Attacklets to Test Anomaly Detectors for Critical Infrastructure

Critical Infrastructure (CI), such as electric power generation and water treatment plants, are susceptible to attacks that lead the underlying physical process to deviate from its expected behaviour. Such deviations create process anomalies that may result in undesirable consequences. Anomaly detectors are installed in CI to detect process anomalies quickly and reliably. In this work, state and command mutation (SCM) is studied as a means to test the effectiveness of anomaly detectors deployed in Critical Infrastructure. The methodology SCM is a framework to derive attacks through mutation. A reference attack that manipulates state and commands vectors of the plant is mutated to create several attacks, referred to as attacklets, using attack mutation operators (OPR). The method is applied to a functional water treatment plant testbed. Experiments show the value of SCM in assessing the effectiveness of ADUT .