A joint project of the Graduate School, Peabody College, and the Jean & Alexander Heard Library

Title page for ETD etd-03252014-204623

Type of Document Master's Thesis
Author Werth, Aaron William
Author's Email Address aaron.w.werth@vanderbilt.edu
URN etd-03252014-204623
Title Towards distinguishing between cyber-attacks and faults in cyber-physical systems
Degree Master of Science
Department Electrical Engineering
Advisory Committee
Advisor Name Title
Gabor Karsai, PhD Committee Chair
Gautam Biswas Committee Member
  • Security of SCADA Systems
  • Fault Diagnosis
  • Network Security
Date of Defense 2014-02-28
Availability unrestricted
Cyber-physical systems (CPS) can be affected by different events or circumstances. These circumstances include the following: (1) faults, which are accidental in nature and may involve degradation of equipment and (2) cyber-attacks, which were created by a malicious and conscious entity. Both of these can have similar effects on the CPS as well as different effects. The goal of this work is to be able to understand the differences between the two in their symptoms for the physical system and network. It is desired to be able to distinguish one from the other so that a diagnosis can be made. The reason that this is desired is to allow an appropriate response.

In this thesis, a set of experiments are conducted. Specifically, a model of a networked control system (NCS) is used and is subject to normal operating conditions, faults, and attacks. Simulations with these circumstances involve special network simulation tools: Omnet++ and INET. A simple network with several routers was created. Two nodes of the network have applications that implement the behavior of the plant and the controller. The network facilitates communication between these two nodes.

The results of this set of simulations are studied so that insight can be gained from the various scenarios. Also experiments are performed with a well-known machine learning algorithm-a naïve Bayes classifier-to gauge how well a distinction can be made between faults and attacks. Questions of how the problem is generalized and why it is important to consider are also addressed and discussed.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Werth.pdf 1.51 Mb 00:06:59 00:03:35 00:03:08 00:01:34 00:00:08

Browse All Available ETDs by ( Author | Department )

If you have more questions or technical problems, please Contact LITS.