The present invention relates generally to the field of control systems and, more particularly, to a method and system for intrusion detection in networked control systems.
Modern day utility systems such as electricity generation and distribution systems need to be operational throughout the day and also have to remain functional continuously. The dependence of daily activities of all the applications connected to these utility systems makes it vital for the utility systems to be monitored and controlled in a timely fashion.
Considerable amount of time and resources have been invested to develop a smart infrastructure in a utility system, which communicates problems occurring in the system in near-real time. For example, control systems governing the utility systems have been equipped with communication mechanisms that communicate problems in the system to a central controller, which further checks the occurrence of the problem, and fixes it accordingly.
Stability has been achieved by treating problems occurring due to failure of components of utility systems, and other naturally occurring failures as a control problem. However smart systems face problems with intruders trying to manipulate components of the system to cause systemic failures. With the increase in communication requirements for utility systems, the risk of intrusion has increased many folds. In the recent past, the number and severity of intrusions in utility systems have adversely affected daily lives.
Although resources have been spent in finding a method to detect such intrusions, the results of these systems have not been satisfactory, since data emanated from the utility system during a natural disaster, and data made to be emanated from the system during an intrusion follow similar characteristics. For an example, it has been observed in a power distribution system that an intrusion to steal power from the power lines leads to abrupt changes in the amplitude of electrical current observed at certain points on the power lines. Similarly, abrupt changes in the electrical current readings are observed when a power fault occurs due to branch of a tree falling on the power line. Hence, there is a need for a method and system to detect intrusions in such networked control systems.