Risk Data Analysis Based Anomaly Detection of Ship Information System
<p>Interactions of a Ship Information System (SIS). DCU, Distributed Controller Unit; RTU, Remote Terminal Unit.</p> "> Figure 2
<p>Cooperative control mode of SIS.</p> "> Figure 3
<p>Force and moment of sea wave disturbance at 30<math display="inline"><semantics> <msup> <mrow/> <mo>∘</mo> </msup> </semantics></math>.</p> "> Figure 4
<p>Heading (<b>A</b>) and rolling (<b>B</b>) angles of the ship without control commands.</p> "> Figure 5
<p>Cooperative control effects of ship heading and rolling under signal attack. The simulation results of ship heading and rolling based on this control algorithm are shown by dotted lines in Figure A,B, respectively. Meanwhile the solid line in (<b>A</b>,<b>B</b>) depicts the heading and rolling output of the ship while the signal attack acted on the heading data signal. Here, the signal attack first happened at 80 s, and we have hi = 0.5. In addition, the operation states of main (flap) rudder and main (flap) fin are shown by solid (dotted) lines in (<b>C</b>,<b>D</b>), respectively.</p> "> Figure 6
<p>Data abnormalities of rudder and flap rudder. In (<b>A</b>,<b>B</b>), the abnormal data of ship rudder and flap rudder are first detected at 81.7 s and 80.4 s by Algorithm respectively.</p> ">
Abstract
:1. Introduction
2. Model Description
2.1. Structure
2.1.1. Components
Operational Units
Distributed Controller Units
Remote Terminal Units
2.1.2. Networks
SIS Network
Subnetworks
2.2. Cooperative Control Structure of SIS
3. Signal Attack in SIS
3.1. Signal Attack Form
3.1.1. An Example of the Signal Attack Algorithm
Algorithm 1 Signal attack algorithm. |
Require: Original input data |
1: remark ; |
2: initialize ; |
3: ; |
4: for to n do |
5: ; |
6: end for |
7: ; |
8: ; |
9: if then |
10: ; |
11: ; |
12: else |
13: ; |
14: ; |
15: end if; |
16: ; |
17: ; |
18: ; |
19: for to 1 do |
20: ; |
21: end for |
22: ; |
23: return ; |
3.1.2. The Form of the Hazard Factor-Based Signal Attack
3.1.3. Signal Attack Zone
Attack on Local Sensor Data
Attack on Global Sensor Data
Attack on Actuator Control Data
4. Critical State Analysis
4.1. Critical State Estimation
Algorithm 2 Critical state estimation algorithm. |
Require:, ( level of ), -related rule set , -related dataset |
1: reorder and remark ; |
2: for to 5 do |
3: for to do |
4: Initialize interval |
5: remark the -related subset of as ; |
6: Set subinterval |
7: |
8: |
9: Set interval |
10: |
11: |
12: if then |
13: ; |
14: end if; |
15: if then |
16: ; |
17: end if; |
18: if then |
19: ; |
20: end if; |
21: if then |
22: ; |
23: end if; |
24: end for |
25: if or then |
26: is beyond p-level risk; |
27: else |
28: is p-level non-risk; |
29: end if; |
30: end for |
31: return and |
4.2. Bi-Critical Data Analysis
Algorithm 3 Critical data discrimination algorithm for a pair of . |
Require:, , , , -related rule set , -related dataset initialize a -related dataset , which includes every type of data belong to , except initialize a -related, but non-related rule set choose , , , as inputs, and run Algorithm 2 if the result of Algorithm 2 shows that is beyond -level risk then return is a definitely beyond -level risk () else reset choose , , , as inputs, and rerun Algorithm 2 if the result of Algorithm 2 shows that is beyond -level risk data then return is definitely beyond -level risk data () else return is potentially beyond -level risk data () end if end if |
5. Simulation
5.1. Modeling of the Ship Cooperative Motion Control System
5.2. Influence of Signal Attack in SCMCS
5.3. Anomaly Detection Analysis of SCMCS
6. Discussions and Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Mo, Y.; Kim, H.J.; Brancik, K.; Dickinson, D.; Lee, H.; Perrig, A.; Sinopoli, B. Cyber–Physical Security of a Smart Grid Infrastructure. Proc. IEEE 2011, 100, 195–209. [Google Scholar]
- Slay, J.; Miller, M. Lessons Learned from the Maroochy Water Breach. Int. Fed. Inf. Process. 2007, 253, 73–82. [Google Scholar]
- Abrams, M.D. Malicious Control System Cyber Security Attack Case Study–Maroochy Water Services, Australia. In Proceedings of the Annual Computer Security Applications Conference, Anaheim, CA, USA, 8–12 December 2008; Volume 253, pp. 73–82. [Google Scholar]
- Nicholson, A.; Webber, S.; Dyer, S.; Patel, T.; Janicke, H. SCADA security in the light of Cyber-Warfare. Comput. Secur. 2012, 31, 418–436. [Google Scholar] [CrossRef]
- Langner, R. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Secur. Priv. 2011, 9, 49–51. [Google Scholar] [CrossRef]
- Ten, C.W.; Liu, C.C.; Manimaran, G. Vulnerability Assessment of Cyber Security for SCADA Systems. IEEE Trans. Power Syst. 2008, 23, 1836–1846. [Google Scholar] [CrossRef]
- Knijff, R.M.V.D. Control Systems/SCADA Forensics, What’s the Difference? Digit. Investig. 2014, 11, 160–174. [Google Scholar] [CrossRef]
- Nate Kube.Cyberphysical Security: The Next Frontier. Available online: http://www.securityweek.com/cyberphysical-security- next-frontier (accessed on 23 March 2015).
- Pollet, J. Developing a solid SCADA security strategy. In Proceedings of the 2nd ISA/IEEE Sensors for Industry Conference, Houston, TX, USA, 19–21 November 2002; pp. 148–156. [Google Scholar]
- Ten, C.W.; Manimaran, G.; Liu, C.C. Cybersecurity for Critical Infrastructures: Attack and Defense Modeling. IEEE Trans. Syst. Man. Cybern. Part A. Syst. Hum. 2010, 40, 853–865. [Google Scholar] [CrossRef] [Green Version]
- Barbosa, R.R.R.; Pras, A. Intrusion Detection in SCADA Networks. In Mechanisms for Autonomous Management of Networks and Services; Springer: Berlin/Heidelberg, Germany, 2010; pp. 163–166. [Google Scholar]
- Cardenas, A.; Amin, S.; Sastry, S. Attacks against process control systems: Risk assessment, detection, and response. In Proceedings of the ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 22–24 March 2011; pp. 355–366. [Google Scholar]
- Cárdenas, A.A.; Amin, S.; Sinopoli, B.; Giani, A.; Perrig, A.; Sastry, S. Challenges for Securing Cyber Physical Systems. In Proceedings of the First Workshop on Cyber-physical Systems Security, Stockholm, Sweden, 12–16 April 2010; pp. 363–369. [Google Scholar]
- Wilson, D.C.; Pala, O.; Tolone, W.J. Recommendation-based geovisualization support for reconstitution in critical infrastructure protection. Proc. SPIE 2009, 7346. [Google Scholar] [CrossRef]
- Zhou, C.; Huang, S.; Xiong, N.; Yang, S.H. Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation. IEEE Trans. Syst. Man Cybern. Syst. 2015, 45, 1345–1360. [Google Scholar] [CrossRef]
- Svendsen, N.; Wolthusen, S. Modeling and Detecting Anomalies in Scada Systems. Int. Fed. Inf. Process. 2008, 290, 101–113. [Google Scholar]
- Ntalampiras, S. Detection of Integrity Attacks in Cyber-Physical Critical Infrastructures Using Ensemble Modeling. IEEE Trans. Ind. Inform. 2015, 11, 104–111. [Google Scholar] [CrossRef]
- Goldenberg, N.; Wool, A. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 2013, 6, 63–75. [Google Scholar] [CrossRef]
- Svendsen, N.; Wolthusen, S. Using Physical Models for Anomaly Detection in Control Systems. In Critical Infrastructure Protection III; Springer: Berlin/Heidelberg, Germany, 2009; pp. 139–149. [Google Scholar]
- Kumarage, H.; Khalil, I.; Tari, Z.; Zomaya, A. Distributed anomaly detection for industrial wireless sensor networks based on fuzzy data modelling. J. Parallel Distrib. Comput. 2013, 73, 790–806. [Google Scholar] [CrossRef]
- Hadžiosmanović, D.; Bolzoni, D.; Hartel, P.H. A log mining approach for process monitoring in SCADA. Int. J. Inform. Secur. 2012, 11, 231–251. [Google Scholar] [CrossRef] [Green Version]
- Kang, D.H.; Kim, B.K.; Na, J.C.; Hang, K.S. Whitelists Based Multiple Filtering Techniques in SCADA Sensor Networks. J. Appl. Math. 2014, 2014, 1–7. [Google Scholar] [CrossRef]
- Ochin, E.; Dobryakova, L.; Pietrzykowski, Z.; Borkowski, P. The application of cryptography and steganography in the integration of seaport security subsystems. Sci. J. Marit. Univ. Szczec. 2011, 26, 80–87. [Google Scholar]
- Ochin, E. GPS/GNSS spoofing and the real-time single-antenna-based spoofing detection system. Sci. J. Marit. Univ. Szczec. 2017, 52, 145–153. [Google Scholar]
- Kiss, I.; Genge, B.; Haller, P.; Sebestyen, G. Data clustering-based anomaly detection in industrial control systems. In Proceedings of the IEEE International Conference on Intelligent Computer Communication and Processing, Cluj-Napoca, Romania, 4–6 September 2014; pp. 275–281. [Google Scholar]
- Stone, S.; Temple, M. Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int. J. Crit. Infrastruct. Prot. 2012, 5, 66–73. [Google Scholar] [CrossRef]
- Jung, S.M.; Song, J.-G.; Kim, T.-H.; So, Y.-H.; Kim, S.-S. Design of Idle-time Measurement System for Data Spoofing Detection. J. Korea Acad.-Ind. Cooperation Soc. 2010, 11, 151–158. [Google Scholar] [CrossRef] [Green Version]
- Carcano, A.; Coletta, A.; Guglielmi, M.; Masera, M.; Fovino, I.N.; Trombetta, A.A. A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. IEEE Trans. Ind. Inform. 2011, 7, 179–186. [Google Scholar] [CrossRef]
- Liu, S.; Xing, B.; Li, B.; Gu, M.M. Ship information system: Overview and research trends. Int. J. Naval Archit. Ocean Eng. 2014, 6, 670–684. [Google Scholar] [CrossRef]
- Liu, S.; Xing, B.; Li, B. Development actuality and key technology of networked control system. In Proceedings of the 32nd Chinese Control Conference, Xi’an, China, 26–28 July 2013; pp. 6692–6697. [Google Scholar]
- Simoncic, R.; Weaver, A.C.; Cain, B.G.; Colvin, M.A. SHIPNET: A real-time local area network for ships. In Proceedings of the 1988 13th Conference on Local Computer Networks, Minneapolis, MN, USA, 10–12 October 1988; pp. 424–432. [Google Scholar]
- Andersen, S.C.; Boyle, G.G.; Kubischata, M.D.; Marshik, J.V.; Robinson, R.P. Unisys SAFENET data transfer system (layers 1–4). In Proceedings of the 15th Conference on Local Computer Networks, Minneapolis, MN, USA, 30 September–3 October 1990; pp. 343–350. [Google Scholar]
- Piętak, A.; Mikulski, M. On the adaptation of CAN BUS network for use in the ship electronic systems. Pol. Marit. Res. 2009, 16, 62–69. [Google Scholar] [CrossRef] [Green Version]
- Jurdana, I.; Tomas, V.; Ivce, R. Availability model of optical communication network for ship’s engines control. In Proceedings of the 2011 3rd International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), Budapest, Hungary, 5–7 October 2011; pp. 1–6. [Google Scholar]
- Henry, M.; Iacovelli, M.; Thatcher, J. DDG 1000 Engineering Control System (ECS). In Proceedings of the ASNE Intelligent Ship VIII Symposium, Philadelphia, PA, USA, 20–21 May 2009; pp. 12–26. [Google Scholar]
- Liu, S.; Xing, B.; Zhi, P.; Li, B. Design of semi-physical simulation platform for ship cooperative control system. In Proceeding of the 11th World Congress on Intelligent Control and Automation, Shenyang, China, 29 June–4 July 2015; pp. 5962–5966. [Google Scholar]
- Liu, S.; Chang, X.C.; Li, G.Y. Synchronous-ballistic control for a twin-rudder ship. Control Theory Appl. 2010, 12, 1631–1636. [Google Scholar]
- Xing, B.; Liu, S.; Zhu, W. Actuator channel setting strategy for ship information systems based on reachability analysis and physical characteristic. In Proceedings of the 2015 IEEE 15th International Conference on Environment and Electrical Engineering (EEEIC), Rome, Italy, 10–13 June 2015; pp. 932–937. [Google Scholar]
- Liu, S.; Xing, B.W.; Chen, X.; Zhi, P. Design of data flow for ship information system. Ship Sci. Technol. 2016, 4, 110–115. [Google Scholar]
- Liu, S.; Xing, B.; Zhu, W. A fusion Fuzzy PID controller with real-time implementation on a ship course control system. In Proceedings of the 2015 23rd Mediterranean Conference on Control and Automation (MED), Torremolinos, Spain, 16–19 June 2015; pp. 916–920. [Google Scholar]
Annotation | Notations |
---|---|
Control objective | |
Data from Sensor 3 | |
Data sent by RTU 5 according to | |
Data sent by DCU 3-1(2) according to | |
Output of Actuator 1 sampling by Sensor 1 | |
Data sent by RTU 1 according to | |
Data sent by DCU 1-1(2) according to | |
Output of Actuator 2 sampling by Sensor 2 | |
Data sent by RTU 3 according to | |
Data sent by DCU 2-1 according to | |
Data sent by DCU 2-1(2) according to | |
Control command for Actuator 1 by DCU 1-1(2) | |
Data sent by RTU 2 according to | |
Control command for Actuator 2 by DCU 2-1(2) | |
Data sent by RTU 4 according to |
Non-Attack | With-Attack | |||
---|---|---|---|---|
Mean | Variance | Mean | Variance | |
Ship rolling | 7.95 | 10.01 | ||
Fin angle | 45.71 | 54.37 | ||
Flap fin angle | 164.05 | 184.35 |
Annotation | Notations |
---|---|
DCU for ship rudders | |
DCU for ship fins | |
DCU for heading sensor | |
DCU for rolling sensor | |
Input register for rudder command | |
Input register for flap rudder command | |
Input register for fin command | |
Input register for flap fin command | |
Holding register for heading sensor | |
Holding register for rolling sensor | |
Set value of ship heading |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Xing, B.; Jiang, Y.; Liu, Y.; Cao, S. Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies 2018, 11, 3403. https://doi.org/10.3390/en11123403
Xing B, Jiang Y, Liu Y, Cao S. Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies. 2018; 11(12):3403. https://doi.org/10.3390/en11123403
Chicago/Turabian StyleXing, Bowen, Yafeng Jiang, Yuqing Liu, and Shouqi Cao. 2018. "Risk Data Analysis Based Anomaly Detection of Ship Information System" Energies 11, no. 12: 3403. https://doi.org/10.3390/en11123403
APA StyleXing, B., Jiang, Y., Liu, Y., & Cao, S. (2018). Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies, 11(12), 3403. https://doi.org/10.3390/en11123403