標題: | 於具有攻擊偵測機制之過程控制系統上論潛伏攻擊之影響 On Study of Stealthy Attacks in a Process Control System with Model-based Anomaly Detection Protection |
作者: | 黃啟彥 黃育綸 電控工程研究所 |
關鍵字: | 潛伏攻擊;惡意偵測機制;過程控制系統;stealthy attacks;anomaly detection protection;process control system |
公開日期: | 2010 |
摘要: | 過程控制系統(PCS)具有穩定系統運作的能力,常被廣泛應用於現今的基礎建設及大型工廠中。由於這類系統的任何毀損都可能造成極重大的災難,並奪走數千條人命,因此2008年即有研究學者針對Tennessee-Eastman過程控制系統(TE-PCS)提出一套以模型為基礎的攻擊偵測模組(mADM),確保TE-PCS能維持在穩定的工作範圍內。mADM利用真實訊號與內部模擬訊號的累計差值,來推斷系統的感測器是否遭人破壞,而對系統進行不利之攻擊。為保證PCS受到mADM的良好保護,在本篇論文中,我們以內賊的角度,對系統進行潛伏攻擊,以評估mADM之強健性。所謂內賊即為可能(1)熟知mADM的運作與參數或(2)擁有更改mADM參數權力之人;透過潛伏攻擊,可以在不被mADM偵測的情況下,使系統不當運作,而造成營運成本上升或工廠機具毀損。在分析mADM的設計後,我們依據累計差值的曲線變化,設計三種訊號曲線(凸面、斜線和凹面),以組成各種不同類型的潛伏攻擊,並進一步地攻擊以mADM保護之PCS。以TE-PCS為例,我們設計一系列的實驗,找出最有效的攻擊目標(感測器)和其相對應之攻擊方法。實驗結果證明當mADM參數落於安全範圍值時,潛伏攻擊無法造成系統崩解。但是,如果內賊擁有更改mADM參數的權力,則系統必須嚴加控管mADM參數的設定,否則過高的參數值會使系統遭受攻擊而損毀,過低的值則會使系統頻繁地發出錯誤警示,而增加營運成本。最後,我們演示三個例子,說明在不同的收支比下,潛伏攻擊會使系統整體營利損失0.06%至41%。 Process control systems (PCS) are widely used in modern infrastructures and industrial plants for stabilizing safety-critical processes. Any disruption in such systems may cause serious human injuries and environmental disasters. In 2008, Lin et al.~proposed a model-based anomaly detection module (abbreviated to mADM) to assure the security and stability of a well-studied Tennessee-Eastman process control system (TE-PCS). By taking advantages of cumulating the differences between real and simulated signals, mADM was able to detect an attack that compromises one or more sensors to crash the system. To evaluate the robustness of mADM, we study the stealthy attacks launched by an insider who may (1) know the detection and response strategies of mADM or (2) adjust the parameters of mADM so that these stealthy attacks may successfully attack the system without being detected by mADM. After analyzing mADM, we prove that a general stealthy attack signal can be represented by three types of curves, convex curve (cv), slope (sl), and concave curve (cc), depending on the cumulative differences of signals. By conducting a series of experiments on TE-PCS, we can identify the weakest sensor and the most effective way to stealthily attack this sensor. We also show that, if an insider cannot adjust the parameter settings and the parameters are well configured, he may not be able to crash the system. In the case that the insider obtains the permission to adjust the parameter settings, mADM should self-check whether the settings fall within valid ranges. Over-the-threshold settings may lead to a crash without being detected while under-the-threshold values may result in frequent false alarms and increase the operating costs. In the end, we also demonstrate three case studies to discuss that stealthy attacks may decrease the profits from 0.06% to 41%, depending on the ratio of costs and sales prices. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT079712539 http://hdl.handle.net/11536/44431 |
顯示於類別: | 畢業論文 |