Change search
ReferencesLink to record
Permanent link

Direct link
Anomaly Detection and its Adaptation: Studies on Cyber-Physical Systems
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, The Institute of Technology. (RTSLAB)
2013 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

Cyber-Physical Systems (CPS) are complex systems where physical operations are supported and coordinated by Information and Communication Technology (ICT).

From the point of view of security, ICT technology offers new opportunities to increase vigilance and real-time responsiveness to physical security faults. On the other hand, the cyber domain carries all the security vulnerabilities typical to information systems, making security a new big challenge in critical systems. This thesis addresses anomaly detection as security measure in CPS. Anomaly detection consists of modelling the good behaviour of a system using machine learning and data mining algorithms, detecting anomalies when deviations from the normality model occur at runtime. Its main feature is the ability to discover the kinds of attack not seen before, making it suitable as a second line of defence.

The first contribution of this thesis addresses the application of anomaly detection as early warning system in water management systems. We describe the evaluation of an anomaly detection software when integrated in a Supervisory Control and Data Acquisition (SCADA) system where water quality sensors provide data for real-time analysis and detection of contaminants. Then, we focus our attention to smart metering infrastructures. We study a smart metering device that uses a trusted platform for storage and communication of electricity metering data, and show that despite the hard core security, there is still room for deployment of a second level of defence as an embedded real-time anomaly detector that can cover both the cyber and physical domains. In both scenarios, we show that anomaly detection algorithms can efficiently discover attacks in the form of contamination events in the first case and cyber attacks for electricity theft in the second. The second contribution focuses on online adaptation of the parameters of anomaly detection applied to a Mobile Ad hoc Network (MANET) for disaster response. Since survivability of the communication to network attacks is as crucial as the lifetime of the network itself, we devised a component that is in charge of adjusting the parameters based on the current energy level, using the trade-off between the node's response to attacks and the energy consumption induced by the intrusion detection system. Adaption increases the network lifetime without significantly deteriorating the detection performance.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2013. , 70 p.
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1586
National Category
Computer Systems
URN: urn:nbn:se:liu:diva-89617Local ID: LiU–Tek–Lic–2013:20ISBN: 978-91-7519-644-2OAI: diva2:608664
2013-04-09, Alan Turing, Campus Valla, Linköping University, Linköping, 13:15 (English)
Available from: 2013-03-11 Created: 2013-02-27 Last updated: 2013-03-12Bibliographically approved

Open Access in DiVA

Anomaly Detection and its Adaptation: Studies on Cyber-Physical Systems(1598 kB)3130 downloads
File information
File name FULLTEXT01.pdfFile size 1598 kBChecksum SHA-512
Type fulltextMimetype application/pdf
omslag(80 kB)54 downloads
File information
File name COVER01.pdfFile size 80 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Software and SystemsThe Institute of Technology
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 3130 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 553 hits
ReferencesLink to record
Permanent link

Direct link