Cyberintrusion Detection in Critical Infrastructure

Abstract

Sophisticated cyberterrorists have su cient knowledge to devise an attack through the Internet which could compromise critical resource delivery. As the threat of such cybercrime escalates, defending critical infrastructure is a primary focus of the United States govern- ment, industry executives, and the research community. Current research and development primarily focuses on preventing the cyberterrorist from accomplishing his mission of disrup- tion. This research focuses not on prevention, but on detection. Its main objective is the development of an algorithm that can be used to detect data anomalies which may be the result of security breaches.

Grounded in multivariate statistical process control, the algorithm uses principal compo- nent analysis to separate data variability into common-cause and assignable-cause subspaces. Analysis using the common-cause subspace determines whether the data has been compro- mised. Successful results will add a dimension of protection for critical infrastructure systems that has not previously been addressed in the literature. Implementation of the algorithm in a process control system could signi cantly improve the security of operational and planning practices today and in the future. In process control operations, wireless transmission of measurements could be interrupted or data storage in databases on the TCP/IP network could be corrupted or compromised through malware or other human interference. Data errors resulting from any of these occurrences could disrupt physical processes in critical infrastructure. This innovative algorithm provides a solution to this problem.