Bayesian network model to distinguish between intentional attacks and accidental technical failures:a case study of floodgates  

作　　者：Sabarathinam Chockalingam Wolter Pieters AndréTeixeira Pieter van Gelder 

机构地区：[1]Faculty of Technology,Policy and Management,Delft University of Technology,Delft,The Netherlands [2]Department of Risk,Safety and Security,Institute for Energy Technology,Halden,Norway [3]Behavioural Science Institute,Radboud University,Nijmegen,The Netherlands [4]Department of Electrical Engineering,Uppsala University,Uppsala,Sweden

出　　处：《Cybersecurity》2021年第1期442-460,共19页网络空间安全科学与技术（英文）

基　　金：the Netherlands Organization for Scientific Research(NWO)in the framwork of the Cyber Security research program under the project“Secure Our Safety:Building Cyber Security for Flood Management(SOS4Flood)”.

摘　　要：Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems(ICS).These systems are becoming more connected to the internet,either directly or through the corporate networks.This makes them vulnerable to cyber-attacks.Abnormal behaviour in floodgates operated by ICS could be caused by both(intentional)attacks and(accidental)technical failures.When operators notice abnormal behaviour,they should be able to distinguish between those two causes to take appropriate measures,because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector.In the previous work,we developed the attack-failure distinguisher framework for constructing Bayesian Network(BN)models to enable operators to distinguish between those two causes,including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models.As a full case study of the attack-failure distinguisher framework,this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates,addressing the problem of floodgate operators.We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model.The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements.This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.

关 键 词：Bayesian network DeMorgan model Intentional attack Probability elicitation Safety Security Technical failure Water management 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]