Takeover Detection for Cyber Defense at the Industrial Control Systems

Gavish Matan, HUJI, School of Computer Science and Engineering, Computer Science


Computer science and Engineering   


Cyber Security, Legacy Systems

Current stage

TRL2 Technology Concept Formulated; Looking for industrial design partners.


Cyber-attacks on industrial control systems and critical infrastructure may cause mass poisoning, nuclear reactor meltdowns, floods and power grid failures. Sensor hijacking is particularly harmful threat scenario. It was demonstrated during famous Stuxnet attack that sabotaged the Iranian nuclear program in a frightening demonstration of the firepower of cyber-attacks against ICS.

Not only cyber attackers attempt to gain control over the industrial system, they can also feed false information into the system’s sensors, creating a false impression of nominal system behavior at the control room, and keeping the ongoing attack covert while doing harm.

Our Innovation

The researchers are developing an ICS Takeover Detection System (ICS-TDS), aimed to detect a cyber takeover of the monitored ICS, even in the presence of successful sensor hijacking.  

The research is built on two separate recent theoretical advances by researcher, which enable novel
estimation of the intrinsic state of a dynamical system, in a manner that is robust to noise and invariant to changes in the ICS sensor array.

The detection systems we proposed would be stand-alone systems that continuously monitor the ICS without interrupting its function.  Historic recordings of the intrinsic trajectory of the system enable detection of subtle anomalies using unsupervised methods, and sophisticated detection of sensor hijacking using supervised methods.


It is widely recognized that military conflicts in the near future will necessarily include a significant component of cyber warfare. Of the possible venues of cyber warfare, the most menacing is hostile
cyber-takeovers of Industrial Control Systems (ICS) and critical infrastructure.
This application describes a significant effort in cyber security of ICS, bringing together theory,
algorithms and engineering

Contact for more information:

Anna Pellivert
Contact ME: