A control-theoretic approach to detecting and distinguishing replay attacks from other anomalies in nuclear power plants

Abstract The wider use of digital systems in nuclear power plants has raised security concerns to the utilities, the regulatory entities, and the public. These digital systems provide malicious attackers with opportunities to exploit vulnerabilities in these systems to realize physical damages. Replay attacks are a particular type of attacks. They are easy to perform and when combined with other types of attacks can potentially lead to significant consequences. Therefore, timely detection of a replay attack is of vital importance for the operator to take mitigation measures. Besides, it is also important to distinguish between a replay attack and other anomalies, since they are of different nature (one intentional and the other random) and will require different responses by the operator. In this research, we propose a control-theoretic method to address this problem. The method consists of the injection of random noise (i.e. physical watermark) into the control input and two chi-squared tests. The physical watermark is used to excite the system being controlled so that the replay attack, if it exists, can be uncovered. The first chi-squared test is used to detect anomalies in the system, including replay attacks and other anomalies. If the null hypothesis in the first test is rejected, we use the second chi-squared test to determine whether the anomaly is a replay attack or any other anomaly. We demonstrate the proposed method by using a steam generator that can be found in pressurized water reactors. The results of different cases are presented and discussed.