A fault diagnosis system for interdependent critical infrastructures based on HMMs

NTALAMPIRAS, Stavros; SOUPIONIS, Ioannis; GIANNOPOULOS, Georgios

doi:10.1016/j.ress.2015.01.024

This paper proposes a probabilistic modeling scheme for analyzing malicious events appearing in interdependent critical infrastructures. The proposed scheme is based on modeling the relationship between two datastreams by means of a hidden Markov model (HMM) trained on the parameters of linear time-invariant dynamic systems which estimate the relationships existing among the nodes of the network over consecutive time windows. Our study includes an energy network (IEEE 30 model bus) operated via a telecommunications infrastructure. The relationships among the elements of the network of infrastructures are represented by an HMM and the novel data is categorised according to its distance (computed in the probabilistic space) from the training ones. We considered two types of cyber-attacks (denial of service and integrity/replay) and report encouraging results in terms of false positive rate, false negative rate and detection delay.

NTALAMPIRAS Stavros; SOUPIONIS Ioannis; GIANNOPOULOS Georgios;

2015-02-19

ELSEVIER SCI LTD

JRC93579

0951-8320,

http://www.sciencedirect.com/science/article/pii/S0951832015000344, https://publications.jrc.ec.europa.eu/repository/handle/JRC93579,

10.1016/j.ress.2015.01.024,

Language	Citation

Name	Country	City	Type

Datasets

ID	Title	Public URL

Dataset collections

ID	Acronym	Title	Public URL

Scripts / source codes

Description	Public URL

Additional supporting files

File name	Description	File type

Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice