This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.
Chapter PDF
Similar content being viewed by others
References
C. Bellettini and J. Rrushi, Vulnerability analysis of SCADA protocol binaries through detection of memory access taintedness, Proceedings of the IEEE SMC Information Assurance and Security Workshop, pp. 341– 348, 2007.
D. Deavours, G. Clark, T. Courtney, D. Daly, S. Derisavi, J. Doyle, W. Sanders and P. Webster, The Möbius framework and its implementation, IEEE Transactions of Software Engineering, vol. 20(10), pp. 956– 969, 2002.
R. Krutz, Securing SCADA Systems, Wiley, Indianapolis, Indiana, 2006.
J. McCalley, Y. Jiang, V. Honavar, J. Pathak, M. Kezunovic, S. Natti, C. Singh and J. Panida, Automated Integration of Condition Monitoring with an Optimized Maintenance Scheduler for Circuit Breakers and Power Transformers, Final Project Report, Department of Computer Science, Iowa State University, Ames, Iowa, 2006.
J. Meyer, A. Movaghar and W. Sanders, Stochastic activity networks: Structure, behavior and application, Proceedings of the International Conference on Timed Petri Nets, pp. 106– 115, 1985.
J. Meyer and W. Sanders, Specification and construction of performability models, Proceedings of the Second International Workshop on Performa-bility Modeling of Computer and Communication Systems, 1993.
Microsoft Research, MSBNx: Bayesian Network Editor and Tool Kit, Microsoft Corporation, Redmond, Washington (research.microsoft.com/adapt/MSBNx).
Modbus IDA, MODBUS Application Protocol Specification v1.1a, North Grafton, Massachusetts (www.modbus.org/specs.php), 2004.
J. Pathak, Y. Jiang, V. Honavar and J. McCalley, Condition data aggregation with application to failure rate calculation of power transformers, Proceedings of the Thirty-Ninth Annual Hawaii International Conference on System Sciences, p. 241a, 2005.
J. Pearl, Bayesian networks: A model of self-activated memory for evidential reasoning, Proceedings of the Seventh Conference of the Cognitive Science Society, pp. 329– 334, 1985.
W. Sanders, Construction and Solution of Performability Models Based on Stochastic Activity Networks, Ph.D. Dissertation, Department of Electrical Engineering and Computer Science, University of Michigan, Ann Arbor, Michigan, 1988.
W. Sanders, Integrated frameworks for multi-level and multi-formalism modeling, Proceedings of the Eighth International Workshop on Petri Nets and Performance Models, pp. 2– 9, 1999.
W. Sanders and J. Meyer, A unified approach for specifying measures of performance, dependability and performability, in Dependable Computing for Critical Applications, A. Avizienis and J. Laprie (Eds.), Springer-Verlag, Berlin-Heidelberg, Germany, pp. 215– 237, 1991.
W. Sanders and J. Meyer, Stochastic activity networks: Formal definitions and concepts, in Lecture Notes in Computer Science, Volume 2090, Springer, Berlin-Heidelberg, Germany, pp. 315– 343, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Rrushi, J., Campbell, R. (2008). Detecting Cyber Attacks On Nuclear Power Plants. In: Papa, M., Shenoi, S. (eds) Critical Infrastructure Protection II. ICCIP 2008. The International Federation for Information Processing, vol 290. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88523-0_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-88523-0_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88522-3
Online ISBN: 978-0-387-88523-0
eBook Packages: Computer ScienceComputer Science (R0)