公开(公告)号：WO2022015246A1

公开(公告)日：2022-01-20

申请号：PCT/SG2021/050415

申请日：2021-07-15

Applicant: SINGAPORE UNIVERSITY OF TECHNOLOGY AND DESIGN

Inventor： AHMED, Chuadhry Mujeeb ,  ZHOU, Jianying

IPC: G05B19/05 ,  G06F21/57 ,  H04L12/00 ,  G06N20/00

Abstract: There is provided a method of characterising a programmable logic controller (PLC) in a networked control system. The networked control system includes a plurality of programmable logic controllers (PLCs), including the above-mentioned PLC, and a communication network layer based on which the plurality of PLCs communicate with each other. The method includes: obtaining network traffic data from the communication network layer; determining scan cycle related timing profile information associated with the PLC based on the network traffic data obtained; and generating characterising information associated with the PLC based on the determined scan cycle related timing profile information for characterising the PLC. There is also provided a corresponding method of attack detection in the networked control system, including detecting whether the networked control system is subject to an attack in relation to the PLC based on second characterising information associated with the PLC and reference characterising information associated with the PLC. There is further provided a corresponding system for characterising a PLC and/or attack detection in a networked control system.

公开(公告)号：WO2021251906A1

公开(公告)日：2021-12-16

申请号：PCT/SG2021/050340

申请日：2021-06-11

Applicant: SINGAPORE UNIVERSITY OF TECHNOLOGY AND DESIGN

Inventor： AHMED, Chuadhry Mujeeb ,  ZHOU, Jianying

IPC: G05B19/048 ,  G05B19/406 ,  G05B23/02 ,  G05B19/058 ,  G05B2219/24215

Abstract: There is provided a method of detecting anomaly in a physical process associated with a networked control system. The method includes: obtaining, for each process run of a plurality of process runs for a state process at a process state of the physical process, measured sensor data associated with the process run in relation to a physical state associated with the state process at the process state; producing, for the above-mentioned each process run of the plurality of process runs, process offset data associated with the process run based on the measured sensor data associated with the process run and modelled sensor data in relation to the physical state associated with the state process, to obtain a plurality of process offset data associated with the plurality of process runs, respectively, in relation to the physical state associated with the state process; determining process skew fingerprint information associated with the plurality of process runs based on the plurality of process offset data, the process skew fingerprint information including characteristic information associated with the plurality of process offset data; and detecting anomaly in the physical process based on the process skew fingerprint information associated with the plurality of process runs for the state process at the process state of the physical process. There is also provided a corresponding system for detecting anomaly in a physical process associated with a networked control system.

公开(公告)号：WO2020246944A1

公开(公告)日：2020-12-10

申请号：PCT/SG2020/050322

申请日：2020-06-08

Applicant: SINGAPORE UNIVERSITY OF TECHNOLOGY AND DESIGN

Inventor： AHMED, Chuadhry Mujeeb ,  MATHUR, Aditya

IPC: G05B19/048 ,  G08B29/18 ,  G06N20/00 ,  G05B13/04

Abstract: There is provided a method of attack detection in a sensor network of a networked control system using at least one processor, the sensor network including a plurality of sensors, the method including: obtaining, from each of the plurality of sensors, measured sensor data; determining, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor; determining, for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors; determining, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor; determining, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and detecting, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor. There is also provided a corresponding system for attack detection in a sensor network of a networked control system.