Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Anomaly Detection and its Adaptation: Studies on Cyber-Physical Systems
Linköping University, Department of Computer and Information Science, Software and Systems. Linköping University, The Institute of Technology. (RTSLAB)
2013 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

Cyber-Physical Systems (CPS) are complex systems where physical operations are supported and coordinated by Information and Communication Technology (ICT).

From the point of view of security, ICT technology offers new opportunities to increase vigilance and real-time responsiveness to physical security faults. On the other hand, the cyber domain carries all the security vulnerabilities typical to information systems, making security a new big challenge in critical systems. This thesis addresses anomaly detection as security measure in CPS. Anomaly detection consists of modelling the good behaviour of a system using machine learning and data mining algorithms, detecting anomalies when deviations from the normality model occur at runtime. Its main feature is the ability to discover the kinds of attack not seen before, making it suitable as a second line of defence.

The first contribution of this thesis addresses the application of anomaly detection as early warning system in water management systems. We describe the evaluation of an anomaly detection software when integrated in a Supervisory Control and Data Acquisition (SCADA) system where water quality sensors provide data for real-time analysis and detection of contaminants. Then, we focus our attention to smart metering infrastructures. We study a smart metering device that uses a trusted platform for storage and communication of electricity metering data, and show that despite the hard core security, there is still room for deployment of a second level of defence as an embedded real-time anomaly detector that can cover both the cyber and physical domains. In both scenarios, we show that anomaly detection algorithms can efficiently discover attacks in the form of contamination events in the first case and cyber attacks for electricity theft in the second. The second contribution focuses on online adaptation of the parameters of anomaly detection applied to a Mobile Ad hoc Network (MANET) for disaster response. Since survivability of the communication to network attacks is as crucial as the lifetime of the network itself, we devised a component that is in charge of adjusting the parameters based on the current energy level, using the trade-off between the node's response to attacks and the energy consumption induced by the intrusion detection system. Adaption increases the network lifetime without significantly deteriorating the detection performance.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2013. , 70 p.
Series
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1586
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-89617Local ID: LiU–Tek–Lic–2013:20ISBN: 978-91-7519-644-2 (print)OAI: oai:DiVA.org:liu-89617DiVA: diva2:608664
Presentation
2013-04-09, Alan Turing, Campus Valla, Linköping University, Linköping, 13:15 (English)
Opponent
Supervisors
Available from: 2013-03-11 Created: 2013-02-27 Last updated: 2013-03-12Bibliographically approved

Open Access in DiVA

Anomaly Detection and its Adaptation: Studies on Cyber-Physical Systems(1598 kB)3501 downloads
File information
File name FULLTEXT01.pdfFile size 1598 kBChecksum SHA-512
453a24ed08ba589c2400c00228972ea1ea76d44c1950308058ab7088c86e25a7c55db222578ccae3d40376aa066b82b94d3b4534be491eb51369a07545f581fa
Type fulltextMimetype application/pdf
omslag(80 kB)66 downloads
File information
File name COVER01.pdfFile size 80 kBChecksum SHA-512
8840c9eb2d09b4ae6f917ab23e94fa05d27b9f22f409d706ae886f7b651d7e45b5fd1722834b9963fea826a27a0bd90ee8c0a936ba421bfa2d46a431253c80ac
Type coverMimetype application/pdf

By organisation
Software and SystemsThe Institute of Technology
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 3501 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 636 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf