TY - CHAP
T1 - A Modular Infrastructure for the Validation of Cyberattack Detection Systems
AU - Cerotti, Davide
AU - Codetta Raiteri, Daniele
AU - Dondossola, Giovanna
AU - Egidi, Lavinia
AU - Franceschinis, Giuliana
AU - Portinale, Luigi
AU - Terruggia, Roberta
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - We propose a framework for the evaluation of cyberattack detection systems in which theoretical results can be tested in a realistic setup. We emulate a power control infrastructure, an attacker and a monitoring system. In this controlled environment, through a modular approach, it is possible to evaluate a variety of detection models: we inject adversarial activity, collect logs from the systems, analyze such logs and produce evidences that are later processed by artificial intelligence models that can raise alerts, and give diagnostic or predictive information. In particular, we test our framework with detection models based on Dynamic Bayesian Networks, that take into account the evolution of adversarial activities over time. The testbed allows us to effectively test the adequacy of the detection mechanisms for early warning of suspicious events; currently, it includes man-in-the-middle attacks and false data injection.
AB - We propose a framework for the evaluation of cyberattack detection systems in which theoretical results can be tested in a realistic setup. We emulate a power control infrastructure, an attacker and a monitoring system. In this controlled environment, through a modular approach, it is possible to evaluate a variety of detection models: we inject adversarial activity, collect logs from the systems, analyze such logs and produce evidences that are later processed by artificial intelligence models that can raise alerts, and give diagnostic or predictive information. In particular, we test our framework with detection models based on Dynamic Bayesian Networks, that take into account the evolution of adversarial activities over time. The testbed allows us to effectively test the adequacy of the detection mechanisms for early warning of suspicious events; currently, it includes man-in-the-middle attacks and false data injection.
KW - Bayesian Networks
KW - Early evidence-based cyberattack detection
KW - Power systems
KW - Test environment
KW - Time-driven attack analysis
UR - http://www.scopus.com/inward/record.url?scp=85153034918&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-20360-2_13
DO - 10.1007/978-3-031-20360-2_13
M3 - Chapter
T3 - Power Systems
SP - 311
EP - 336
BT - Power Systems
PB - Springer Science and Business Media Deutschland GmbH
ER -