@inbook{3c35368ed0424793b7d31aeb76d0d977,
title = "Detecting cyber attacks on nuclear power plants",
abstract = "This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.",
keywords = "Instrusion detection, Nuclear plants, Stochastic activity networks",
author = "Julian Rrushi and Roy Campbell",
note = "Copyright: Copyright 2008 Elsevier B.V., All rights reserved.",
year = "2008",
doi = "10.1007/978-0-387-88523-0_4",
language = "English (US)",
isbn = "9780387885223",
series = "IFIP International Federation for Information Processing",
pages = "41--54",
editor = "Mauricio Papa and Sujeet Shenoi",
booktitle = "Critical Infrastructure Protection II",
}