Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures

Critical Infrastructures (CI) are sensible targets. They could be physically damaged by natural or human actions causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cyber security systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both physical and cyber domains. The performance evaluation shows encouraging results - obtained by different ML algorithms -, which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain.