Visible to the public Naval cyber-physical anomaly propagation analysis based on a quality assessed graph

TitleNaval cyber-physical anomaly propagation analysis based on a quality assessed graph
Publication TypeConference Paper
Year of Publication2020
AuthorsPelissero, N., Laso, P. M., Puentes, J.
Conference Name2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
KeywordsAnalytical models, Anomalies, anomaly detection, compositionality, Computational modeling, CPS anomalies, Cyber Dependencies, cyber-attacks, cyber-physical system, Cyber-physical systems, data and information quality, Data models, data streams, data-driven decision system, digital subsystems, graph theory, human factors, information quality measures vectors, Marine vehicles, Metrics, naval CPS, naval cyber-physical anomaly propagation analysis, naval engineering computing, naval propulsion management system, Navigation, optimized supervisory control, programmable controllers, programmable logical controller, propagation analysis, pubcrawl, quality assessed graph, Resiliency, Scalability, security of data, Sensors, system graph
AbstractAs any other infrastructure relying on cyber-physical systems (CPS), naval CPS are highly interconnected and collect considerable data streams, on which depend multiple command and navigation decisions. Being a data-driven decision system requiring optimized supervisory control on a permanent basis, it is critical to examine the CPS vulnerability to anomalies and their propagation. This paper presents an approach to detect CPS anomalies and estimate their propagation applying a quality assessed graph, which represents the CPS physical and digital subsystems, combined with system variables dependencies and a set of data and information quality measures vectors. Following the identification of variables dependencies and high-risk nodes in the CPS, data and information quality measures reveal how system variables are modified when an anomaly is detected, also indicating its propagation path. Taking as reference the normal state of a naval propulsion management system, four anomalies in the form of cyber-attacks - port scan, programmable logical controller stop, and man in the middle to change the motor speed and operation of a tank valve - were produced. Three anomalies were properly detected and their propagation path identified. These results suggest the feasibility of anomaly detection and estimation of propagation estimation in CPS, applying data and information quality analysis to a system graph.
Citation Keypelissero_naval_2020