A statistical method for detecting cyber/physical attacks on SCADA systems

Proceedings of the 2014 IEEE Multi-Conference on Systems and Control

1–6

IEEE

2014

This paper addresses the problem of detecting
cyber/physical attacks on Supervisory Control And Data Acquisition
(SCADA) systems. The detection of cyber/physical attacks
is formulated as the problem of detecting transient changes
in stochastic-dynamical systems in the presence of unknown
system states (often regarded as the nuisance parameter). The
Variable ThresholdWindow Limited CUmulative SUM (VTWL
CUSUM) test is adapted to the detection of transient changes of
known profiles in the presence of nuisance parameter. Taking
into account the performance criterion of the transient change
detection problem, which minimizes the worst-case probability
of missed detection for a given value of the worst-case probability
of false alarm, the thresholds are tuned for optimizing the
VTWL CUSUM algorithm. The optimal choice of thresholds
leads to the simple Finite Moving Average (FMA) algorithm.
The proposed algorithms are utilized for detecting the covert
attack on a simple water distribution system, targeting at
stealing water from the reservoir without being detected.

