Distributed Attack Detection (DAD)
Distributed Attack Detection (DAD) is a patented attack detection system. Throughout the course of its development, DAD was iteratively improved through extensive experimentation in Secure Water Treatment (SWaT) testbed.
DAD can be considered as a host-based intrusion detection system (HIDS). Specifically, it collects data on the various sensor measurements of processes, such as water pH value, water level and flow indicator, for analysis and process anomaly detection. By using all 52 sensor values of SWaT, it can detect single-stage multipoint and multi-stage multi-point cyber-attacks in a distributed control system.
DAD uses “security by design” for many basic and advanced attacker models. Based on the rules of physics, it directly verifies the process variables of the CPS within the distributed PLCs to check for abnormal behaviour. Process variables are time-dependent and interrelated within the entire plant process. Hence, their values are constrained by the relationship they have with the other process variables, as governed by the fundamental laws of physics and/or chemistry. The relationships among these constrained variables lead to process invariants – DAD’s rule-based algorithms.
The invariants are embedded in PLCs as well as special hardware devices known as intelligent checkers (ICs) with wired interfaces to sensors and actuators. The invariants are checked constantly to ensure the underlying processes are behaving as intended. When an invariant is violated, the underlying CPS process has diverged from its intended behaviour and an alarm is triggered.
Developer: Sridhar Adepu
Advisor: Prof Aditya Mathur
- Adepu, Sridhar, and Aditya Mathur. “Distributed detection of single-stage multipoint cyber attacks in a water treatment plant.” In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 449-460. 2016.
- Adepu, Sridhar, and Aditya Mathur. “Distributed attack detection in a water treatment plant: Method and case study.” IEEE Transactions on Dependable and Secure Computing (2018).
- Adepu, Sridhar, and Aditya Mathur. “Assessing the effectiveness of attack detection at a hackfest on industrial control systems.” IEEE Transactions on Sustainable Computing (2018).