Detection of Cyber-Physical Faults and Intrusions from Physical Correlations

TL;DR

This paper presents techniques for rapid online detection and localization of faults and intrusions in cyber-physical systems by analyzing physical signal correlations, demonstrated on building automation data.

Contribution

It introduces a novel correlation-based detection method that requires minimal system information for identifying faults and intrusions in cyber-physical systems.

Findings

Effective fault detection demonstrated on building automation data

Minimal prior system knowledge needed for detection

Fast online identification of faults and intrusions

Abstract

Cyber-physical systems are critical infrastructures that are crucial both to the reliable delivery of resources such as energy, and to the stable functioning of automatic and control architectures. These systems are composed of interdependent physical, control and communications networks described by disparate mathematical models creating scientific challenges that go well beyond the modeling and analysis of the individual networks. A key challenge in cyber-physical defense is a fast online detection and localization of faults and intrusions without prior knowledge of the failure type. We describe a set of techniques for the efficient identification of faults from correlations in physical signals, assuming only a minimal amount of available system information. The performance of our detection method is illustrated on data collected from a large building automation system.