Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Random projections as regularizers: learning a linear discriminant from fewer observations than dimensions

We prove theoretical guarantees for an averaging-ensemble of randomly projected Fisher linear discriminant classifiers, focusing on the casewhen there are fewer training observations than data dimensions. The specific form and simplicity of this ensemble permits a direct and much more detailed analysis than existing generic tools in previous works. In particular, we are able to derive the exact form of the generalization error of our ensemble, conditional on the training set, and based on this we give theoretical guarantees which directly link the performance of the ensemble to that of the corresponding linear discriminant learned in the full data space. To the best of our knowledge these are the first theoretical results to prove such an explicit link for any classifier and classifier ensemble pair. Furthermore we show that the randomly projected ensemble is equivalent to implementing a sophisticated regularization scheme to the linear discriminant learned in the original data space and this prevents overfitting in conditions of small sample size where pseudo-inverse FLD learned in the data space is provably poor. Our ensemble is learned from a set of randomly projected representations of the original high dimensional data and therefore for this approach data can be collected, stored and processed in such a compressed form. We confirm our theoretical findings with experiments, and demonstrate the utility of our approach on several datasets from the bioinformatics domain and one very high dimensional dataset from the drug discovery domain, both settings in which fewer observations than dimensions are the norm

Automated On-line Fault Prognosis for Wind Turbine Monitoring using SCADA data

Current wind turbine (WT) studies focus on improving their reliability and reducing the cost of energy, particularly when WTs are operated offshore. A Supervisory Control and Data Acquisition (SCADA) system is a standard installation on larger WTs, monitoring all major WT sub-assemblies and providing important information. Ideally, a WT’s health condition or state of the components can be deduced through rigorous analysis of SCADA data. Several programmes have been made for that purpose; however, the resulting cost savings are limited because of the data complexity and relatively low number of failures that can be easily detected in early stages. This thesis develops an automated on-line fault prognosis system for WT monitoring using SCADA data, concentrating particularly on WT pitch system, which is known to be fault significant. A number of preliminary activities were carried out in this research. They included building a dedicated server, developing a data visualisation tool, reviewing the existing WT monitoring techniques and investigating the possible AI techniques along with some examples detailing applications of how they can be utilised in this research. The a-priori knowledge-based Adaptive Neuro-Fuzzy Inference System (APK-ANFIS) was selected to research in further because it has been shown to be interpretable and allows domain knowledge to be incorporated. A fault prognosis system using APK-ANFIS based on four critical WT pitch system features is proposed. The proposed approach has been applied to the pitch data of two different designs of 26 Alstom and 22 Mitsubishi WTs, with two different types of SCADA system, demonstrating the adaptability of APK-ANFIS for application to variety of technologies. After that, the Alstom results were compared to a prior general alarm approach to show the advantage of prognostic horizon. In addition, both results are evaluated using Confusion Matrix analysis and a comparison study of the two tests to draw conclusions, demonstrating that the proposed approach is effective

Building Gene Expression Profile Classifiers with a Simple and Efficient Rejection Option in R

Background: The collection of gene expression profiles from DNA microarrays and their analysis with pattern recognition algorithms is a powerful technology applied to several biological problems. Common pattern recognition systems classify samples assigning them to a set of known classes. However, in a clinical diagnostics setup, novel and unknown classes (new pathologies) may appear and one must be able to reject those samples that do not fit the trained model. The problem of implementing a rejection option in a multi-class classifier has not been widely addressed in the statistical literature. Gene expression profiles represent a critical case study since they suffer from the curse of dimensionality problem that negatively reflects on the reliability of both traditional rejection models and also more recent approaches such as one-class classifiers. Results: This paper presents a set of empirical decision rules that can be used to implement a rejection option in a set of multi-class classifiers widely used for the analysis of gene expression profiles. In particular, we focus on the classifiers implemented in the R Language and Environment for Statistical Computing (R for short in the remaining of this paper). The main contribution of the proposed rules is their simplicity, which enables an easy integration with available data analysis environments. Since in the definition of a rejection model tuning of the involved parameters is often a complex and delicate task, in this paper we exploit an evolutionary strategy to automate this process. This allows the final user to maximize the rejection accuracy with minimum manual intervention. Conclusions: This paper shows how the use of simple decision rules can be used to help the use of complex machine learning algorithms in real experimental setups. The proposed approach is almost completely automated and therefore a good candidate for being integrated in data analysis flows in labs where the machine learning expertise required to tune traditional classifiers might not be availabl

A cloned linguistic decision tree controller for real-time path planning in hostile environments

AbstractThe idea of a Cloned Controller to approximate optimised control algorithms in a real-time environment is introduced. A Cloned Controller is demonstrated using Linguistic Decision Trees (LDTs) to clone a Model Predictive Controller (MPC) based on Mixed Integer Linear Programming (MILP) for Unmanned Aerial Vehicle (UAV) path planning through a hostile environment. Modifications to the LDT algorithm are proposed to account for attributes with circular domains, such as bearings, and discontinuous output functions. The cloned controller is shown to produce near optimal paths whilst significantly reducing the decision period. Further investigation shows that the cloned controller generalises to the multi-obstacle case although this can lead to situations far outside of the training dataset and consequently result in decisions with a high level of uncertainty. A modification to the algorithm to improve the performance in regions of high uncertainty is proposed and shown to further enhance generalisation. The resulting controller combines the high performance of MPC–MILP with the rapid response of an LDT while providing a degree of transparency/interpretability of the decision making

PORTABLE HEART ATTACK WARNING SYSTEM BY MONITORING THE ST SEGMENT VIA SMARTPHONE ELECTROCARDIOGRAM PROCESSING

Cardiovascular disease (CVD) is the single leading cause of death in both developed and developing countries. The most deadly CVD is heart attack, which 7,900,000 Americans suffer each year, and 16% of cases are fatal. The Electrocardiogram (ECG) is the most widely adopted clinical tool to diagnose and assess the risk of CVD. Early diagnosis of heart attacks, by detecting abnormal ST segments within one hour of the onset of symptoms, is necessary for successful treatment. In clinical settings, resting ECGs are used to monitor patients automatically. However, given the sporadic nature of heart attacks, it is unlikely that the patient will be in a clinical setting at the onset of a heart attack. While Holter-based portable monitoring solutions offer 24 to 48-hour ECG recording, they lack the capability of providing any real-time feedback for the thousands of heart beats they record, which must be tediously analyzed offline.Processing ECG signals on a smartphone-based platform would unite the portability of Holter monitors and the real-time processing capability of state-of-the-art resting ECG machines to provide an assistive diagnosis for early heart attack warning. Furthermore, smartphones serve as an ideal platform for telemedicine and alert systems and have a portable form factor. To detect heart attacks via ECG processing, a real-time, accurate, context aware ST segment monitoring algorithm, based on principal component analysis and a support vector machine classifier is proposed and evaluated. Real-time feedback is provided by implementing a state-of-the-art, multilevel warning system ranging from audible notifications to text messages to points of contacts with the GPS location of the user. The smartphone test bed makes use of a novel, real-time verification system using a streaming database to analyze the strain of heart attack detection system under normal phone operation. Furthermore, the entire system is prototyped and fully functional, running on a smartphone to demonstrate the real-time, portable functionality of the platform. Experimental results show that a classification accuracy of 96% for ST segment elevation of individual beats can be achieved and all ST episodes were correctly detected during testing with the European ST database