Data fusion-base anomay detection in networked critical infrastructures

The dramatic increase in the use of Information and Communication Technologies (ICT) within Networked Critical Infrastructures (NCIs), e.g., the power grid, has lead to more efficient and flexible installations as well as new services and features, e.g., remote monitoring and control. Nevertheless, this has not only exposed NCIs to typical ICT systems attacks, but also to a new breed of cyber-physical attacks. To alleviate these issues, in this paper we propose a novel approach for detecting cyber-physical anomalies in NCIs using the concept of Cyber-physical data fusion. By employing Dempster-Shafer´s “Theory of Evidence” we combine knowledge from the cyber and physical dimension of NCIs in order to achieve an Anomaly Detection System (ADS) capable to detect even small disturbances that are not detected by traditional approaches. The proposed ADS is validated in a scenario assessing the consequences of Distributed Denial of Service (DDoS) attacks on Multi Protocol Label Switching (MPLS) Virtual Private Networks (VPNs) and the propagation of such disturbances to the operation of a simulated power grid.