Nothing Special   »   [go: up one dir, main page]

Next Article in Journal
Finite Element Method Investigation and Loss Estimation of a Permanent Magnet Synchronous Generator Feeding a Non-Linear Load
Next Article in Special Issue
Renewable Energy Sources and Battery Forecasting Effects in Smart Power System Performance
Previous Article in Journal
Review of Heating Methods for Rural Houses in China
Previous Article in Special Issue
Suppression of Electron Avalanches in Ultra-Dilute SF6-N2 Mixtures Subjected to Time-Invariant Crossed Fields
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Risk Data Analysis Based Anomaly Detection of Ship Information System

College of Engineering Science and Technology, Shanghai Ocean University, Shanghai 201306, China
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Energies 2018, 11(12), 3403; https://doi.org/10.3390/en11123403
Submission received: 1 October 2018 / Revised: 23 November 2018 / Accepted: 25 November 2018 / Published: 4 December 2018

Abstract

:
Due to the vulnerability and high risk of the ship environment, the Ship Information System (SIS) should provide 24 hours of uninterrupted protection against network attacks. Therefore, the corresponding intrusion detection mechanism is proposed for this situation. Based on the collaborative control structure of SIS, this paper proposes an anomaly detection pattern based on risk data analysis. An intrusion detection method based on the critical state is proposed, and the corresponding analysis algorithm is given. In the Industrial State Modeling Language (ISML), risk data are determined by all relevant data, even in different subsystems. In order to verify the attack recognition effect of the intrusion detection mechanism, this paper takes the course/roll collaborative control task as an example to carry out simulation verification of the effectiveness of the intrusion detection mechanism.

1. Introduction

With the constant intellectualization of industrial equipment, the working performance of a Supervisory Control And Data Acquisition (SCADA) system turns out to be highly dependent on the accuracy and security of communication among the units in closed-loops [1]. However, such systems are normally intricate and fragile, and several striking examples have confirmed that even well-protected SCADA systems can be ultimately crashed [2,3,4,5,6]. Therefore, the cyber-physical security of SCADA systems will be more and more important [7], which has been described by IEEE: “In contrast to cyber security, the goal of cyber-physical security is to protect the whole cyber-physical system, which uses widespread sensing, communication and control to operate safely and reliably.” [8]. Normally, according to the different focus points, the study of cyber-physical security can be divided into defense [9,10], detection [11,12], and maintenance(including repair, reconstitution, etc.) [3,13,14]. Here, we mainly focus on the anomaly detection topic in the cyber-physical security of SCADA. Actually, several effective anomaly detection methods have already been proposed in the anomaly detection area such as system modeling [15,16,17,18,19,20] and data-based analysis [20,21,22,23,24,25], which should always accept a compromise in the modeling uncertainty and data complexity. Besides model-based and coupled data-based intrusion detection, some intrinsic properties of SCADA are considered in detection. In [26], a methodology that uses information extracted from Radio Frequency (RF) features to identify changes was proposed. Meanwhile, S.-M.Jung and J.-G. Song et al.presented an idle-time measurement system in data spoofing detection [27]. Actually, these solutions bring a new perspective to anomaly detection, and the applications for these theories are restricted more or less, which cannot be overcome. However, in [28], an innovative approach based on the concept of critical state analysis and state proximity was presented: attacks can be detected by a set of critical rules, which are formulated in the Industrial State Modeling Language (ISML). Such rules are based on all related data that are not confined to the coupled data. Therefore, the anomaly detection mode we propose in this paper is based on the risk data, which are obtained by the analysis of critical data.

2. Model Description

As a typical SCADA system, the Ship Information System (SIS) is widely used in the connection between each ship electronic system, which are spread across the whole ship. As the data in SIS are designed to be closed and inflexible, firewall updating and off-line detection are difficult to implement. Furthermore, for a ship on a long voyage, any physical or informational damage may cause an irreparable breakdown, which leads to a helpless situation.
Although different ships have different functions [29,30,31,32,33,34,35], all definitions found in the literature for SIS have one key feature in common. As shown in Figure 1, this defining feature is that SIS is composed of several independent subnetworks and a total ship communication network, which can exchange information (reference input, plant output, control input, etc.) among subnetworks and systems. The architecture of SIS is similar to each normal SCADA, which is listed in the following.

2.1. Structure

2.1.1. Components

Operational Units

Due to the different command types of the mission and situation, a supervisory control command can be released by a user through the Human Computer Interface (HCI) or SIS core. The SIS core provides a common environment hosting the majority of the ship’s applications on a redundant infrastructure, whose targeted hardware location is designed to be transparent to the applications. Some basic control commands are released by the core automatically and spontaneously, such as fire detection, anti-rolling control, etc. Meanwhile, real-time assistant decision support is also done by the core and submitted to HCI.

Distributed Controller Units

The Distributed Controller Units (DCUs) in SIS are networked and interfaced with the SIS network; their duty is to monitor and control every closed-loop system in the ship by coding predefined sequences and control algorithms.

Remote Terminal Units

The Remote Terminal Units (RTUs) in SIS serve as the interface point to DCUs and a variety of analog and digital sensors and actuators. Every RTU is connected with its closest DCU. The telemetry hardware structure of RTU has the capability of sending digital sensor data to the DCU and receiving digital commands from it.
It should be mentioned that, in order to keep the security and anti-damage capability of SIS, each RTU is connected to two DCUs simultaneously, but only one is activated during the running process; such a dual-station structure is widely used in SCADA. For each D C U i 1 , its backup DCU is denoted as D C U i 2 .

2.1.2. Networks

SIS Network

As a backbone network of the ship information system, the fundamental layering rule of the SIS network is to add maximum DCUs in the ship environment, which leads to a dual-ring network being chosen in the design of the SIS network. Every DCU is led into the SIS network proximally.

Subnetworks

As introduced in [35], numerous DCUs are connected in the SIS network; meanwhile, each of them has the responsibility for dozens of RTUs, which constitute an underlying subnetwork.
Due to the limited space, more design details and examples of implementations can be seen in [29,36].
For SIS, due to different emphases, there exist two structures of SIS, which are the cooperative control structure ( S t r C C ) and the hierarchical task structure ( S t r H T ). S t r C C is used to describe the implementation method of task control in SIS, while S t r H T is for the description of task capabilities.

2.2. Cooperative Control Structure of SIS

As the connection principle between DCU and RTU is mere proximity instead of task relation, which has reduced the difficulty of planning and laying out networks greatly, but has increased the complexity of every control process in SIS, most missions in SIS are designed to be completed by several DCUs cooperatively. For definiteness and without loss of generality, the cooperative control mode of SIS is shown in Figure 2.
As our attention in this paper is the cybersecurity issue in SCADA, to facilitate distinction, all the data in different lines are relabeled, as is listed in Table 1.
The control objective e 0 should be performed by Actuator 1 and Actuator 2 cooperatively. e s r ( k ) is the control feedback of the control objective at step k, and these data are sampled by a global sensor, Sensor 3. Here, Sensor 1 and Sensor 2 are regarded as local sensors, which are used to sample the running conditions of Actuator 1 and Actuator 2, respectively, and these data are finally received by DCU2-1(2)and DCU1-1(2). Taking DCU1-1 as an example, due to the cooperative structure with the coupling relationship with DCU2-1(2), the control output u d r 1 is determined by the preset distributed control algorithm based on e, y d 2 / 1 * , and y r d 1 . As shown in Table 1, if the data are related to a backup DCU, they would be marked with superscript “ * ”, such as e * ( k ) , y d 1 / 2 * ( k ) , y d 2 / 1 * ( k ) , etc.
In this paper, taking DCU1 for example, we propose a cooperative state space control model, which is established in Equations (1) and (2).
X ( k + 1 ) = A X ( k ) + B M σ 1 ( k ) u ^ d r 1 ( * ) ( k ) y ^ d 2 / 1 ( * ) ( k ) M ω 1 ( k ) e ( * ) ( k ) y r d 1 ( k ) y d 2 / 1 ( * ) ( k ) = C X ( k )
u d r 1 ( * ) ( k ) = F d r 1 ( u ^ d r 1 ( * ) ( k ) , y ^ d 2 / 1 ( * ) ( k ) , y d 2 / 1 ( * ) ( k ) )
where X ( k ) is the quantity of state and u ^ d r 1 ( * ) ( k ) and y ^ d 1 / 2 ( * ) ( k ) are the obtained output for Actuator 1 and 2 from numerical calculation, respectively. As DCU 1 only focuses on the control of Actuator 1, y ^ d 1 / 2 ( * ) ( k ) has no physical application, but is only used in the revision of u ^ d r 1 ( * ) ( k ) obtained by amending function F d r 1 ( * ) . Meanwhile, the communication access of D C U i at step k is denoted as M σ i ( k ) and M ω i ( k ) . As the communication between DCU and RTU belongs to a kind of multi-channel real-time mechanism, the access is granted constantly. However, the communication among DCUs and the HCI/CCIcore should follow an access specification. For example, if DCU1-1 gains access to publish data y d 1 / 2 * at step k, we have:
M ω 2 ( k ) = 0 0 0 0 1 0 0 0 1
Equation (1) provides a new model to analyze the control progress of cooperative control mode based on data, and the control output of one actuator would be corrected by the execution conditions of its collaborators. F d r 1 ( * ) can be determined by a neural network, fuzzy, or linear regression algorithm, etc, and as a representative example in [37], we propose a variable universe fuzzy algorithm to correct the deviation between two cooperative rudders.
As our research interest in this paper is cybersecurity, the transmission process of a data is worth more serious study than its solution process. The optimization of F d r 1 ( ) will be researched in the future; in this paper, we assume that each DCU in the cooperative control mode would figure out a suitable control output for the corresponding actuator, giving sufficient thought about its collaborators.
More details about communication access research can been seen in [29,36]. Ideally (without considering congestion, lost packets, electromagnetic interference, etc.), if there is no evidence of attack in this system, all data remain intact, which means there are y s r 1 = y r d 1 = y d 1 / 2 ( * ) , u d r 1 ( * ) = u r a 1 ( * ) , y s r 2 = y r d 2 = y d 2 / 1 ( * ) , u d r 2 ( * ) = u r a 2 ( * ) , and e s r = e r d = e ( * ) .

3. Signal Attack in SIS

Due to the structure analysis above, two types of attacks are proposed and researched in this paper, which are Signal Attack S A and Mode Attack M A . Ultimately, the core objective of all the attacks intruded in a SIS is to cause a risk. For an S A , it has the ability to modify a regular signal into a dangerous one, while M A can create a risky task. In this paper, our attention is mainly focused on S A .

3.1. Signal Attack Form

It should be mentioned that there are some differences between the signal attack and jamming attack. The signal attack can modify the content of the data flow, but keep the format and reachability. The data flow would be blocked by the jamming attack.
Equation (4) is a typical form of S A , which has the ability to denote almost all of inside attacks existing in SCADA except the Denial of Service (DoS) attack.
q ( k ) = f N i p ( P [ k , n ] , q ( k 1 ) , Δ p )
where P [ k , n ] is a set of input data p ( k ) , P [ k , n ] = [ p ( k ) , p ( k 1 ) , , p ( k n ) ] , q ( k ) is the output of p ( k ) modified by the attack at step k, and Δ p is a threshold of max(min)variation between p ( k i 1 ) and p ( k i ) . The subscript N i is the label of the device (including DCUs and RTUs), which is planned to handle p ( k ) .
It should be mentioned briefly that the DoS attack on a controlled closed-loop in SCADA is an attempt to make the network resource unavailable, against its requirements of reachability and observability. Based on the research results, we proposed in [38,39] that if a DCU has sent w ρ j -data in one data flow by D C U i to keep the closed-loop system Q j l j -step observable, Q j is considered to be attacked on D C U i , if for each M ω 1 ( k m ) where m [ 0 , l j 1 ] , we have M ω 1 ( k m ) w ρ j + 1 . That means the DoS attack has the ability to modify the DCU’s predefined sequences. A DoS attack on D C U i can be detected by a related D C U j or CCI, intuitively, if they fail to receive scheduled and planned data from D C U i .

3.1.1. An Example of the Signal Attack Algorithm

Based on the definition of the signal attack, an example of the insertion attack algorithm is given in Algorithm 1, which operates as follows.
Algorithm 1 Signal attack algorithm.
Require: Original input data p ( k )
 1: remark P [ k , n ] = [ p 0 , p 1 , , p n ] ;
 2: initialize P Δ = [ p Δ 0 , p Δ 1 , , p Δ n ] ;
 3: p 0 = p ( k ) ;
 4: for i = 0 to n do
 5:    p Δ i = p i p i + 1 ;
 6: end for
 7: j = i n t R N G : : u n i f o r m ( 0 , n ) ;
 8: p ˜ = p j ;
 9: if p ( k ) > p ( k 1 ) then
10:   Δ p = m a x P Δ ;
11:   r = f l o a t R N G : : u n i f o r m ( 0 , Δ p ) ;
12: else
13:   Δ p = m i n P Δ ;
14:   r = f l o a t R N G : : u n i f o r m ( Δ p , 0 ) ;
15: end if;
16: p ^ ( k ) = p ˜ + r ;
17: Δ p = a b s ( Δ p ) ;
18: q ( k ) = m i n ( q ( k 1 ) + Δ p , m a x ( p ^ ( k ) , q ( k 1 ) Δ p ) ) ;
19: for i = n to 1 do
20:   q ( n ) = q ( n 1 ) ;
21: end for
22: q ( k 1 ) = q ( k ) ;
23: return q ( k ) ;
It takes as input original input data p ( k ) . Line 1 of the algorithm denotes each element in set P [ k , n ] as [ p 0 , p 1 , , p n ] . After that, a set P Δ = [ p Δ 0 , p Δ 1 , , p Δ n ] is initialized in Line 2 to store the variation between each p i and p i + 1 (Lines 4–6). Basic modified data are stated by choosing data in P [ k , n ] (Lines 7–8) randomly. Here, R N G : : u n i f o r m ( a , b ) is a typical way to select a uniformly-distributed random number, which is from the range [ a , b ) by using the MWCalgorithm. In addition, from Lines 9–16, a further modification is executed to confuse the IDSaimed at replay attack. The addition value denoted as r is based on the maximum or minimum of P Δ , which is determined by the numerical relationship between p ( k ) and p ( k 1 ) . Lines 11 and 14 can keep r from the IDS based on data. What is more, the detection by the threshold would also be invalid by the restraint in Line 18. The output of the insertion attack algorithm is given in Line 23.

3.1.2. The Form of the Hazard Factor-Based Signal Attack

According to the form of the basic signal attack, in order to find the balance between the hazard and invisibility requirements of signal attack, a new type of signal attack is presented in this paper. This has an additional parameter named hazard factor (denoted as η i ). For the given original data signal p i ( k ) and the corresponding typical signal attack q i ( k ) , we have:
q i H A Z ( k ) = p i ( k ) + η i [ q i ( k ) p i ( k ) ]
where q i H A Z ( k ) is the output of the hazard factor-based signal attack. According to the different values of η i , q i H A Z ( k ) can be further classified as:
q i H A Z ( k ) = p i ( k ) ; if we have η i = 0 , the signal attack does not exist;
q i H A Z ( k ) is the lower hazard, if η i ( 0 , 1 ) ;
q i H A Z ( k ) is equivalent to q i ( k ) , if η i = 1 ;
q i H A Z ( k ) would be the higher hazard, if η i ( 1 , η i max ) , and here, η i max is the maximum allowed hazard factor of q i H A Z ( k ) , which can be hidden from the IDS.

3.1.3. Signal Attack Zone

As shown in Figure 2, according to the refined model of SIS, there exist several point-to-point communication lines that make up a closed-loop system. The insertion attack may happen in any node between two lines. Here, we defined each probable attack zone in a cooperative SCADA, which are listed as follows.

Attack on Local Sensor Data

A local sensor is used to sample the running status of one actuator, which is activated by the cooperative control mission. Normally, for local sensor data (Sensor 1 as an example), without being attacked, we have y s r 1 = y r d 1 = y d 1 / 2 ( * ) . Such data may be attacked on RTU1, which leads to y r d 1 y s r 1 or y d 1 / 2 ( * ) y r d 1 if DCU1-1(2) is attacked.

Attack on Global Sensor Data

As shown in Figure 2, for the global Sensor 3, in an ideal case, we have e s r = e r d = e ( * ) . An insertion attack may tamper with the data as a result of e r d e s r or e ( * ) e r d if the attack is embedded in RTU3 or DCU3-1(2).

Attack on Actuator Control Data

Finally, an actuator also can be attacked in SCADA by causing an undetected misoperation u r a 1 ( * ) u d r 1 ( * ) in RTU2. Meanwhile, if the calculational result of the control algorithm in DCU1-1(1) is attacked, u d r 1 ( * ) would be an incorrect output, which means u d r 1 ( * ) u ^ ( * ) , where u ^ ( * ) is denoted as the calculational result.

4. Critical State Analysis

4.1. Critical State Estimation

In this paper, the Critical State Estimation (CSE) algorithm we propose is based on the Industrial State Modeling Language (ISML), which was first proposed by A. Carcano et al. in [28]. The rules in the ISML are formulized as c o n d i t i o n a c t i o n where c o n d i t i o n is a Boolean formula composed of several predicates, which are used to indicate the values that are assumed by critical components. The definition of ISML is listed in the following.
r u l e : : = c o n d i t i o n a c t i o n : l t a c t i o n : : = A l e r t | L o g l t : : = 1 | | 5 c o n d i t i o n : : = p r e d i c a t e | p r e d i c a t e , c o n d i t i o n o b j e c t b i n : : = D C U I D . b i n c o m p . i n d e x o b j e c t : : = D C U I D . c o m p . i n d e x p r e d i c a t e : : = o b j e c t . r e l v a l | o b j e c t b i n . b i n r e l b i n v a l I D : : = I P a d d r e s s : P o r t v a l : : = 0 | | 2 16 1 c o m p : : = H R | I R i n d e x : : = 0 | | 2 16 1 b i n r e l : : = = | r e l : : = | | < | > | = | b i n c o m p : : = C O | D I b i n v a l : : = 0 | 1
where c o m p is a register; Discrete Input, Coli, Input Register, and Holding Register are denoted as D I , C O , I R , H R , respectively. The ISML is used to describe a particular class of system states called critical states that correspond to dangerous or unwanted situations in SIS. Here, the risk level of each state is reversed by its confidence. The risk level l t is considered to be in the critical state, where a value of one means low risk, while five is a surely dangerous critical state of SIS. Here, o b j e c t | o b j e c t b i n denotes one kind of data in SIS, and o b j e c t : c o n d i t i o n A l e r t : l t : : = r e l v a l means the critical state value ( r e l v a l ) of o b j e c t when the risk level reaches l t by c o n d i t i o n , for example if such a rule is set in SIS:
D C U [ 10 . 0 . 0 . 001 : 502 ] . H R [ 1 ] > 3000 D C U [ 10 . 0 . 0 . 002 : 502 ] . I R [ 2 ] > 2500 A l e r t : 5
We have D C U [ 10 . 0 . 0 . 002 : 502 ] . I R [ 2 ] : D C U [ 10 . 0 . 0 . 001 : 502 ] . H R [ 1 ] > 3000 A l e r t : 5 : : = > 2500 , which means for D C U [ 10 . 0 . 0 . 002 : 502 ] . I R [ 2 ] , the critical state value is >2500 (with risk of l t = 5 ), when its related data D C U [ 10 . 0 . 0 . 001 : 502 ] . H R [ 1 ] > 3000 .
Therefore, the anomaly detection and critical state estimation algorithm is given in Algorithm 2, which operates as follows.
Algorithm 2 Critical state estimation algorithm.
Require: y i ( k ) , p i ( R T level of y i ( k ) ), y i ( k ) -related rule set R [ y i ] , R [ y i ] -related dataset y i ( k )
 1: reorder and remark R [ y i ] = R 1 [ 1 ] , R 1 [ 2 ] , · · · , R 1 [ m 1 ] , R 2 [ 1 ] , R 2 [ 2 ] , · · · , R 2 [ m 2 ] , · · · , R 5 [ m 5 ] ;
 2: for p = p i to 5 do
 3:   for q = 1 to m p do
 4:    Initialize interval I p = [ y i m i n , y i m a x ]
 5:    remark the R p [ q ] -related subset of y i ( k ) as y i p q ( k ) ;
 6:    Set subinterval I p q = Q r e l p q v a l p q = Q y i : y i p q ( k ) A l e r t : p
 7:     y i p q s u p ( k ) = s u p { I p q }
 8:     y i p q i n f ( k ) = i n f { I p q }
 9:    Set interval I p = I p I p q
10:    y i p s u p ( k ) = s u p { I p }
11:    y i p i n f ( k ) = i n f { I p }
12:   if y i p q s u p ( k ) = y i p s u p ( k ) then
13:     y i p s s u p ( k ) = y i p q ( k ) ;
14:   end if;
15:   if y i p q i n f ( k ) = y i p i n f ( k ) then
16:     y i p s i n f ( k ) = y i p q ( k ) ;
17:   end if;
18:   if y i p q s u p ( k ) = y i m a x then
19:     y i p s s u p ( k ) = n u l l ;
20:   end if;
21:   if y i p q i n f ( k ) = y i m i n then
22:     y i p s i n f ( k ) = n u l l ;
23:   end if;
24:  end for
25:  if I p = or y i ( k ) I p then
26:    y i ( k ) is beyond p-level risk;
27:  else
28:    y i ( k ) is p-level non-risk;
29:  end if;
30: end for
31: return y i sd ( k ) = [ y i 5 i n f ( k ) , y i 5 s u p ( k ) , y i 4 i n f ( k ) , y i 4 s u p ( k ) , , y i p i i n f ( k ) , y i p i s u p ( k ) ] and y i ps ( k ) = [ y i p i s s u p ( k ) , y i p i s i n f ( k ) ]
It takes as input original input data y i ( k ) , where the physical meaning of y i is determined by its o b j e c t ; meanwhile, the y i ( k ) -related rule set R [ y i ] is needed, as well. According to R [ y i ] , all related o b j e c t s are necessary and stored in dataset y i ( k ) . It should be mentioned that y i ( k ) is not equivalent to the set of all y i ( k ) coupling data. Line 1 of the algorithm restores each rule of R [ y i ] by its risk level and denotes these rules as R p [ q ] where p is the risk level. Lines 2–30 show the critical state estimation method, for each rule R p [ q ] and its related dataset y i p q ( k ) ; a critical state of y i is determined. Line 6 creates a safe subinterval for y i under rule R p [ q ] , and the interval is shrunk during each loop computation in Line 9. Lines 10–11 show the upper and lower bound of I p , denoted as y i p s u p ( k ) and y i p i n f ( k ) , respectively. Lines 12–23 show the way to find the determinant factors (denoted as y i p s s u p and y i p s i n f ), which leads to y i ( k ) being risk data or not. Lines 25–29 shows the anomaly detection method, if y i ( k ) I p , y i ( k ) is the p level risk of non-arrival or it is called beyond the p level risk. Due to the different importance of each y i ( k ) , its Risk Tolerance R T is different. For four-level R T data y i ( k ) , if the judgment result is beyond four levels of risk, y i ( k ) is anomalous data. Line 31 returns all upper and lower bounds of each risk level for y i ( k ) , which is y i s d ( k ) = [ y i 5 i n f ( k ) , y i 4 i n f ( k ) , y i 3 i n f ( k ) , y i 2 i n f ( k ) , y i 1 i n f ( k ) , y i 1 s u p ( k ) , y i 2 s u p ( k ) , y i 3 s u p ( k ) , y i 4 s u p ( k ) , y i 5 s u p ( k ) ] . Meanwhile, the the determinant factors (denoted as y i p s s u p and y i p s i n f ) are uploaded, as well.

4.2. Bi-Critical Data Analysis

According to Algorithm 2, such data, the value of which is beyond the critical state, are determined; however, there exists the possibility that one normal datum is miscalculated, caused by a related datum, which is actually anomalous. Here, we propose the definition of bi-critical data to identify the true abnormal data from two related data.
Definition 1 (Bi-critical Data B D ): Two critical data p a R T , data y a ( k ) , and p b R T , data y b ( k ) , in SIS are regarded as a pair of B D , if y b ( k ) y a p a s ( k ) or y a ( k ) y b p b s ( k ) .
According to Definition 1, a further analysis of critical state discrimination is proposed in Algorithm 3. Here, we assume that y b ( k ) y a p a s ( k ) .
Algorithm 3 Critical data discrimination algorithm for a pair of B D .
Require: y a ( k ) , y b ( k ) , y b ( k 1 ) , p a , y a ( k ) -related rule set R [ y a ] , R [ y a ] -related dataset y a ( k )
 initialize a R [ y a ] -related dataset y a / b ( k ) , which includes every type of data belong to y a ( k ) , except y b ( k )
 initialize a y a ( k ) -related, but y b ( k ) non-related rule set R [ y a / b ]
 choose y a ( k ) , p a , R [ y a / b ] , y a / b ( k ) as inputs, and run Algorithm 2
if the result of Algorithm 2 shows that y a ( k ) is beyond p a -level risk then
  return y a ( k ) is a definitely beyond p a -level risk ( D R D )
else
  reset y b ( k ) = y b ( k 1 )
  choose y a ( k ) , p a , R [ y a ] , y b ( k ) as inputs, and rerun Algorithm 2
  if the result of Algorithm 2 shows that y a ( k ) is beyond p a -level risk data then
   return y a ( k ) is definitely beyond p a -level risk data ( D R D )
  else
   return y a ( k ) is potentially beyond p a -level risk data ( P R D )
  end if
end if
Here, in Algorithm 3, we propose a two-layer discrimination mode. It takes as input original input data y a ( k ) , y b ( k ) , p a , y a ( k ) -related rule set R [ y a ] , and R [ y a ] -related dataset y a ( k ) . In Lines 2–3, two subsets of y a ( k ) and R [ y a ] , which exclude the factor of y b ( k ) , are denoted as y a / b ( k ) and R [ y a / b ] , respectively. In Line 4, Algorithm 2 is called to calculate the critical data situation of y a ( k ) without considering the existence of y b ( k ) . If the result shows that y a ( k ) is still a beyond p a -level risk, that means y a ( k ) is Definitely Risk Data ( D R D ) whatever the value of y b ( k ) . If y a ( k ) is a p a -level non-risk by the analysis based on Algorithm 2, further discrimination is presented in Lines 7–13. As the data sampling mode of SIS is based on the zero-order holder (ZOH), here we treat y b ( k ) as unadopted data and reset y b ’s value at step k as y b ( k 1 ) . Then, Algorithm 2 is called again at Line 8. If y a ( k ) is still a p a -level risk, it means y a ( k ) is a D R D , while y b is a core determinant of y a ( k ) ’s riskiness. If y a ( k ) is not a p a -level risk according to the modified result of y b ( k ) , such a possibility should exist that y a ( k ) is non-risk data, but it should be marked in a miscalculation caused by the risk data y b ( k ) . Due to the nondeterminacy of risk level, this kind of y a ( k ) is named as Potentially Beyond p a -level risk Data ( P R D ). In this paper, due to the uncertainty of the risk level, a D R D issue in SIS would be considered as a higher priority than a P R D .

5. Simulation

5.1. Modeling of the Ship Cooperative Motion Control System

Due to the complexity of ship motion, it has six Degrees Of Freedom (DOF) as a general rule, which can be described as u (surge velocity), v (sway velocity), w (heave velocity), r (yaw rate), p (rolling rate), and q (pitching rate). In this paper, we mainly focus on three motions: ship surging, ship heading, and ship rolling, and the ship motion model we chose in this paper is in Equation (7).
X = m [ u ˙ v r + w q x G ( q 2 + r 2 ) + y G ( p q r ˙ ) + z G ( p r + q ˙ ) ] N = J z x p ˙ + J y z q ˙ + J z r ˙ + ( J x y p + J y q + J y z r ) p ( J x p + J x y q + J z x r ) q + m [ x G ( v ˙ + u r w p ) + y G ( u ˙ v p + u q ) ] K = J x p ˙ + J x y q ˙ + J z z r ˙ + ( J z x p + J z y q + J z r ) q ( J x y p + J y q + J y z r ) r + m [ y G ( w ˙ + v p u q ) + z G ( v ˙ u r + w p ) ]
where m is the mass of the ship and p ˙ , q ˙ , r ˙ are respectively denoted as the rolling, pitching, and yawing angular acceleration. R G = ( x G y G z G ) T is the coordinates of the position vector about the center of the ship’s gravity in the moving coordinate system. X , N , and K are respectively denoted as the longitudinal force, heading resultant moment, and rolling resultant moment. J is the inertia matrix of the ship, when the origin of the coordinate system is not the center of the ship’s gravity, as Equation (8) shows.
J = J x J x y J z x J y x J y J y z J z x J z y J z
As the system is constituted by two rudders, two propellers, and a pair of fins, the compositions of X , N , and K are shown in Equation (9):
X = X I + X H + X R P + X L P + X R R + X L R + X F + X D N = N I + N H + N R P + N L P + N R R + N L R + N F + N D K = K I + K H + K R P + K L P + K R R + K L R + K F + K D
where I , H , R P , L P , R R , L R , R F , F , D are respectively denoted as fluid inertia, fluid viscosity, right propeller, left propeller, right rudder, left rudder, fins, and disturbances. As is shown, every plant working in the system has the ability to change the ship’s surging, heading, and rolling more or less, which depends on the moment it produced in different DOF. This behavior increases the importance of cooperative control algorithms, which means we also need a real-time communication environment.
Of many possible external disturbances acting on the ship motion process, the waves are the most important external disturbances and dominantly influence the control performance. As the wave disturbance can be treated as a typical stationary random process satisfying a Gaussian distribution, the spectrum of the random ocean wave is given in Equation (10):
S ξ ( ω e ) = S ξ ( ω ) 1 2 ω 2 ω g g V cos μ
where P-Mspectrum S ξ ( ω ) is chosen as the initial spectrum, V is the ship speed, and μ is the wave angle.
Therefore, the interfering moment of wave disturbance N w a v e can be determined as:
N w a v e = i = 1 M R 1 [ B m 2 sin R 2 ( R 3 cos R 3 sin R 3 ) B m 2 sin R 2 ( R 3 cos R 3 sin R 3 ) R 3 2 R 3 2 L 2 sin R 3 ( R 2 cos R 2 sin R 2 ) L 2 sin R 3 ( R 2 cos R 2 sin R 2 ) R 2 2 R 2 2 ] × ζ a i cos ( ω e i t + ε n i )
where R 1 = ρ g ( 1 e k 1 d m ) ρ g ( 1 e k 1 d m ) k 1 k 1 , R 2 = ( k 1 L L 2 2 ) cos μ e , R 3 = ( k 1 B m B m 2 2 ) sin μ e , ζ a i is the amplitude of each harmonic, M is the number of energy partitions, B m is the beam, L is the length, and d m is the average draft.
In this paper, the ship chosen in the simulation has a displacement of 2500 tons, and we have B m = 14 , L m = 115 , d m = 3 . 8 .
According to the wave disturbance model above, in such conditions in which significant wave height is four meters and the wave angle is 30 , the force and moment of sea wave disturbance are shown in Figure 3.
In addition, Figure 4 shows the heading and rolling angles of the ship without any control commands under wave disturbance. The test platform in this paper is based on a semi-physical simulation platform, which was introduced in [36].

5.2. Influence of Signal Attack in SCMCS

Under the simulation results of ship dynamics, in this subsection, the influence of signal attack in the Ship Cooperative Motion Control System (SCMCS) is researched and analyzed. In order to establish the closed loop, the distributed collaborative control algorithm of ship heading and rolling we adopt here is based on a PID-fuzzy fusion control law, which was proposed in [40]. This fuzzy PID fusion controller was designed through continuous updating of its output scaling factor. Instead of using a unitary fuzzy or PID algorithm, the fusion weighted summation rule bases are used in parallel, which improved the performance of the proposed fuzzy PID controllers compared to others. The fusion FPID parameter is calculated as:
u = i = 1 n α i × u i
where u i is the output by each control algorithm (the fuzzy controller and PID controller are treated as subprograms of the fusion algorithm), α i is the fusion factor of each subprograms, and n is the number of total subprograms in a fusion algorithm; normally, there are n = 2 . In this paper, the fusion factor is chosen as:
α i = 1 e x p u i u i i = 1 n u i i = 1 n u i × 1 n × ( 1 e x p ( 1 / n ) )
Due to the space limitation, the working principle and application effect of this algorithm will not be introduced in this paper. The simulation results of ship heading and rolling based on this control algorithm are shown by dotted lines in Figure 5A,B, respectively. Meanwhile the solid line in Figure 5A,B depicts the heading and rolling output of the ship while the signal attack acted on the heading data signal. Here, the signal attack first happened at 80 seconds, and we have η i = 0 . 5 . In addition, the operation states of main (flap) rudder and main (flap) fin are shown by solid (dotted) lines in Figure 5C,D, respectively. Due to the coupling relationship between ship heading and rolling, the manipulation of heading sensor data can also change the effect of the rolling control system, and the mathematical statistics results are listed in Table 2.

5.3. Anomaly Detection Analysis of SCMCS

In this paper, based on the running effect in the semi-physical simulation platform, which was introduced in [36], the risk data rule is set as follows:
R u l e 1 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 8 A l e r t : 5 : : = > 10
R u l e 2 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 8 A l e r t : 4 : : = > 8
R u l e 3 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 6 A l e r t : 3 : : = > 6 . 5
R u l e 4 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 6 A l e r t : 2 : : = > 4
R u l e 5 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 1 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 8 A l e r t : 5 : : = > 2
R u l e 6 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 1 ] : D C U [ 10 . 0 . 0 . 004 : 502 ] . H R [ 1 ] < 6 A l e r t : 4 : : = > 1
R u l e 7 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 1 ] : E 0 D C U [ 10 . 0 . 0 . 003 : 502 ] . H R [ 1 ] < 8 A l e r t : 3 : : = > 2
R u l e 8 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 1 ] : E 0 D C U [ 10 . 0 . 0 . 003 : 502 ] . H R [ 1 ] < 5 A l e r t : 4 : : = > 2
R u l e 9 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : E 0 D C U [ 10 . 0 . 0 . 003 : 502 ] . H R [ 1 ] < 5 A l e r t : 4 : : = > 15
R u l e 10 : D C U [ 10 . 0 . 0 . 001 : 502 ] . I R [ 2 ] : E 0 D C U [ 10 . 0 . 0 . 003 : 502 ] . H R [ 1 ] < 8 A l e r t : 5 : : = > 15
The notations of each rule are listed in Table 3.
Here, we assume that the Risk Tolerance of SCMCS in SIS is 4, which means only Rule 1, 2, 5, 6, 8, 9 and 10 need to be taken into account. And these rules are used to limit the data in D C U [ 10 . 0 . 0 . 001 : 502 ] I R [ 1 ] and D C U [ 10 . 0 . 0 . 001 : 502 ] I R [ 2 ] . As shown in in Figure 6, according to Algorithm 3, the abnormal data of ship rudder and flap rudder are first detected at 81.7 s and 80.4 s, respectively.

6. Discussions and Conclusions

In this paper, the basic structure of the ship information system and its typical cooperative control mode were formulated. According to such structure, a signal attack detection method was proposed. Under the consideration of coupling data flow, we improved the Critical State Estimation (CSE) algorithm proposed in [28] by setting new sentence patterns of the Industrial State Modeling Language (ISML). Therefore, such risk data can be determined by the related data and a set of predefined rules. The simulation result shows that wherever the data are attacked by the signal attack in the cooperative control loop, this can always be detected. We have to point out that we did not focus on the prevention of signal attack in the paper. For now, waking up a related spare DCU is the typical reconstitution strategy when the signal attack is detected. More intelligent solutions can be researched in the future.

Author Contributions

B.X. conceived of and designed the experiments; S.C. performed the experiments; Y.J. and Y.L. analyzed the data; S.C. contributed analysis tools; B.X. wrote the paper.

Funding

This paper is sponsored by the Shanghai Sailing Program (No. 18YF1409900) and the Shanghai Innovation Action Plan (No. 17050502000).

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Mo, Y.; Kim, H.J.; Brancik, K.; Dickinson, D.; Lee, H.; Perrig, A.; Sinopoli, B. Cyber–Physical Security of a Smart Grid Infrastructure. Proc. IEEE 2011, 100, 195–209. [Google Scholar]
  2. Slay, J.; Miller, M. Lessons Learned from the Maroochy Water Breach. Int. Fed. Inf. Process. 2007, 253, 73–82. [Google Scholar]
  3. Abrams, M.D. Malicious Control System Cyber Security Attack Case Study–Maroochy Water Services, Australia. In Proceedings of the Annual Computer Security Applications Conference, Anaheim, CA, USA, 8–12 December 2008; Volume 253, pp. 73–82. [Google Scholar]
  4. Nicholson, A.; Webber, S.; Dyer, S.; Patel, T.; Janicke, H. SCADA security in the light of Cyber-Warfare. Comput. Secur. 2012, 31, 418–436. [Google Scholar] [CrossRef]
  5. Langner, R. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Secur. Priv. 2011, 9, 49–51. [Google Scholar] [CrossRef]
  6. Ten, C.W.; Liu, C.C.; Manimaran, G. Vulnerability Assessment of Cyber Security for SCADA Systems. IEEE Trans. Power Syst. 2008, 23, 1836–1846. [Google Scholar] [CrossRef]
  7. Knijff, R.M.V.D. Control Systems/SCADA Forensics, What’s the Difference? Digit. Investig. 2014, 11, 160–174. [Google Scholar] [CrossRef]
  8. Nate Kube.Cyberphysical Security: The Next Frontier. Available online: http://www.securityweek.com/cyberphysical-security- next-frontier (accessed on 23 March 2015).
  9. Pollet, J. Developing a solid SCADA security strategy. In Proceedings of the 2nd ISA/IEEE Sensors for Industry Conference, Houston, TX, USA, 19–21 November 2002; pp. 148–156. [Google Scholar]
  10. Ten, C.W.; Manimaran, G.; Liu, C.C. Cybersecurity for Critical Infrastructures: Attack and Defense Modeling. IEEE Trans. Syst. Man. Cybern. Part A. Syst. Hum. 2010, 40, 853–865. [Google Scholar] [CrossRef] [Green Version]
  11. Barbosa, R.R.R.; Pras, A. Intrusion Detection in SCADA Networks. In Mechanisms for Autonomous Management of Networks and Services; Springer: Berlin/Heidelberg, Germany, 2010; pp. 163–166. [Google Scholar]
  12. Cardenas, A.; Amin, S.; Sastry, S. Attacks against process control systems: Risk assessment, detection, and response. In Proceedings of the ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 22–24 March 2011; pp. 355–366. [Google Scholar]
  13. Cárdenas, A.A.; Amin, S.; Sinopoli, B.; Giani, A.; Perrig, A.; Sastry, S. Challenges for Securing Cyber Physical Systems. In Proceedings of the First Workshop on Cyber-physical Systems Security, Stockholm, Sweden, 12–16 April 2010; pp. 363–369. [Google Scholar]
  14. Wilson, D.C.; Pala, O.; Tolone, W.J. Recommendation-based geovisualization support for reconstitution in critical infrastructure protection. Proc. SPIE 2009, 7346. [Google Scholar] [CrossRef]
  15. Zhou, C.; Huang, S.; Xiong, N.; Yang, S.H. Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation. IEEE Trans. Syst. Man Cybern. Syst. 2015, 45, 1345–1360. [Google Scholar] [CrossRef]
  16. Svendsen, N.; Wolthusen, S. Modeling and Detecting Anomalies in Scada Systems. Int. Fed. Inf. Process. 2008, 290, 101–113. [Google Scholar]
  17. Ntalampiras, S. Detection of Integrity Attacks in Cyber-Physical Critical Infrastructures Using Ensemble Modeling. IEEE Trans. Ind. Inform. 2015, 11, 104–111. [Google Scholar] [CrossRef]
  18. Goldenberg, N.; Wool, A. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 2013, 6, 63–75. [Google Scholar] [CrossRef]
  19. Svendsen, N.; Wolthusen, S. Using Physical Models for Anomaly Detection in Control Systems. In Critical Infrastructure Protection III; Springer: Berlin/Heidelberg, Germany, 2009; pp. 139–149. [Google Scholar]
  20. Kumarage, H.; Khalil, I.; Tari, Z.; Zomaya, A. Distributed anomaly detection for industrial wireless sensor networks based on fuzzy data modelling. J. Parallel Distrib. Comput. 2013, 73, 790–806. [Google Scholar] [CrossRef]
  21. Hadžiosmanović, D.; Bolzoni, D.; Hartel, P.H. A log mining approach for process monitoring in SCADA. Int. J. Inform. Secur. 2012, 11, 231–251. [Google Scholar] [CrossRef] [Green Version]
  22. Kang, D.H.; Kim, B.K.; Na, J.C.; Hang, K.S. Whitelists Based Multiple Filtering Techniques in SCADA Sensor Networks. J. Appl. Math. 2014, 2014, 1–7. [Google Scholar] [CrossRef]
  23. Ochin, E.; Dobryakova, L.; Pietrzykowski, Z.; Borkowski, P. The application of cryptography and steganography in the integration of seaport security subsystems. Sci. J. Marit. Univ. Szczec. 2011, 26, 80–87. [Google Scholar]
  24. Ochin, E. GPS/GNSS spoofing and the real-time single-antenna-based spoofing detection system. Sci. J. Marit. Univ. Szczec. 2017, 52, 145–153. [Google Scholar]
  25. Kiss, I.; Genge, B.; Haller, P.; Sebestyen, G. Data clustering-based anomaly detection in industrial control systems. In Proceedings of the IEEE International Conference on Intelligent Computer Communication and Processing, Cluj-Napoca, Romania, 4–6 September 2014; pp. 275–281. [Google Scholar]
  26. Stone, S.; Temple, M. Radio-frequency-based anomaly detection for programmable logic controllers in the critical infrastructure. Int. J. Crit. Infrastruct. Prot. 2012, 5, 66–73. [Google Scholar] [CrossRef]
  27. Jung, S.M.; Song, J.-G.; Kim, T.-H.; So, Y.-H.; Kim, S.-S. Design of Idle-time Measurement System for Data Spoofing Detection. J. Korea Acad.-Ind. Cooperation Soc. 2010, 11, 151–158. [Google Scholar] [CrossRef] [Green Version]
  28. Carcano, A.; Coletta, A.; Guglielmi, M.; Masera, M.; Fovino, I.N.; Trombetta, A.A. A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. IEEE Trans. Ind. Inform. 2011, 7, 179–186. [Google Scholar] [CrossRef]
  29. Liu, S.; Xing, B.; Li, B.; Gu, M.M. Ship information system: Overview and research trends. Int. J. Naval Archit. Ocean Eng. 2014, 6, 670–684. [Google Scholar] [CrossRef]
  30. Liu, S.; Xing, B.; Li, B. Development actuality and key technology of networked control system. In Proceedings of the 32nd Chinese Control Conference, Xi’an, China, 26–28 July 2013; pp. 6692–6697. [Google Scholar]
  31. Simoncic, R.; Weaver, A.C.; Cain, B.G.; Colvin, M.A. SHIPNET: A real-time local area network for ships. In Proceedings of the 1988 13th Conference on Local Computer Networks, Minneapolis, MN, USA, 10–12 October 1988; pp. 424–432. [Google Scholar]
  32. Andersen, S.C.; Boyle, G.G.; Kubischata, M.D.; Marshik, J.V.; Robinson, R.P. Unisys SAFENET data transfer system (layers 1–4). In Proceedings of the 15th Conference on Local Computer Networks, Minneapolis, MN, USA, 30 September–3 October 1990; pp. 343–350. [Google Scholar]
  33. Piętak, A.; Mikulski, M. On the adaptation of CAN BUS network for use in the ship electronic systems. Pol. Marit. Res. 2009, 16, 62–69. [Google Scholar] [CrossRef] [Green Version]
  34. Jurdana, I.; Tomas, V.; Ivce, R. Availability model of optical communication network for ship’s engines control. In Proceedings of the 2011 3rd International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), Budapest, Hungary, 5–7 October 2011; pp. 1–6. [Google Scholar]
  35. Henry, M.; Iacovelli, M.; Thatcher, J. DDG 1000 Engineering Control System (ECS). In Proceedings of the ASNE Intelligent Ship VIII Symposium, Philadelphia, PA, USA, 20–21 May 2009; pp. 12–26. [Google Scholar]
  36. Liu, S.; Xing, B.; Zhi, P.; Li, B. Design of semi-physical simulation platform for ship cooperative control system. In Proceeding of the 11th World Congress on Intelligent Control and Automation, Shenyang, China, 29 June–4 July 2015; pp. 5962–5966. [Google Scholar]
  37. Liu, S.; Chang, X.C.; Li, G.Y. Synchronous-ballistic control for a twin-rudder ship. Control Theory Appl. 2010, 12, 1631–1636. [Google Scholar]
  38. Xing, B.; Liu, S.; Zhu, W. Actuator channel setting strategy for ship information systems based on reachability analysis and physical characteristic. In Proceedings of the 2015 IEEE 15th International Conference on Environment and Electrical Engineering (EEEIC), Rome, Italy, 10–13 June 2015; pp. 932–937. [Google Scholar]
  39. Liu, S.; Xing, B.W.; Chen, X.; Zhi, P. Design of data flow for ship information system. Ship Sci. Technol. 2016, 4, 110–115. [Google Scholar]
  40. Liu, S.; Xing, B.; Zhu, W. A fusion Fuzzy PID controller with real-time implementation on a ship course control system. In Proceedings of the 2015 23rd Mediterranean Conference on Control and Automation (MED), Torremolinos, Spain, 16–19 June 2015; pp. 916–920. [Google Scholar]
Figure 1. Interactions of a Ship Information System (SIS). DCU, Distributed Controller Unit; RTU, Remote Terminal Unit.
Figure 1. Interactions of a Ship Information System (SIS). DCU, Distributed Controller Unit; RTU, Remote Terminal Unit.
Energies 11 03403 g001
Figure 2. Cooperative control mode of SIS.
Figure 2. Cooperative control mode of SIS.
Energies 11 03403 g002
Figure 3. Force and moment of sea wave disturbance at 30 .
Figure 3. Force and moment of sea wave disturbance at 30 .
Energies 11 03403 g003
Figure 4. Heading (A) and rolling (B) angles of the ship without control commands.
Figure 4. Heading (A) and rolling (B) angles of the ship without control commands.
Energies 11 03403 g004
Figure 5. Cooperative control effects of ship heading and rolling under signal attack. The simulation results of ship heading and rolling based on this control algorithm are shown by dotted lines in Figure A,B, respectively. Meanwhile the solid line in (A,B) depicts the heading and rolling output of the ship while the signal attack acted on the heading data signal. Here, the signal attack first happened at 80 s, and we have hi = 0.5. In addition, the operation states of main (flap) rudder and main (flap) fin are shown by solid (dotted) lines in (C,D), respectively.
Figure 5. Cooperative control effects of ship heading and rolling under signal attack. The simulation results of ship heading and rolling based on this control algorithm are shown by dotted lines in Figure A,B, respectively. Meanwhile the solid line in (A,B) depicts the heading and rolling output of the ship while the signal attack acted on the heading data signal. Here, the signal attack first happened at 80 s, and we have hi = 0.5. In addition, the operation states of main (flap) rudder and main (flap) fin are shown by solid (dotted) lines in (C,D), respectively.
Energies 11 03403 g005
Figure 6. Data abnormalities of rudder and flap rudder. In (A,B), the abnormal data of ship rudder and flap rudder are first detected at 81.7 s and 80.4 s by Algorithm respectively.
Figure 6. Data abnormalities of rudder and flap rudder. In (A,B), the abnormal data of ship rudder and flap rudder are first detected at 81.7 s and 80.4 s by Algorithm respectively.
Energies 11 03403 g006
Table 1. Notations of Figure 2.
Table 1. Notations of Figure 2.
AnnotationNotations
e 0 Control objective
e s r ( k ) Data from Sensor 3
e r d ( k ) Data sent by RTU 5 according to e s r ( k )
e ( * ) ( k ) Data sent by DCU 3-1(2) according to e r d ( k )
y s r 1 ( k ) Output of Actuator 1 sampling by Sensor 1
y r d 1 ( k ) Data sent by RTU 1 according to y s r 1 ( k )
y d 1 / 2 ( * ) ( k ) Data sent by DCU 1-1(2) according to y r d 1 ( k )
y s r 2 ( k ) Output of Actuator 2 sampling by Sensor 2
y r d 2 ( k ) Data sent by RTU 3 according to y s r 2 ( k )
y d 2 / 1 ( k ) Data sent by DCU 2-1 according to y r d 2 ( k )
y d 2 / 1 ( * ) ( k ) Data sent by DCU 2-1(2) according to y r d 2 ( k )
u d r 1 ( * ) ( k ) Control command for Actuator 1 by DCU 1-1(2)
u r a 1 ( * ) ( k ) Data sent by RTU 2 according to u d r 1 ( * ) ( k )
u d r 2 ( * ) ( k ) Control command for Actuator 2 by DCU 2-1(2)
u r a 2 ( * ) ( k ) Data sent by RTU 4 according to u d r 2 ( * ) ( k )
Table 2. Influence of rolling mission by heading signal attack.
Table 2. Influence of rolling mission by heading signal attack.
Non-AttackWith-Attack
MeanVarianceMeanVariance
Ship rolling 0 . 019 7.95 0 . 040 10.01
Fin angle 0 . 165 45.71 0 . 181 54.37
Flap fin angle 0 . 771 164.05 1 . 12 184.35
Table 3. Notations of rules.
Table 3. Notations of rules.
AnnotationNotations
D C U [ 10 . 0 . 0 . 001 : 502 ] DCU for ship rudders
D C U [ 10 . 0 . 0 . 002 : 502 ] DCU for ship fins
D C U [ 10 . 0 . 0 . 003 : 502 ] DCU for heading sensor
D C U [ 10 . 0 . 0 . 004 : 502 ] DCU for rolling sensor
D C U [ 10 . 0 . 0 . 001 : 502 ] I R [ 1 ] Input register for rudder command
D C U [ 10 . 0 . 0 . 001 : 502 ] I R [ 2 ] Input register for flap rudder command
D C U [ 10 . 0 . 0 . 002 : 502 ] I R [ 1 ] Input register for fin command
D C U [ 10 . 0 . 0 . 002 : 502 ] I R [ 2 ] Input register for flap fin command
D C U [ 10 . 0 . 0 . 003 : 502 ] H R [ 1 ] Holding register for heading sensor
D C U [ 10 . 0 . 0 . 004 : 502 ] H R [ 1 ] Holding register for rolling sensor
E 0 Set value of ship heading

Share and Cite

MDPI and ACS Style

Xing, B.; Jiang, Y.; Liu, Y.; Cao, S. Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies 2018, 11, 3403. https://doi.org/10.3390/en11123403

AMA Style

Xing B, Jiang Y, Liu Y, Cao S. Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies. 2018; 11(12):3403. https://doi.org/10.3390/en11123403

Chicago/Turabian Style

Xing, Bowen, Yafeng Jiang, Yuqing Liu, and Shouqi Cao. 2018. "Risk Data Analysis Based Anomaly Detection of Ship Information System" Energies 11, no. 12: 3403. https://doi.org/10.3390/en11123403

APA Style

Xing, B., Jiang, Y., Liu, Y., & Cao, S. (2018). Risk Data Analysis Based Anomaly Detection of Ship Information System. Energies, 11(12), 3403. https://doi.org/10.3390/en11123403

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop