Controller Modelling as a Tool for Cyber-Attacks Detection

Abstract

This paper aims to develop a method for detecting intrusions into the control system, consisting of malicious modifications of the control algorithm or its parameters. Data from the control loops are routinely collected and archived. Therefore we propose a data-based diagnosis method consisting of modelling the controller using data from normal operation and calculating residual as a difference between model output and real control signal. Larger residual values indicate a change in the controller behaviour, possibly resulting from the malicious intervention. We use two modelling approaches: linear models and neural networks. The linear model additionally gives estimates of PID controller parameters. The methods are evaluated and compared on simulated and real control data. Finally, a superheaters system case study presents the method’s effectiveness for detecting intrusions into the control system.