A Non-parametric Cumulative Sum Approach for Online Diagnostics of Cyber Attacks to Nuclear Power Plants

  • Wei Wang
  • Francesco Di MaioEmail author
  • Enrico Zio
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Both stochastic failures and cyber attacks can compromise the correct functionality of Cyber-Physical Systems (CPSs). Cyber attacks manifest themselves in the physical system and, can be misclassified as component failures, leading to wrong control actions and maintenance strategies. In this chapter, we illustrate the use of a nonparametric cumulative sum (NP-CUSUM) approach for online diagnostics of cyber attacks to CPSs. This allows for (i) promptly recognizing cyber attacks by distinguishing them from component failures, and (ii) guiding decisions for the CPSs recovery from anomalous conditions. We apply the approach to the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED) and its digital Instrumentation and Control (I&C) system. For this, an object-oriented model previously developed is embedded within a Monte Carlo (MC) engine that allows injecting into the I&C system both components (stochastic) failures (such as sensor bias, drift, wider noise and freezing) and cyber attacks (such as Denial of Service (DoS) attacks mimicking component failures).


Cyber-physical system Cyber attacks Stochastic failures Diagnostics Nonparametric cumulative sum (NP-CUSUM) Nuclear power plant The authors would like to capitalize each word as Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED) 



Cyber-Physical System


Non-Parametric CUmulative SUM


Advanced Lead-cooled Fast Reactor European Demonstrator


Instrumentation and Control


Monte Carlo


Nuclear Power Plant




Denial of Service




False Data Injection


Steam Generator


Fuel Assembly


Control Rod


Single Input Single Output


Digital-to-Analog Converter


Least Significant Bit



Thermal power


Height of control rods


Coolant core outlet temperature


Coolant SG outlet temperature


Coolant mass flow rate


Feedwater SG inlet temperature


Steam SG outlet temperature


SG pressure


Feedwater mass flow rate


Attemperator mass flow rate


Turbine admission valve coefficient


Mechanical power


Proportional gain value of j-th PI


Integral gain value of j-th PI




Accident time


Mission time


Sensor measuring time interval


Variable (safety parameter)


Reference value of controller set point value of y


Real value of y


Sensor measurement


Measurement received by the computing (feeding) subsystem


Measurement received by the monitoring subsystem


Redundant channel measure, Y = yfeed and ymonitor


Sensor measuring error


Converter quantization error


Accidental scenario


Bias factor


Drift factor


Score function-based statistic of the collected Y(t), SY(t) = \( {S}_y^{feed}(t) \) and \( {S}_y^{monitor}(t) \)


Positive threshold


Time to alarm, τY = \( {\tau}_y^{feed} \) and \( {\tau}_y^{monitor} \)


Delay difference between \( {\tau}_y^{feed} \) and \( {\tau}_y^{monitor} \)

\( {\Gamma}_y^{ref} \)

Reference delay difference


NP-CUSUM parameter


NP-CUSUM parameter


NP-CUSUM positive weight


Score function


Score function difference value


Pre-change mean value of Y


Post-change mean value of Y

\( {\widehat{\theta}}_Y(t) \)

On-line estimate of θY

\( {\mu}_{\Delta {g}_Y} \)

Known pre-change mean value of ΔgY

\( {\theta}_{\Delta {g}_Y} \)

Unknown post-change mean value of ΔgY

\( {\alpha}_y^h \)

False alarm rate

\( {\beta}_y^h \)

Missed alarm rate

\( \gamma \left({\Gamma}_{T_{L, cold}}^{ref}\right) \)

Misclassification rate with respect to \( {\Gamma}_y^{ref} \)



The authors are thankful to Prof. Antonio Cammi and Dr. Stefano Lorenzi of the Energy Department, Politecnico di Milano, for providing guidance and training on code simulating the ALFRED reactor.


  1. 1.
    Aldemir T, Guarro S, Mandelli D, Kirschenbaum J, Mangan LA, Bucci P et al (2010) Probabilistic risk assessment modeling of digital instrumentation and control systems using two dynamic methodologies. Reliab Eng Syst Saf 95(10):1011–1039CrossRefGoogle Scholar
  2. 2.
    Alur R (2015) Principles of cyber-physical systems. MIT Press, Cambridge, MAGoogle Scholar
  3. 3.
    Authen S, Holmberg JE (2012) Reliability analysis of digital systems in a probabilistic risk analysis for nuclear power plants. Nucl Eng Technol 44(5):471–482CrossRefGoogle Scholar
  4. 4.
    Aven T (2009) Identification of safety and security critical systems and activities. Reliab Eng Syst Saf 94(2):404–411CrossRefGoogle Scholar
  5. 5.
    Boskvic JD, Mehra RK (2002) Stable adaptive multiple model-based control design for accommodation of sensor failures. In: American control conference, 2002. Proceedings of the 2002, IEEE, vol 3, pp 2046–2051Google Scholar
  6. 6.
    Bradley JM, Atkins EM (2015) Optimization and control of cyber-physical vehicle systems. Sensors 15(9):23020–23049CrossRefGoogle Scholar
  7. 7.
    Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Internet Comput 10(1):82–89CrossRefGoogle Scholar
  8. 8.
    Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(8):805–822CrossRefGoogle Scholar
  9. 9.
    Di Maio F, Baraldi P, Zio E, Seraoui R (2013) Fault detection in nuclear power plants components by a combination of statistical methods. IEEE Trans Reliab 62(4):833–845CrossRefGoogle Scholar
  10. 10.
    Duda RO, Hart PE, Stork DG (1973) Pattern classification, vol 2. Wiley, New York, pp 526–528zbMATHGoogle Scholar
  11. 11.
    DYMOLA (2015) Dymola (Version 2015). France: Dassault Systèmes. Retrieved from
  12. 12.
    Eames DP, Moffett J (1999) The integration of safety and security requirements. In: International conference on computer safety, reliability, and security. Springer, Berlin/Heidelberg, pp 468–480CrossRefGoogle Scholar
  13. 13.
    Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202CrossRefGoogle Scholar
  14. 14.
    Fang Y, Sansavini G (2017) Optimizing power system investments and resilience against attacks. Reliab Eng Syst Saf 159:161–173CrossRefGoogle Scholar
  15. 15.
    Fritzson P (2010) Principles of object-oriented modeling and simulation with Modelica 2.1. Wiley, HobokenCrossRefGoogle Scholar
  16. 16.
    Frogheri M, Alemberti A, Mansani L (2015) The lead fast reactor: demonstrator (ALFRED) and ELFR design. In: Fast reactors and related fuel cycles: safe technologies and sustainable scenarios (FR13). V. 1. Proceedings of an international conferenceGoogle Scholar
  17. 17.
    Grasso G, Petrovich C, Mikityuk K, Mattioli D, Manni F, Gugiu D (2013) Demonstrating the effectiveness of the European LFR concept: the ALFRED core design. In: Proceedings of the IAEA international conference on fast reactors and related fuel cycles: safe technologies and sustainable scenariosGoogle Scholar
  18. 18.
    Gray R, Neuhoff D (1998) Quantization. IEEE Trans Inf Theory 44(6):2325–2383zbMATHCrossRefGoogle Scholar
  19. 19.
    Hines JW, Garvey DR (2006) Development and application of fault detectability performance metrics for instrument calibration verification and anomaly detection. J Pattern Recogn Res 1(1):2–15CrossRefGoogle Scholar
  20. 20.
    Hu X, Xu M, Xu S, Zhao P (2017) Multiple cyber attacks against a target with observation errors and dependent outcomes: characterization and optimization. Reliab Eng Syst Saf 159:119–133CrossRefGoogle Scholar
  21. 21.
    IAEA (2009) Implementing digital instrumentation and control systems in the modernization of nuclear power plants. Technical report NP-T-1.4. IAEAGoogle Scholar
  22. 22.
    Jockenhövel-Barttfeld M, Taurines A, Hessler C (2016) Quantification of application software failures of digital I&C in probabilistic safety analyses. In: 13th international conference on probabilistic safety assessment and management, Seoul, KoreaGoogle Scholar
  23. 23.
    Khaitan SK, McCalley JD (2015) Design techniques and applications of cyberphysical systems: a survey. IEEE Syst J 9(2):350–365CrossRefGoogle Scholar
  24. 24.
    Kim KD, Kumar PR (2012) Cyber–physical systems: a perspective at the centennial. Proc IEEE 100(Special Centennial Issue):1287–1308CrossRefGoogle Scholar
  25. 25.
    Kornecki AJ, Liu M (2013) Fault tree analysis for safety/security verification in aviation software. Electronics 2(1):41–56CrossRefGoogle Scholar
  26. 26.
    Kriaa S, Pietre-Cambacedes L, Bouissou M, Halgand Y (2015) A survey of approaches combining safety and security for industrial control systems. Reliab Eng Syst Saf 139:156–178CrossRefGoogle Scholar
  27. 27.
    Lee EA (2008) Cyber physical systems: design challenges. In: Object oriented real-time distributed computing (ISORC), 2008 11th IEEE international symposium on, IEEE, pp 363–369Google Scholar
  28. 28.
    Levine WS (ed) (1996) The control handbook. CRC Press, Boca RatonzbMATHGoogle Scholar
  29. 29.
    Li J, Huang X (2016) Cyber attack detection of I&C systems in NPPS based on physical process data. In: 2016 24th international conference on nuclear engineering, American Society of Mechanical Engineers, pp V002T07A011–V002T07A011Google Scholar
  30. 30.
    Liang G, Zhao J, Luo F, Weller SR, Dong ZY (2017) A review of false data injection attacks against modern power systems. IEEE Trans Smart Grid 8(4):1630–1638CrossRefGoogle Scholar
  31. 31.
    Machado, R. C., Boccardo, D. R., De Sá, V. G. P., & Szwarcfiter, J. L. (2016). Software control and intellectual property protection in cyber-physical systems. EURASIP J Inf Secur, 2016(1), 8Google Scholar
  32. 32.
    McNelles P, Zeng ZC, Renganathan G, Lamarre G, Akl Y, Lu L (2016) A comparison of fault trees and the dynamic flowgraph methodology for the analysis of FPGA-based safety systems part 1: reactor trip logic loop reliability analysis. Reliab Eng Syst Saf 153:135–150CrossRefGoogle Scholar
  33. 33.
    Mo Y, Chabukswar R, Sinopoli B (2014) Detecting integrity attacks on SCADA systems. IEEE Trans Control Syst Technol 22(4):1396–1407CrossRefGoogle Scholar
  34. 34.
    Mohammadpourfard M, Sami A, Seifi AR (2017) A statistical unsupervised method against false data injection attacks: a visualization-based approach. Expert Syst Appl 84:242–261CrossRefGoogle Scholar
  35. 35.
    Moteff JD (2012) Critical infrastructure resilience: the evolution of policy and programs and issues for congress. Congressional Research Service, Library of Congress, Washington, DCGoogle Scholar
  36. 36.
    Ntalampiras S (2015) Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans Ind Inf 11(1):104–111CrossRefGoogle Scholar
  37. 37.
    Ntalampiras S (2016) Automatic identification of integrity attacks in cyber-physical systems. Expert Syst Appl 58:164–173CrossRefGoogle Scholar
  38. 38.
    Obama B (2013) Presidential policy directive 21: critical infrastructure security and resilience. The White House, Washington, DCGoogle Scholar
  39. 39.
    Page ES (1954) Continuous inspection schemes. Biometrika 41(1/2):100–115MathSciNetzbMATHCrossRefGoogle Scholar
  40. 40.
    Pajic M, Weimer J, Bezzo N, Sokolsky O, Pappas GJ, Lee I (2017) Design and implementation of attack-resilient cyberphysical systems: with a focus on attack-resilient state estimators. IEEE Control Syst 37(2):66–81MathSciNetCrossRefGoogle Scholar
  41. 41.
    Piètre-Cambacédès L, Bouissou M (2013) Cross-fertilization between safety and security engineering. Reliab Eng Syst Saf 110:110–126CrossRefGoogle Scholar
  42. 42.
    Ponciroli R, Bigoni A, Cammi A, Lorenzi S, Luzzi L (2014) Object-oriented modelling and simulation for the ALFRED dynamics. Prog Nucl Energy 71:15–29CrossRefGoogle Scholar
  43. 43.
    Ponciroli R, Cammi A, Della Bona A, Lorenzi S, Luzzi L (2015) Development of the ALFRED reactor full power mode control system. Prog Nucl Energy 85:428–440CrossRefGoogle Scholar
  44. 44.
    Qiu P, Hawkins D (2003) A nonparametric multivariate cumulative sum procedure for detecting shifts in all directions. J R Stat Soc Ser D Stat 52(2):151–164MathSciNetCrossRefGoogle Scholar
  45. 45.
    Rahman MS, Mahmud MA, Oo AM, Pota HR (2017) Multi-agent approach for enhancing security of protection schemes in cyber-physical energy systems. IEEE Trans Ind Inf 13(2):436–447CrossRefGoogle Scholar
  46. 46.
    Roberts SW (1959) Control chart tests based on geometric moving averages. Technometrics 1(3):239–250CrossRefGoogle Scholar
  47. 47.
    Shi D, Guo Z, Johansson KH, Shi L (2018) Causality countermeasures for anomaly detection in cyber-physical systems. IEEE Trans Autom Control 63(2):386–401MathSciNetzbMATHCrossRefGoogle Scholar
  48. 48.
    Shin J, Son H, Heo G (2015) Development of a cyber security risk model using Bayesian networks. Reliab Eng Syst Saf 134:208–217CrossRefGoogle Scholar
  49. 49.
    Skogestad S, Postlethwaite I (2007) Multivariable feedback control: analysis and design, vol 2. Wiley, New York, pp 359–368zbMATHGoogle Scholar
  50. 50.
    Tan R, Nguyen HH, Foo EY, Yau DK, Kalbarczyk Z, Iyer RK, Gooi HB (2017) Modeling and mitigating impact of false data injection attacks on automatic generation control. IEEE Trans Inf Forensics Secur 12(7):1609–1624CrossRefGoogle Scholar
  51. 51.
    Tartakovsky AG, Rozovskii BL, Blažek RB, Kim H (2006a) Detection of intrusions in information systems by sequential change-point methods. Stat Methodol 3(3):252–293MathSciNetzbMATHCrossRefGoogle Scholar
  52. 52.
    Tartakovsky AG, Rozovskii BL, Blazek RB, Kim H (2006b) A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans Signal Process 54(9):3372–3382zbMATHCrossRefGoogle Scholar
  53. 53.
    Tartakovsky AG, Polunchenko AS, Sokolov G (2013) Efficient computer network anomaly detection by changepoint detection methods. IEEE J Sel Top Sign Proces 7(1):4–11CrossRefGoogle Scholar
  54. 54.
    Teixeira A, Amin S, Sandberg H, Johansson KH, Sastry SS (2010) Cyber security analysis of state estimators in electric power systems. In: Decision and control (CDC), 2010 49th IEEE conference on, IEEE, pp 5991–5998Google Scholar
  55. 55.
    Trabelsi Z, Rahmani H (2005) An anti-sniffer based on ARP cache poisoning attack. Inf Syst Secur 13(6):23–36CrossRefGoogle Scholar
  56. 56.
    Wang W, Di Maio F, Zio E (2016) Component-and system-level degradation modeling of digital instrumentation and control systems based on a multi-state physics modeling approach. Ann Nucl Energy 95:135–147CrossRefGoogle Scholar
  57. 57.
    Wang W, Cammi A, Di Maio F, Lorenzi S, Zio E (2017a) A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants. Reliab Eng Syst Saf 175:24–37CrossRefGoogle Scholar
  58. 58.
    Wang W, Di Maio F, Zio E (2017b) Estimation of failure on-demand probability and malfunction rate values in cyber-physical systems of nuclear power plants. In: The 2017 international topical meeting on probabilistic safety assessment and analysis (PSA2017), Pittsburgh, USA, September, 2017, pp 24–28Google Scholar
  59. 59.
    Wald A (1973) Sequential analysis. Courier Corporation, New YorkzbMATHGoogle Scholar
  60. 60.
    Widrow B (1961) Analysis of amplitude-quantized sampled-data systems. Electr Eng 80(6):450–450CrossRefGoogle Scholar
  61. 61.
    Xiang Y, Wang L, Liu N (2017) Coordinated attacks on electric power systems in a cyber-physical environment. Electr Power Syst Res 149:156–168CrossRefGoogle Scholar
  62. 62.
    Xie M, Goh TN, Ranjan P (2002) Some effective control chart procedures for reliability monitoring. Reliab Eng Syst Saf 77(2):143–150CrossRefGoogle Scholar
  63. 63.
    Yuan Y, Zhu Q, Sun F, Wang Q, Başar T (2013) Resilient control of cyber-physical systems against denial-of-service attacks. In: Resilient control systems (ISRCS), 2013 6th international symposium on, IEEE, pp 54–59Google Scholar
  64. 64.
    Yuan W, Zhao L, Zeng B (2014) Optimal power grid protection through a defender–attacker–defender model. Reliab Eng Syst Saf 121:83–89CrossRefGoogle Scholar
  65. 65.
    Zalewski J, Buckley IA, Czejdo B, Drager S, Kornecki AJ, Subramanian N (2016) A framework for measuring security as a system property in cyberphysical systems. Information 7(2):33CrossRefGoogle Scholar
  66. 66.
    Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutorials 15(4):2046–2069CrossRefGoogle Scholar
  67. 67.
    Zaytoon J, Lafortune S (2013) Overview of fault diagnosis methods for discrete event systems. Annu Rev Control 37(2):308–320CrossRefGoogle Scholar
  68. 68.
    Zhao X, Chu PS (2010) Bayesian changepoint analysis for extreme events (typhoons, heavy rainfall, and heat waves): an RJMCMC approach. J Clim 23(5):1034–1046CrossRefGoogle Scholar
  69. 69.
    Zio E (2009) Reliability engineering: old problems and new challenges. Reliab Eng Syst Saf 94(2):125–141CrossRefGoogle Scholar
  70. 70.
    Zio E (2016) Challenges in the vulnerability and risk analysis of critical infrastructures. Reliab Eng Syst Saf 152:137–150CrossRefGoogle Scholar
  71. 71.
    Zio E, Di Maio F (2009) Processing dynamic scenarios from a reliability analysis of a nuclear power plant digital instrumentation and control system. Ann Nucl Energy 36(9):1386–1399CrossRefGoogle Scholar
  72. 72.
    Zio E, Zoia A (2009) Parameter identification in degradation modeling by reversible-jump Markov Chain Monte Carlo. IEEE Trans Reliab 58(1):123–131CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Energy DepartmentPolitecnico di MilanoMilanoItaly
  2. 2.Chair on System Science and the Energy Challenge, Fondation Electricite’ de France (EDF), CentraleSupélecUniversité Paris SaclayGif-sur-YvetteFrance

Personalised recommendations