Print Email Facebook Twitter Cyber-Attack Detection on an Industrial Control System Testbed using Dynamic Watermarking Title Cyber-Attack Detection on an Industrial Control System Testbed using Dynamic Watermarking: A Power Grid Application Author van den Broek, Geert (TU Delft Mechanical, Maritime and Materials Engineering; TU Delft Delft Center for Systems and Control) Contributor Ferrari, Riccardo M.G. (mentor) Keijzer, T. (mentor) Degree granting institution Delft University of Technology Programme Mechanical Engineering | Systems and Control Date 2022-08-25 Abstract An Industrial Control System (ICS) is used to monitor and control industrial processes and critical infrastructure, and is therefore crucial to modern society. This makes them attractive targets for malicious cyber-attacks, which have become more advanced and abundant in recent history. To properly defend ICSs from these cyber-attacks, appropriate cyber-defensive mechanisms should be continuously designed and updated, cyber-attack detection mechanisms included. These mechanisms should undergo sufficient testing before being implemented in actual ICSs to minimise unforeseen consequences. Existing literature indicates that Dynamic Multiplicative Watermarking (DMWM) is a promising form of cyber-attack detection, which could improve overall detection performance. Thus far, this technique has not yet been applied to Automatic Generation Control (AGC) (a prominent form of Load Frequency Control (LFC) in power grids) to detect data integrity attacks (specifically scaling and replay attacks).Ergo, this research aims at testing the performance of DMWM against data integrity attacks on AGC. To perform attack detection, a Luenberger observer it utilised. This observer generates a residual, which is compared to a robustly designed threshold. For the purpose of adequate testing, the HILDA (Hardware-In-the-Loop Detection of Attacks) testbed is designed and constructed. By using this testbed, more realistic scenarios can be simulated than with regular desktop simulations. After verifying the correct construction of the testbed, the DMWM performance is examined both on a desktop simulation environment using MATLAB & Simulink, and on the HILDA testbed. It is shown that the addition of DMWM increases the detection performance in the context of both scaling and replay attacks. For replay attacks, this performance increases notably, while for scaling attacks the improvement is more modest. It is shown that, overall, the attacks are detected more quickly when simulated on the HILDA testbed compared to simulations performed on the MATLAB & Simulink environment. On the other hand, the overall detection ratio was better when simulated on the MATLAB & Simulink environment. This discrepancy in detection performance demonstrates the added value of the HILDA testbed. Subject Industrial Control SystemDynamic Multiplicative WatermarkingAutomatic Generation ControlLoad Frequency ControlData integrity attackScaling attackReplay attackHardware-In-the-Loop Testbed To reference this document use: http://resolver.tudelft.nl/uuid:b6af07bd-440c-4fd2-98d4-7a5e1848e174 Coordinates 52.00182744704395, 4.3713199611650335 Part of collection Student theses Document type master thesis Rights © 2022 Geert van den Broek Files PDF Thesis_Report_Geert_van_d ... _Final.pdf 9.35 MB Close viewer /islandora/object/uuid:b6af07bd-440c-4fd2-98d4-7a5e1848e174/datastream/OBJ/view