 A method for testing distributed anomaly detectorsGayathri Sugumar and Aditya Mathur International Journal of Critical Infrastructure Protection, 2019, vol. 27, issue C Abstract: Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-automaton, serve as reference attacks. A potentially large set of attacks is then created by systematically applying the mutation operators to each reference attack. In a case study, SCM was applied to a timed-automata model of a water treatment plant to assess its effectiveness in testing a distributed anomaly detector. Results attest to the value of SCM in identifying weaknesses in an anomaly detector, prior to its deployment, and improving its effectiveness in detecting process anomalies. Keywords: Attack model; Distributed anomaly detector; Critical infrastructure; Cyber-attacks; Cyber-physical systems; Industrial control systems; Testing; Timed-automata; Water treatment plant (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:27:y:2019:i:c:s1874548219301210 DOI: 10.1016/j.ijcip.2019.100324 Access Statistics for this article International Journal of Critical Infrastructure Protection is currently edited by Leon Strous More articles in International Journal of Critical Infrastructure Protection from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.