Behaviour Based Anomaly Detection in Cyber-Physical Systems
Due to the advancements of automation in industrial production systems (which includes critical infrastructure such as energy production) as well as the concomitant increase in the use of information and communication technology in so-called cyber-physical systems, security aspects gain vital importance. A consequence of automation and the distribution of production systems over different sites and even companies is the necessity of data exchange. Systems that have been isolated so far must be opened up to other systems via the internet or similar communication technologies, thus making them vulnerable to cyber-attacks.
In addition to established defence strategies from conventional IT – like firewalls, intrusion detection systems, anti-virus programs or the like – application-specific security countermeasures are strongly needed. The research project CPS security aims at analysing the new threats for cyber-physical systems from an IT security point of view and at exploring such countermeasures. The main goal is to devise a system that continually surveys the operation of the production system by comparing measured data with the expected behaviour of the system. The expected behaviour will be deduced from the designs of the production and control processes as they are defined during the engineering phase. It is possible to detect anomalies by comparing the predictions from a simulation of the behavioural model with the actual measured data from the running production plant. In a best-case scenario, even the cause of the anomaly could be discovered.
To realize this strategy,
- the behavioural model of the production and control system must be formalized,
- the ongoing behaviour of the systems must be described by measured data,
- comparison algorithms must be developed,
- classification methods for discovered anomalies must be explored,
- and measures to be undertaken in case of an anomaly must be defined.
Institut für IT Sicherheitsforschung, Fachhochschule St. Pölten
SEC Consult Unternehmensberatung GmbH
BM.I (Bundesministerium für Inneres, BVT)
Univ.-Doz. DI. Dr. Ernst Piller,
DI. Dr. Paul Tavolato
Institut für IT Sicherheitsforschung, FH St. Pölten
Matthias Corvinus-Straße 15,
3100 St. Pölten
Telefon +43 2742 313 228 – 636