Cybersecurity for networked industrial control systems presents challenges not faced in information technology systems. The use of heritage protocols, such as Modbus, on unrouted serial buses makes it difficult to authenticate actuator commands and sensor data. Furthermore, rigid master/slave architectures such as Modbus are especially vulnerable to compromise of the master unit. We describe a logic program called the Qualitative Behavioral Analyzer (QBA) for monitoring a controlled physical process on an unrouted Modbus network. The proposed approach uses knowledge of process physics to identify a possible component fault or cyberattack. To avoid relying on the integrity of the master unit, the QBA directly analyzes Modbus network traffic. The first stage of the QBA is called the Network Analyzer, which evaluates each Modbus packet and extract qualitative information. The second stage is called the Physics Analyzer, which evaluates a qualitative physics model based on qualitative information from Network Analyzer. The QBA is demonstrated on simulations of a water treatment process.
- Dynamic Systems and Control Division
Qualitative Behavioral Analyzer for Fault Detection and Cyber Security of Control Networks
Pothuwila, K, & Berg, JM. "Qualitative Behavioral Analyzer for Fault Detection and Cyber Security of Control Networks." Proceedings of the ASME 2014 Dynamic Systems and Control Conference. Volume 2: Dynamic Modeling and Diagnostics in Biomedical Systems; Dynamics and Control of Wind Energy Systems; Vehicle Energy Management Optimization; Energy Storage, Optimization; Transportation and Grid Applications; Estimation and Identification Methods, Tracking, Detection, Alternative Propulsion Systems; Ground and Space Vehicle Dynamics; Intelligent Transportation Systems and Control; Energy Harvesting; Modeling and Control for Thermo-Fluid Applications, IC Engines, Manufacturing. San Antonio, Texas, USA. October 22–24, 2014. V002T26A005. ASME. https://doi.org/10.1115/DSCC2014-6361
Download citation file: