. Int J Commun Syst 25(9):1178–1188CrossRefGoogle Scholar
  17. 17.
    Liu WM, Yin LH, Fang B, Zhang HL (2012) A hierarchical trust model for the internet of things. Chin J Comput Phys 35(5):846–855CrossRefGoogle Scholar
  18. 18.
    Saied YB, Olivereau A, Zeghlache D, Laurent M (2013) Trust management system design for the internet of things: a context-aware and multi-service approach. Comput Secur 39:351–365CrossRefGoogle Scholar
  19. 19.
    Liu Y, Gong X, Feng Y (2014) Trust system based on node behavior detection in internet of things. J Commun 35:8–15Google Scholar
  20. 20.
    Tormo GD, Mármol FG, Pérez GM (2015) Dynamic and flexible selection of a reputation mechanism for heterogeneous environments. Futur Gener Comput Syst 49:113–124CrossRefGoogle Scholar
  21. 21.
    MacGregor JF, Kourti T (1995) Statistical process control of multivariate processes. Control Eng Pract 3(3):403–414CrossRefGoogle Scholar
  22. 22.
    Camacho J, Pérez Villegas A, García Teodoro P, Maciá Fernández G (2016) PCA-based multivariate statistical network monitoring for anomaly detection. Comput Secur 59:118–137CrossRefGoogle Scholar
  23. 23.
    Iturbe M, Camacho J, Garitano I, Zurutuza U, Uribeetxeberria R (2016) On the feasibility of distinguishing between process disturbances and intrusions in process control systems using multivariate statistical process control. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), Toulouse, pp 155–160Google Scholar
  24. 24.
    Stoumbos ZG, Reynolds MR Jr, Ryan TP, Woodall WH (2000) The state of statistical process control as we proceed into the twenty-first century. J Am Stat Assoc 95(451):992–998CrossRefGoogle Scholar
  25. 25.
    Kourti T (2002) Process analysis and abnormal situation detection: from theory to practice. Control Syst IEEE 22(5):10–25CrossRefGoogle Scholar
  26. 26.
    Camacho J, Pérez Villegas A, Rodríguez Gómez RA, Jiménez Mañas E (2015) Multivariate exploratory data analysis (MEDA) toolbox for matlab. Chemometrics Intell Lab Syst 143:49–57CrossRefGoogle Scholar
  27. 27.
    Hotelling H (1947) Multivariate quality control. In: Eisenhart C, Hastay MW, Wallis WA (eds) Techniques of statistical analysis. McGraw-Hill, New YorkGoogle Scholar
  28. 28.
    Jackson JE, Mudholkar GS (1979) Control procedures for residuals associated with principal component analysis. Technometrics 21(3):341–349CrossRefGoogle Scholar
  29. 29.
    Ramaker HJ, Van Sprang EN, Westerhuis JA, Gurden SP, Smilde AK, Van Der Meulen FH (2006) Performance assessment and improvement of control charts for statistical batch process monitoring. Statistica Neerlandica 60(3):339–360MathSciNetCrossRefGoogle Scholar
  30. 30.
    Alcala CF, Qin SJ (2011) Analysis and generalization of fault diagnosis methods for process monitoring. J Process Control 21(3):322–330CrossRefGoogle Scholar
  31. 31.
    Camacho J (2011) Observation-based missing data methods for exploratory data analysis to unveil the connection between observations and variables in latent subspace models. J Chemometrics 25(11):592–600CrossRefGoogle Scholar
  32. 32.
    Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin MJ et al (2016) Apache spark: a unified engine for big data processing. Commun ACM 59(11):56–65CrossRefGoogle Scholar
  33. 33.
    The Linux Foundation: Iproute2. Accessed 18 Aug 2018
  34. 34.
    Confluent: Confluent rest proxy. Accessed 18 Aug 2018

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Iñaki Garitano
    • 1
    Email author
  • Mikel Iturbe
    • 1
  • Enaitz Ezpeleta
    • 1
  • Urko Zurutuza
    • 1
  1. 1.Mondragon UnibertsitateaMondragónSpain

Personalised recommendations