EXPERIMENTAL STUDY ON THE CYBER ATTACK EARLY RECOGNITION SYSTEM

抄録

The purpose of the present study is to develop cyberattack early recognition system and to evaluate the effectiveness of the developed system by applying to the chemical plant testbed, which physically simulate the small scale chemical plant with industrial control system(ICS). The developed system is called CAeRS(Cyber Attack early Recognition System). The functional purpose of CAeRS is to help operators in recognizing the possibility of a cyber attack based on data from diverse sources. CAeRS has been developed from a hypothesis-based diagnosis system using Bayesian networks. The role of CAeRS is not to perform automatic recognition of cyber attacks but to provide operators with information required to enhance situational awareness concerning the state of the objective system. Information about the system is obtained in a step-by-step manner until the probability of a specific hypothesis becomes prominent. The performance of CAeRS has been validated using the chemical plant testbed.

The conventional failures have been physically simulated in the testbed to obtain cause-consequence relationship, which is required to build Bayesian Network. The cyber attacks have been simulated by the unauthorized parameter change, which result in the similar symptom with physical failure. Based on the scenario based evaluation, it has been demonstrated that the developed system can provide information to the operator, which helps to distinguish a specific cyber attack from a physical system failure with similar symptoms.