Runtime Semantic Analysis

We enhance Zeek network traffic analyzer to detect control-related attacks in power systems that can directly cause physical damage:

Adapt Zeek (originally known as Bro), an open-source runtime network analyzer, to support the communication protocols used power systems
Use the transition of physical states to detect malicious commands by integrating power flow analysis with network monitoring
Design an adaptive power flow analysis algorithm to balance detection latency and accuracy

Dependable Cyber-Physical Systems Laboratory