IEEE Access (Jan 2021)
The Virtualized Cyber-Physical Testbed for Machine Learning Anomaly Detection: A Wind Powered Grid Case Study
Abstract
Developing tools that help us understand and analyze the effects of cyber attacks on physical assets is necessary in order to detect and prevent harmful consequences of integrating Information and Communication Technologies (ICTs). In this paper, we review existing technologies for developing a fully virtualized cyber-physical testbed for cyber and physical data acquisition and machine learning anomaly detection. We present a testbed that uses network emulation and real industrial communication protocols to emulate the interactions of ICTs inside a wind-powered system. We use the testbed to simulate malicious cyber attacks, their effect on the physical system, and detection mechanisms for such disturbances using anomaly detection. The advantages of the presented virtualized testbed are: 1) integration of real industrial protocols, network analysis tools, and industry-leading data-engineering and machine learning tools; 2) enables a holistic analysis of cyber-physical systems by acquiring and analyzing simultaneously cyber and physical data; 3) cost effective solution for prototyping and testing that can run in a single laptop. The testbed combines unique technologies that enable testing of entire data-driven pipelines, including data acquisition, data management, analysis, and storage, emulating how they would run in a real system. We show how the presented approach can be used to analyze and profile both cyber and physical behavior. The experiments show the capabilities of the presented approach by demonstrating the successful detection of a malicious insertion command through observing anomalous behavior in both cyber and physical data.
Keywords
