Aerospace and Electronic Systems Magazine May 2017 - 38

Security of SCADA Systems against Cyber-Physical Attacks
in which each problem discriminates a given class from the other
K − 1 classes. When testing an unknown example, the classifier
producing the maximum output is considered the winner, and this
class label is assigned to that example. A second approach, named
all versus all, consists of comparing each class to each other class.
A binary classifier is built to discriminate between each pair of
classes while discarding the rest of the classes. When testing a new
example, voting is performed among the classifiers, and the class
with the maximum number of votes wins. To our best knowledge,
there are just a few research papers on the application of multiclass
classification methods to the isolation of attacks on ICSs [94], [95].

Figure 4.

Demonstration of one-class classification. The outliers in red are outside
of the boundaries in blue. The normal data are plotted in black.

outliers in the training set is allowed and slack variables ξi ≥ 0 are
introduced to penalize the excluded samples. Finally, the goal is to
solve the following constrained minimization problem:
min a , R ,ξi R 2 +

1
νN

N

ξ
i =1

i

(8)

subject to
(9)
where ϕ : X   is the mapping from the input domain  into the
feature space  . The norm ·  is defined by a proper inner product
〈ϕ(x),ϕ(y)〉 on  associated to a kernel function k(x, y) such that
k(x,y) = 〈ϕ(x),ϕ(y)〉 for all x,y ∈  . The predefined parameter ν ∈
(0, 1) regulates the tradeoff between the volume of the hypersphere
and the number of outliers. The problem in (8) and (9) is usually
solved with a Lagrangian optimization algorithm.
Isolation problem: In some situations, abnormal data may be
available for learning. For example, if an industrial system has
been penetrated in the past, its abnormal data will (and should)
be recorded for future use. In addition, various attack scenarios on
SCADA systems can be created by computer simulation and the
simulated data can be used for learning. In such circumstances,
multiclass classification techniques can be applied for detecting
the attack instant and classifying attack types (or attack scenarios
or attack points).
In multiclass classification problems, training data from each
class must be available and decision functions for classifying new
samples into one of the predefined classes must be defined. There
are two main trends in the literature [92], [93]. The first trend considers multiclass classifiers like decision trees, random forests, k
nearest neighbors, or multiclass support vector machines. The second trend includes approaches for converting the multiclass classification problem into a set of binary classification problems that
are efficiently solved using binary classifiers between two classes.
The simplest approach, named one versus all, is to reduce the
problem of classifying among K classes into K binary problems,
38

MODEL-BASED APPROACH
The model-based approach consists of developing the parametric
models of SCADA systems under normal operation, as well as
under different attack scenarios. The decision-making process is
based on the comparison between system observations and model outputs. The system is said to be under attack if the observed
data are no longer consistent with the estimated outputs of normal mode. If an attack scenario and a corresponding parametric
model are available, the observed data can be checked for consistency with the estimated outputs of this attack mode. In this a
way, it is decided that the system is under that attack. However,
this comparison is not obvious because of the presence of model
uncertainties, nuisance parameters, and random noise. Fortunately,
the fault diagnosis community has contributed methodologies for
circumventing such drawbacks [96]. Fault detection and isolation
(FDI) techniques have been adapted to the detection and isolation
of cyber attacks on SCADA systems [7], [35], [36], [39].

Fault Diagnosis (Detection and Isolation)
There is a vast literature on fault diagnosis (detection and isolation) of deterministic and stochastic-dynamical systems; see, for
example, [96]-[99]. The main purpose of an FDI algorithm is to
decide whether a fault has occurred and then to identify the type of
fault. An FDI algorithm should be sensitive with respect to faults
and unsensitive with respect to random noises and unknown system states (often regarded as nuisance parameters). The automatic
control community traditionally solves the fault diagnosis problem
by using the analytical redundancy approach. The statistical signal
processing community solves the fault diagnosis problem by using
the theory of invariance in sequential hypothesis testing. In both
cases, there are two principal steps:
1. Residual generation (Kalman filtering or invariant statistics
calculation)
2. Residual evaluation (thresholding or decision function calculation)
The so-called residuals are generated by traditional techniques,
such as by a state observer [100], [101]; Kalman filter [99], [102];
or parity space approach [103], [104] for dealing with the nuisance
parameters. They are then evaluated by sequential change detection and isolation methods [80], [99] for mitigating the impact of
noise. A sequential detection and isolation algorithm is defined as a

IEEE A&E SYSTEMS MAGAZINE

MAY 2017



Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017

No label
Aerospace and Electronic Systems Magazine May 2017 - No label
Aerospace and Electronic Systems Magazine May 2017 - Cover2
Aerospace and Electronic Systems Magazine May 2017 - 1
Aerospace and Electronic Systems Magazine May 2017 - 2
Aerospace and Electronic Systems Magazine May 2017 - 3
Aerospace and Electronic Systems Magazine May 2017 - 4
Aerospace and Electronic Systems Magazine May 2017 - 5
Aerospace and Electronic Systems Magazine May 2017 - 6
Aerospace and Electronic Systems Magazine May 2017 - 7
Aerospace and Electronic Systems Magazine May 2017 - 8
Aerospace and Electronic Systems Magazine May 2017 - 9
Aerospace and Electronic Systems Magazine May 2017 - 10
Aerospace and Electronic Systems Magazine May 2017 - 11
Aerospace and Electronic Systems Magazine May 2017 - 12
Aerospace and Electronic Systems Magazine May 2017 - 13
Aerospace and Electronic Systems Magazine May 2017 - 14
Aerospace and Electronic Systems Magazine May 2017 - 15
Aerospace and Electronic Systems Magazine May 2017 - 16
Aerospace and Electronic Systems Magazine May 2017 - 17
Aerospace and Electronic Systems Magazine May 2017 - 18
Aerospace and Electronic Systems Magazine May 2017 - 19
Aerospace and Electronic Systems Magazine May 2017 - 20
Aerospace and Electronic Systems Magazine May 2017 - 21
Aerospace and Electronic Systems Magazine May 2017 - 22
Aerospace and Electronic Systems Magazine May 2017 - 23
Aerospace and Electronic Systems Magazine May 2017 - 24
Aerospace and Electronic Systems Magazine May 2017 - 25
Aerospace and Electronic Systems Magazine May 2017 - 26
Aerospace and Electronic Systems Magazine May 2017 - 27
Aerospace and Electronic Systems Magazine May 2017 - 28
Aerospace and Electronic Systems Magazine May 2017 - 29
Aerospace and Electronic Systems Magazine May 2017 - 30
Aerospace and Electronic Systems Magazine May 2017 - 31
Aerospace and Electronic Systems Magazine May 2017 - 32
Aerospace and Electronic Systems Magazine May 2017 - 33
Aerospace and Electronic Systems Magazine May 2017 - 34
Aerospace and Electronic Systems Magazine May 2017 - 35
Aerospace and Electronic Systems Magazine May 2017 - 36
Aerospace and Electronic Systems Magazine May 2017 - 37
Aerospace and Electronic Systems Magazine May 2017 - 38
Aerospace and Electronic Systems Magazine May 2017 - 39
Aerospace and Electronic Systems Magazine May 2017 - 40
Aerospace and Electronic Systems Magazine May 2017 - 41
Aerospace and Electronic Systems Magazine May 2017 - 42
Aerospace and Electronic Systems Magazine May 2017 - 43
Aerospace and Electronic Systems Magazine May 2017 - 44
Aerospace and Electronic Systems Magazine May 2017 - 45
Aerospace and Electronic Systems Magazine May 2017 - 46
Aerospace and Electronic Systems Magazine May 2017 - 47
Aerospace and Electronic Systems Magazine May 2017 - 48
Aerospace and Electronic Systems Magazine May 2017 - 49
Aerospace and Electronic Systems Magazine May 2017 - 50
Aerospace and Electronic Systems Magazine May 2017 - 51
Aerospace and Electronic Systems Magazine May 2017 - 52
Aerospace and Electronic Systems Magazine May 2017 - 53
Aerospace and Electronic Systems Magazine May 2017 - 54
Aerospace and Electronic Systems Magazine May 2017 - 55
Aerospace and Electronic Systems Magazine May 2017 - 56
Aerospace and Electronic Systems Magazine May 2017 - 57
Aerospace and Electronic Systems Magazine May 2017 - 58
Aerospace and Electronic Systems Magazine May 2017 - 59
Aerospace and Electronic Systems Magazine May 2017 - 60
Aerospace and Electronic Systems Magazine May 2017 - 61
Aerospace and Electronic Systems Magazine May 2017 - 62
Aerospace and Electronic Systems Magazine May 2017 - 63
Aerospace and Electronic Systems Magazine May 2017 - 64
Aerospace and Electronic Systems Magazine May 2017 - Cover3
Aerospace and Electronic Systems Magazine May 2017 - Cover4
http://www.brightcopy.net/allen/aesm/34-2s
http://www.brightcopy.net/allen/aesm/34-2
http://www.brightcopy.net/allen/aesm/34-1
http://www.brightcopy.net/allen/aesm/33-12
http://www.brightcopy.net/allen/aesm/33-11
http://www.brightcopy.net/allen/aesm/33-10
http://www.brightcopy.net/allen/aesm/33-09
http://www.brightcopy.net/allen/aesm/33-8
http://www.brightcopy.net/allen/aesm/33-7
http://www.brightcopy.net/allen/aesm/33-5
http://www.brightcopy.net/allen/aesm/33-4
http://www.brightcopy.net/allen/aesm/33-3
http://www.brightcopy.net/allen/aesm/33-2
http://www.brightcopy.net/allen/aesm/33-1
http://www.brightcopy.net/allen/aesm/32-10
http://www.brightcopy.net/allen/aesm/32-12
http://www.brightcopy.net/allen/aesm/32-9
http://www.brightcopy.net/allen/aesm/32-11
http://www.brightcopy.net/allen/aesm/32-8
http://www.brightcopy.net/allen/aesm/32-7s
http://www.brightcopy.net/allen/aesm/32-7
http://www.brightcopy.net/allen/aesm/32-6
http://www.brightcopy.net/allen/aesm/32-5
http://www.brightcopy.net/allen/aesm/32-4
http://www.brightcopy.net/allen/aesm/32-3
http://www.brightcopy.net/allen/aesm/32-2
http://www.brightcopy.net/allen/aesm/32-1
http://www.brightcopy.net/allen/aesm/31-12
http://www.brightcopy.net/allen/aesm/31-11s
http://www.brightcopy.net/allen/aesm/31-11
http://www.brightcopy.net/allen/aesm/31-10
http://www.brightcopy.net/allen/aesm/31-9
http://www.brightcopy.net/allen/aesm/31-8
http://www.brightcopy.net/allen/aesm/31-7
https://www.nxtbookmedia.com