{"title":"标记连续时间马尔可夫模型的概率状态估计及其在攻击检测中的应用","authors":"Lefebvre, Dimitri, Seatzu, Carla, Hadjicostis, Christoforos N., Giua, Alessandro","doi":"10.1007/s10626-021-00348-y","DOIUrl":null,"url":null,"abstract":"<p>This paper is about state estimation in a timed probabilistic setting. The main contribution is a general procedure to design an observer for computing the probabilities of the states for labeled continuous time Markov models as functions of time, based on a sequence of observations and their associated time stamps that have been collected thus far. Two notions of state consistency with respect to such a timed observation sequence are introduced and related necessary and sufficient conditions are derived. The method is then applied to the detection of cyber-attacks. The plant and the possible attacks are described in terms of a labeled continuous time Markov model that includes both observable and unobservable events, and where each attack corresponds to a particular subset of states. Consequently, attack detection is reformulated as a state estimation problem.</p>","PeriodicalId":92890,"journal":{"name":"Discrete event dynamic systems","volume":"25 56","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Probabilistic state estimation for labeled continuous time Markov models with applications to attack detection\",\"authors\":\"Lefebvre, Dimitri, Seatzu, Carla, Hadjicostis, Christoforos N., Giua, Alessandro\",\"doi\":\"10.1007/s10626-021-00348-y\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This paper is about state estimation in a timed probabilistic setting. The main contribution is a general procedure to design an observer for computing the probabilities of the states for labeled continuous time Markov models as functions of time, based on a sequence of observations and their associated time stamps that have been collected thus far. Two notions of state consistency with respect to such a timed observation sequence are introduced and related necessary and sufficient conditions are derived. The method is then applied to the detection of cyber-attacks. The plant and the possible attacks are described in terms of a labeled continuous time Markov model that includes both observable and unobservable events, and where each attack corresponds to a particular subset of states. Consequently, attack detection is reformulated as a state estimation problem.</p>\",\"PeriodicalId\":92890,\"journal\":{\"name\":\"Discrete event dynamic systems\",\"volume\":\"25 56\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Discrete event dynamic systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s10626-021-00348-y\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Discrete event dynamic systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s10626-021-00348-y","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Probabilistic state estimation for labeled continuous time Markov models with applications to attack detection
This paper is about state estimation in a timed probabilistic setting. The main contribution is a general procedure to design an observer for computing the probabilities of the states for labeled continuous time Markov models as functions of time, based on a sequence of observations and their associated time stamps that have been collected thus far. Two notions of state consistency with respect to such a timed observation sequence are introduced and related necessary and sufficient conditions are derived. The method is then applied to the detection of cyber-attacks. The plant and the possible attacks are described in terms of a labeled continuous time Markov model that includes both observable and unobservable events, and where each attack corresponds to a particular subset of states. Consequently, attack detection is reformulated as a state estimation problem.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
