156 ISSN 0146-4116, Automatic Control and Computer Sciences, 2020, Vol. 54, No. 2, pp. 156–167. © Allerton Press, Inc., 2020. Detection of Deception Attacks in Supervisory Control Systems Using Bond Graph I. Zerdazi a, b, *, M. Fezari a, **, and M. Ouziala b, c, *** a Department of Electronic, Faculty of Engineering Science, Laboratory of Automatic and Signals Annaba (LASA) Badji Mokhtar Annaba University, Annaba, 23000 Algeria b Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL), UMR CNRS 9189, Polytech of Lille, Lille University, Villeneuve d’Ascq, 59655 France c Laboratory of Mechanic and Solid Systems (LMSS), Faculty of Engineering Science, M’Hamed Bougara Boumerdes University, Boumerdes, 30000 Algeria *e-mail: zerdazi_imene@hotmail.fr **e-mail: mohamed.fezari@univ-annaba.org ***e-mail: ouzialamahdi@gmail.com Received July 26, 2019; revised December 11, 2019; accepted January 20, 2020 Abstract—Supervisory Control and Data Acquisition (SCADA) systems can be subject to cyber- attacks due to their extensive connectivity to information and communication technologies. Those communications are used to connect sensors, actuators, and programmable logic controllers (PLCs) to monitor and control the process. The use of communication networks enlarges the vulnerability of SCADA to cyber-attacks that can drive the system to unsafe states. A variety of approaches in the field of attack detection have been proposed, however they are characterized very expensive, low detection rate or are system specific. One of the powerful cyber-attacks targeting SCADA systems is deception attack, where the attacker can change sensor reading parameters. In this work, we propose a new defense strategy that detects parameter changes generated by deception attacks in the sensor and con- trol part in supervisory control systems. To do so, we use the bond graph (BG) modeling tool. Keywords: SCADA, cyber-attacks, bond graph, deception attack, analytical redundancy relation DOI: 10.3103/S0146411620020091 1. INTRODUCTION Supervisory control and data acquisition (SCADA) systems control and monitor critical infrastruc- tures such as water and wastewater treatment plants, energy, oil, and gas refining, power generation [1, 2]. Supervisory control evolved from the need to operate the process in remote sites. That’s why they are now connected to the Internet, which opens them to network threats. For this reason, it is crucial to improve the resilience of SCADA systems against cyber-attacks to protect the process and human life. The development of attack detection methods plays one of the key roles in providing security of super- visory control systems. Recent works in the field of attack detection have been proposed; the methods of artificial intelligence (AI) and machine learning (ML) are altering the landscape of security risks for citi- zens, organizations, and states. The main problem of designing (AI) and (ML) for attack detection is that it can do nothing more than humans, and they can do things very fast while they can analyze large volumes of data that would take a long time for the human being. AI and ML are not sophisticated enough to replace human analysts. At the same time, AI can be used by hackers to test their malicious programs; as a result, they can theoretically create an AI proof malware strain. They also use ML to understand what AI-based security systems are looking for, and they can either disguise their attack or pollute the sample so that their attack appears to be benign. So, they are not advanced enough to be 100% accurate in distin- guishing between malicious and mild activity. This paper uses the bond graph tool to model deception attacks in supervisory control systems. The BG, as a modeling tool of complex systems, provides over its structural and causal properties, an auto- matic generation of analytical redundancy relations (ARRs). These ARRs are static or dynamic con- straints that are used to verify the consistency between the process measurements and the standard system behavior. The innovative interest of this work is the use of a bond graph tool to model deception attacks,