A survey of physics-based attack detection in cyber-physical systems
ACM Computing Surveys (CSUR), 2018•dl.acm.org
Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of
research. In its basic form, a security monitor creates time-series models of sensor readings
for an industrial control system and identifies anomalies in these measurements to identify
potentially false control commands or false sensor readings. In this article, we review
previous work on physics-based anomaly detection based on a unified taxonomy that allows
us to identify limitations and unexplored challenges and to propose new solutions.
research. In its basic form, a security monitor creates time-series models of sensor readings
for an industrial control system and identifies anomalies in these measurements to identify
potentially false control commands or false sensor readings. In this article, we review
previous work on physics-based anomaly detection based on a unified taxonomy that allows
us to identify limitations and unexplored challenges and to propose new solutions.
Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.