Assessment of a Method for Detecting Process Anomalies Using Digital-Twinning

Abstract

Several methods exist for detecting process anomalies resulting from cyber-attacks on critical infrastructure. The assessment of such methods could be conducted using simulation or directly on a realistic operational testbed. While the results of an assessment on a testbed may be more authentic than those carried out using simulation, conducting such experiments is fraught with challenges such as the time required to set up and launch attacks thus limiting the variety and number of attacks launched. To overcome such limitations, while maintaining the reliability of the outcome of the assessment, an approach based on timed automata models of a critical infrastructure was investigated. The investigation involved development of a digital twin for a 6-stage water treatment plant. A design-centric anomaly detection method, as well as an attack launcher, were integrated with the model and experiments were performed. The outcome of this investigation reveals the value of the proposed approach in rapid assessment of a design-centric anomaly detection method.