From: Enabling data-driven anomaly detection by design in cyber-physical production systems
Work | Methods | Application scenario | Data analyzed | Tools | Attack/fault spectrum | Assessment |
---|---|---|---|---|---|---|
Sierla et al. (2014) | Security risk analysis | Electric grid FLISR (simulated) | Network (MODBUS and DNP3) | Matlab; simulink. | DoS; attempted break-ins; message spoofing. | N.A. |
Tanveer et al. (2018) | Encryption of data communications | PLC in ICS lab testbed (raspberry Pi) | Network (TCP and UDP) | AES; KE. | N.A. | 2–10 ms latency of encryption process |
Tanveer et al. (2019) | Rule-based IDS | PLC in ICS Lab testbed (Wago PFC200 PLCs) | Network (TCP and UDP) | Snort; hping3. | DoS/DDoS; Masquerade; flooding. | Packets drop (N.A. results) |
MAS-based fault diagnostic | CPPS | Sensor (Temperature) | GORITE; SysML. | Sensor fault; software fault; actuator electrical and mechanical faults. | Performance and timeliness (N.A. results) | |
Tanveer et al. (2021) | Secure links (protection of communications) | PLC in ICS lab testbed (Wago PFC200 PLCs) | Network (TCP and UDP) | TLS; AEAD; KE; TORUS. | N.A. | 2–5 ms latency of AEAD; 370–500 ms latency of KE; MI = 75.68; \(S*\) = 23.8; \(DC*\) = 20.6; \(C*\) = 44.4. |
Proposed approach | A-HIDS | CPPS lab testbed (raspberry Pi) | Network (OPC UA) | iDCA; DINASORE; pyshark; river. | DoS; MITM; message spoofing. | 30% CPU; 50% RAM; 300 KB/s network I/O; 0.1% packet drop; MI = 100.12; \(S*\) = 16; \(DC*\) = 0.65; \(C*\) = 16.65. |