Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation

Saed Alajlouni; Vittal Rao

doi:10.1007/978-3-642-45330-4_8

Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation

Saed Alajlouni, Vittal Rao

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

Historically, supervisory control and data acquisition (SCADA) systems have relied on obscurity to safeguard against attacks. Indeed, external attackers lacked knowledge about proprietary system designs and software to access systems and execute attacks. The trend to interconnect to the Internet and incorporate standardized protocols, however, has resulted in an increase in the attack surface – attackers can now target SCADA systems and proceed to impact the physical systems they control. Dynamical estimation can be used to identify anomalies and attempts to maliciously affect controlled physical systems. This paper describes an intrusion detection method based on the dynamical estimation of systems. A generic water pipeline system is modeled using state space equations, and a discrete-time Kalman filter is used to estimate operational characteristics for anomaly-based intrusion detection. The effectiveness of the method is evaluated against deception attacks that target the water pipeline system. A co-simulation that integrates computational fluid dynamics software and MATLAB/Simulink is employed to simulate attacks and develop detection schemes.

Original language	English
Title of host publication	Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers
Editors	Sujeet Shenoi, Jonathan Butts
Publisher	Springer New York LLC
Pages	111-124
Number of pages	14
ISBN (Print)	9783642453298
DOIs	https://doi.org/10.1007/978-3-642-45330-4_8
State	Published - 2013
Event	7th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2013 - Washington, United States Duration: Mar 18 2013 → Mar 20 2013

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	417
ISSN (Print)	1868-4238

Conference

Conference	7th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2013
Country	United States
City	Washington
Period	03/18/13 → 03/20/13

Keywords

Anomaly detection
Dynamical estimation
Liquid pipelines

Access to Document

10.1007/978-3-642-45330-4_8

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation'. Together they form a unique fingerprint.

Cite this

Alajlouni, S., & Rao, V. (2013). Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation. In S. Shenoi, & J. Butts (Eds.), Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers (pp. 111-124). (IFIP Advances in Information and Communication Technology; Vol. 417). Springer New York LLC. https://doi.org/10.1007/978-3-642-45330-4_8

Alajlouni, Saed ; Rao, Vittal. / Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation. Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers. editor / Sujeet Shenoi ; Jonathan Butts. Springer New York LLC, 2013. pp. 111-124 (IFIP Advances in Information and Communication Technology).

@inproceedings{aae59f7660364789b1cc8b657d0dc427,

title = "Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation",

abstract = "Historically, supervisory control and data acquisition (SCADA) systems have relied on obscurity to safeguard against attacks. Indeed, external attackers lacked knowledge about proprietary system designs and software to access systems and execute attacks. The trend to interconnect to the Internet and incorporate standardized protocols, however, has resulted in an increase in the attack surface – attackers can now target SCADA systems and proceed to impact the physical systems they control. Dynamical estimation can be used to identify anomalies and attempts to maliciously affect controlled physical systems. This paper describes an intrusion detection method based on the dynamical estimation of systems. A generic water pipeline system is modeled using state space equations, and a discrete-time Kalman filter is used to estimate operational characteristics for anomaly-based intrusion detection. The effectiveness of the method is evaluated against deception attacks that target the water pipeline system. A co-simulation that integrates computational fluid dynamics software and MATLAB/Simulink is employed to simulate attacks and develop detection schemes.",

keywords = "Anomaly detection, Dynamical estimation, Liquid pipelines",

author = "Saed Alajlouni and Vittal Rao",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2013. Copyright: Copyright 2019 Elsevier B.V., All rights reserved.; null ; Conference date: 18-03-2013 Through 20-03-2013",

year = "2013",

doi = "10.1007/978-3-642-45330-4_8",

language = "English",

isbn = "9783642453298",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "111--124",

editor = "Sujeet Shenoi and Jonathan Butts",

booktitle = "Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers",

}

Alajlouni, S & Rao, V 2013, Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation. in S Shenoi & J Butts (eds), Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers. IFIP Advances in Information and Communication Technology, vol. 417, Springer New York LLC, pp. 111-124, 7th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2013, Washington, United States, 03/18/13. https://doi.org/10.1007/978-3-642-45330-4_8

Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation. / Alajlouni, Saed; Rao, Vittal.

Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers. ed. / Sujeet Shenoi; Jonathan Butts. Springer New York LLC, 2013. p. 111-124 (IFIP Advances in Information and Communication Technology; Vol. 417).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation

AU - Alajlouni, Saed

AU - Rao, Vittal

PY - 2013

Y1 - 2013

N2 - Historically, supervisory control and data acquisition (SCADA) systems have relied on obscurity to safeguard against attacks. Indeed, external attackers lacked knowledge about proprietary system designs and software to access systems and execute attacks. The trend to interconnect to the Internet and incorporate standardized protocols, however, has resulted in an increase in the attack surface – attackers can now target SCADA systems and proceed to impact the physical systems they control. Dynamical estimation can be used to identify anomalies and attempts to maliciously affect controlled physical systems. This paper describes an intrusion detection method based on the dynamical estimation of systems. A generic water pipeline system is modeled using state space equations, and a discrete-time Kalman filter is used to estimate operational characteristics for anomaly-based intrusion detection. The effectiveness of the method is evaluated against deception attacks that target the water pipeline system. A co-simulation that integrates computational fluid dynamics software and MATLAB/Simulink is employed to simulate attacks and develop detection schemes.

AB - Historically, supervisory control and data acquisition (SCADA) systems have relied on obscurity to safeguard against attacks. Indeed, external attackers lacked knowledge about proprietary system designs and software to access systems and execute attacks. The trend to interconnect to the Internet and incorporate standardized protocols, however, has resulted in an increase in the attack surface – attackers can now target SCADA systems and proceed to impact the physical systems they control. Dynamical estimation can be used to identify anomalies and attempts to maliciously affect controlled physical systems. This paper describes an intrusion detection method based on the dynamical estimation of systems. A generic water pipeline system is modeled using state space equations, and a discrete-time Kalman filter is used to estimate operational characteristics for anomaly-based intrusion detection. The effectiveness of the method is evaluated against deception attacks that target the water pipeline system. A co-simulation that integrates computational fluid dynamics software and MATLAB/Simulink is employed to simulate attacks and develop detection schemes.

KW - Anomaly detection

KW - Dynamical estimation

KW - Liquid pipelines

UR - http://www.scopus.com/inward/record.url?scp=84954548217&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-45330-4_8

DO - 10.1007/978-3-642-45330-4_8

M3 - Conference contribution

AN - SCOPUS:84954548217

SN - 9783642453298

T3 - IFIP Advances in Information and Communication Technology

SP - 111

EP - 124

BT - Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers

A2 - Shenoi, Sujeet

A2 - Butts, Jonathan

PB - Springer New York LLC

Y2 - 18 March 2013 through 20 March 2013

ER -

Alajlouni S, Rao V. Anomaly detection in liquid pipelines using modeling, co-simulation and dynamical estimation. In Shenoi S, Butts J, editors, Critical Infrastructure Protection VII - 7th IFIP WG 11.10 International Conference, ICCIP 2013, Revised Selected Papers. Springer New York LLC. 2013. p. 111-124. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-642-45330-4_8