Resilient Control and Intrusion Detection for SCADA Systems

Bonnie Xia Zhu

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2014-34
May 1, 2014

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-34.pdf

Supervisory Control and Data Acquisition (SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are increasingly subject to serious damage and disruption by cyber means due to their standardization and connectivity to other networks. However, SCADA systems generally have little protection from the escalating cyber threats. To achieve defense-in-depth for SCADA systems by means of intrusion detection and resilient control, this dissertation strives for a robust stochastic signal and system approach without being overly-pessimistic. Its main elements are (1) two SCADA-specific comprehensive taxonomies with one on cyber attacks and the other on intrusion detection system to layout the lay of the land and shed light to the workspace, (2) one overall framework/architecture for intrusion detection and resilient control – Xware (3) its measurement fusion assurance component – Trust counter, (4) one signal-based early-detection and resilient estimation scheme with proved theoretical performance bounds, for SCADA systems in general. Especially the said Robust General Likelihood Ratio Test (RGLRT) is generic enough and has been applied to linear dynamical systems in general and beyond. (5) The application of RGLRT in network traffic anomaly detection. (6) The application of RGLRT to anomaly detection for SCADA systems in smart grids through model construction and identification for both clean renewable energy supply and variable consumer demand.

Advisor: S. Shankar Sastry


BibTeX citation:

@phdthesis{Zhu:EECS-2014-34,
    Author = {Zhu, Bonnie   Xia},
    Title = {Resilient Control and Intrusion Detection for SCADA Systems},
    School = {EECS Department, University of California, Berkeley},
    Year = {2014},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-34.html},
    Number = {UCB/EECS-2014-34},
    Abstract = {Supervisory Control and Data Acquisition (SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are increasingly subject to serious damage and disruption by cyber means due to their standardization and connectivity to other networks.
However, SCADA systems generally have little protection from the escalating cyber threats. To achieve defense-in-depth for SCADA systems by means of intrusion detection and resilient control, this dissertation strives for a robust stochastic signal and system approach without being overly-pessimistic. Its main elements are (1) two SCADA-specific comprehensive taxonomies with one on cyber attacks and the other on intrusion detection system to layout the lay of the land and shed light to the workspace, (2) one overall framework/architecture for intrusion detection and
resilient control – Xware (3) its measurement fusion assurance component – Trust counter, (4) one signal-based early-detection and resilient estimation scheme with proved theoretical performance bounds, for SCADA systems in general. Especially the said Robust General Likelihood Ratio Test (RGLRT) is generic enough and has been applied to linear dynamical systems in general and beyond. (5) The application of RGLRT in network traffic anomaly detection. (6) The application of RGLRT to anomaly detection for SCADA systems in smart grids through model construction and identification for both clean renewable energy supply and variable consumer demand.}
}

EndNote citation:

%0 Thesis
%A Zhu, Bonnie   Xia
%T Resilient Control and Intrusion Detection for SCADA Systems
%I EECS Department, University of California, Berkeley
%D 2014
%8 May 1
%@ UCB/EECS-2014-34
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2014/EECS-2014-34.html
%F Zhu:EECS-2014-34