Attacks on Industrial Control Systems (ICS) can lead to significant physical
damage. While offline safety and security assessments can provide insight into
vulnerable system components, they may not account for stealthy attacks
designed to evade anomaly detectors during long operational transients. In this
paper, we propose a predictive online monitoring approach to check the safety
of the system under potential stealthy attacks. Specifically, we adapt previous
results in reachability analysis for attack impact assessment to provide an
efficient algorithm for online safety monitoring for Linear Time-Invariant
(LTI) systems. The proposed approach relies on an offline computation of
symbolic reachable sets in terms of the estimated physical state of the system.
These sets are then instantiated online, and safety checks are performed by
leveraging ideas from ellipsoidal calculus. We illustrate and evaluate our
approach using the Tennessee-Eastman process. We also compare our approach with
the baseline monitoring approaches proposed in previous work and assess its
efficiency and scalability. Our evaluation results demonstrate that our
approach can predict in a timely manner if a false data injection attack will
be able to cause damage, while remaining undetected. Thus, our approach can be
used to provide operators with real-time early warnings about stealthy attacks.

By admin