Valeriy Vyatkin

Mandar Joshi, Farzana Zahid, Judy Bowen et al.

Industrial Water Treatment Systems (IWTS) are safety critical cyber-physical infrastructures and due to increased connectivity, these systems are exposed to cyber threats that can manipulate process behaviour without creating obvious devices outliers. In particular, logic-layer deception anomalies can preserve numerically plausible measurements while breaking expected cause-and-effect relationships in the control process. These attacks are difficult to detect using threshold-based monitoring or require heavy server-oriented anomaly detection models. This paper explores the potential of Tiny Deep Learning (TinyDL) to provide lightweight on-device logic-level anomaly detection for resource constrained Programmable Logic Controllers (PLCs). We propose a novel framework, TinyDL-based incremental LSTM (Ti-iLSTM) which optimises the memory and space foot print of Long Short-Term Memory (LSTM), to detect logic-layer inconsistencies in Programmable Logic Controller (PLC) based Industrial Water Treatment Systems (IWTS). Experiments on the publicly available SWaT dataset show that the optimised model achieves high detection performance (F1-score=0.983 and ROC-AUC=0.998). A deployment-style validation on the WADI dataset confirms that the proposed light-weight framework remains applicable beyond a single dataset. The research demonstrates that combining logic-aware supervision with Tiny Deep Learning (TinyDL) sequence learning creates an efficient and accurate anomaly detection suitable for resource constrained Programmable Logic Controllers (PLCs) in industrial environments.

Mohammad Azangoo, Joonas Salmi, Iivo Yrjölä et al.

Making an updated and as-built model plays an important role in the life-cycle of a process plant. In particular, Digital Twin models must be precise to guarantee the efficiency and reliability of the systems. Data-driven models can simulate the latest behavior of the sub-systems by considering uncertainties and life-cycle related changes. This paper presents a step-by-step concept for hybrid Digital Twin models of process plants using an early implemented prototype as an example. It will detail the steps for updating the first-principles model and Digital Twin of a brownfield process system using data-driven models of the process equipment. The challenges for generation of an as-built hybrid Digital Twin will also be discussed. With the help of process history data to teach Machine Learning models, the implemented Digital Twin can be continually improved over time and this work in progress can be further optimized.

Mohammad Azangoo, Amir Taherkordi, Jan Olaf Blech et al.

Digital Twins are increasingly being introduced for smart manufacturing systems to improve the efficiency of the main disciplines of such systems. Formal techniques, such as graphs, are a common way of describing Digital Twin models, allowing broad types of tools to provide Digital Twin based services such as fault detection in production lines. Obtaining correct and complete formal Digital Twins of physical systems can be a complicated and time consuming process, particularly for manufacturing systems with plenty of physical objects and the associated manufacturing processes. Automatic generation of Digital Twins is an emerging research field and can reduce time and costs. In this paper, we focus on the generation of Digital Twins for flexible manufacturing systems with Automated Guided Vehicles (AGVs) on the factory floor. In particular, we propose an architectural framework and the associated design choices and software development tools that facilitate automatic generation of Digital Twins for AGVs. Specifically, the scope of the generated digital twins is controlling AGVs in the factory floor. To this end, we focus on different control levels of AGVs and utilize graph theory to generate the graph-based Digital Twin of the factory floor.

Roopak Sinha, Cheng Pang, Gerardo Santillán Martínez et al.

Industrial cyber-physical systems require complex distributed software to orchestrate many heterogeneous mechatronic components and control multiple physical processes. Industrial automation software is typically developed in a model-driven fashion where abstractions of physical processes called plant models are co-developed and iteratively refined along with the control code. Testing such multi-dimensional systems is extremely difficult because often models might not be accurate, do not correspond accurately with subsequent refinements, and the software must eventually be tested on the real plant, especially in safety-critical systems like nuclear plants. This paper proposes a framework wherein high-level functional requirements are used to automatically generate test cases for designs at all abstraction levels in the model-driven engineering process. Requirements are initially specified in natural language and then analyzed and specified using a formalized ontology. The requirements ontology is then refined along with controller and plant models during design and development stages such that test cases can be generated automatically at any stage. A representative industrial water process system case study illustrates the strengths of the proposed formalism. The requirements meta-model proposed by the CESAR European project is used for requirements engineering while IEC 61131-3 and model-driven concepts are used in the design and development phases. A tool resulting from the proposed framework called REBATE (Requirements Based Automatic Testing Engine) is used to generate and execute test cases for increasingly concrete controller and plant models.

Roopak Sinha, Sandeep Patil, Luis Gomes et al.

Industrial automation systems (IAS) need to be highly dependable; they should not merely function as expected but also do so in a reliable, safe, and secure manner. Formal methods are mathematical techniques that can greatly aid in developing dependable systems and can be used across all phases of the system development life cycle (SDLC), including requirements engineering, system design and implementation, verification and validation (testing), maintenance, and even documentation. This state-of-the-art survey reports existing formal approaches for creating more dependable IAS, focusing on static formal methods that are used before a system is completely implemented. We categorize surveyed works based on the phases of the SDLC, allowing us to identify research gaps and promising future directions for each phase.

Dennis Jarvis, Jacqueline Jarvis, Chen-Wei Yang et al.

The benefits that arise from the adoption of a systems engineering approach to the design of engineered systems are well understood and documented. However , with software systems, different approaches are required given the changeability of requirements and the malleability of software. With the design of industrial cyber-physical systems, one is confronted with the challenge of designing engineered systems that have a significant software component. Furthermore, that software component must be able to seamlessly interact with both the enterprise's business systems and industrial systems. In this paper, we present Janus, which together with the GORITE BDI agent framework, provides a methodology for the design of agent-based industrial cyber-physical systems. Central to the Janus approach is the development of a logical architecture as in traditional systems engineering and then the allocation of the logical requirements to a BDI (Belief Desire Intention) agent architecture which is derived from the physical architecture for the system. Janus has its origins in product manufacturing; in this paper, we apply it to the problem of Fault Location, Isolation and Service Restoration (FLISR) for power substations.

Thimal Kempitiya, Seppo Sierla, Daswin De Silva et al.

The global ambitions of a carbon-neutral society necessitate a stable and robust smart grid that capitalises on frequency reserves of renewable energy. Frequency reserves are resources that adjust power production or consumption in real time to react to a power grid frequency deviation. Revenue generation motivates the availability of these resources for managing such deviations. However, limited research has been conducted on data-driven decisions and optimal bidding strategies for trading such capacities in multiple frequency reserves markets. We address this limitation by making the following research contributions. Firstly, a generalised model is designed based on an extensive study of critical characteristics of global frequency reserves markets. Secondly, three bidding strategies are proposed, based on this market model, to capitalise on price peaks in multi-stage markets. Two strategies are proposed for non-reschedulable loads, in which case the bidding strategy aims to select the market with the highest anticipated price, and the third bidding strategy focuses on rescheduling loads to hours on which highest reserve market prices are anticipated. The third research contribution is an Artificial Intelligence (AI) based bidding optimization framework that implements these three strategies, with novel uncertainty metrics that supplement data-driven price prediction. Finally, the framework is evaluated empirically using a case study of multiple frequency reserves markets in Finland. The results from this evaluation confirm the effectiveness of the proposed bidding strategies and the AI-based bidding optimization framework in terms of cumulative revenue generation, leading to an increased availability of frequency reserves.

Seppo Sierla, Mohammad Azangoo, Alexander Fay et al.

Ongoing standardization in Industry 4.0 supports tool vendor neutral representations of Piping and Instrumentation diagrams as well as 3D pipe routing. However, a complete digital plant model requires combining these two representations. 3D pipe routing information is essential for building any accurate first-principles process simulation model. Piping and instrumentation diagrams are the primary source for control loops. In order to automatically integrate these information sources to a unified digital plant model, it is necessary to develop algorithms for identifying corresponding elements such as tanks and pumps from piping and instrumentation diagrams and 3D CAD models. One approach is to raise these two information sources to a common level of abstraction and to match them at this level of abstraction. Graph matching is a potential technique for this purpose. This article focuses on automatic generation of the graphs as a prerequisite to graph matching. Algorithms for this purpose are proposed and validated with a case study. The paper concludes with a discussion of further research needed to reprocess the generated graphs in order to enable effective matching.

Seppo Sierla, Ville Kyrki, Pekka Aarnio et al.

This paper proposes a new concept in which a digital twin derived from a digital product description will automatically perform assembly planning and orchestrate the production resources in a manufacturing cell. Thus the manufacturing cell has generic services with minimal assumptions about what kind of product will be assembled, while the digital product description is designed collaboratively between the designer at an OEM and automated services at potential manufacturers. This has several advantages. Firstly, the resulting versatile manufacturing facility can handle a broad variety of products with minimal or no reconfiguration effort, so it can cost-effectively offer its services to a large number of OEMs. Secondly, a solution is presented to the problem of performing concurrent product design and assembly planning over the organizational boundary. Thirdly, the product design at the OEM is not constrained to the capabilities of specific manufacturing facilities. The concept is presented in general terms in UML and an implementation is provided in a 3D simulation environment using Automation Markup Language for digital product descriptions. Finally, two case studies are presented and applications in a real industrial context are discussed.

Miia Rantala, Hannu Niemistö, Tommi Karhela et al.

This article investigates how graph matching can be applied to process plant design data in order to support the reuse of previous designs. A literature review of existing graph matching algorithms is performed, and a group of algorithms is chosen for further testing. A use case from early phase plant design is presented. A methodology for addressing the use case is proposed, including graph simplification algorithms and node similarity measures, so that existing graph matching algorithms can be applied in the process plant domain. The proposed methodology is evaluated empirically on an industrial case consisting of design data from several pulp and paper plants.

Awais Tanveer, Roopak Sinha, Stephen G. MacDonell et al.

Programmable Logic Controllers (PLCs) execute critical control software that drives Industrial Automation and Control Systems (IACS). PLCs can become easy targets for cyber-adversaries as they are resource-constrained and are usually built using legacy, less-capable security measures. Security attacks can significantly affect system availability, which is an essential requirement for IACS. We propose a method to make PLC applications more security-aware. Based on the well-known IEC 61499 function blocks standard for developing IACS software, our method allows designers to annotate critical parts of an application during design time. On deployment, these parts of the application are automatically secured using appropriate security mechanisms to detect and prevent attacks. We present a summary of availability attacks on distributed IACS applications that can be mitigated by our proposed method. Security mechanisms are achieved using IEC 61499 Service-Interface Function Blocks (SIFBs) embedding Intrusion Detection and Prevention System (IDPS), added to the application at compile time. This method is more amenable to providing active security protection from attacks on previously unknown (zero-day) vulnerabilities. We test our solution on an IEC 61499 application executing on Wago PFC200 PLCs. Experiments show that we can successfully log and prevent attacks at the application level as well as help the application to gracefully degrade into safe mode, subsequently improving availability.

Polina Ovsiannikova, Igor Buzhinsky, Antti Pakonen et al.

Despite being one of the most reliable approaches for ensuring system correctness, model checking requires auxiliary tools to fully avail. In this work, we tackle the issue of its results being hard to interpret and present Oeritte, a tool for automatic visual counterexample explanation for function block diagrams. To learn what went wrong, the user can inspect a parse tree of the violated LTL formula and a table view of a counterexample, where important variables are highlighted. Then, on the function block diagram of the system under verification, they can receive a visualization of causality relationships between the calculated values of interest and intermediate results or inputs of the function block diagram. Thus, Oeritte serves to decrease formal model and specification debugging efforts along with making model checking more utilizable for complex industrial systems.

Igor Buzhinsky, Valeriy Vyatkin

Model checking is an established technique to formally verify automation systems which are required to be trusted. However, for sufficiently complex systems model checking becomes computationally infeasible. On the other hand, testing, which offers less reliability, often does not present a serious computational challenge. Searching for synergies between these two approaches, this paper proposes a framework to ensure reliability of industrial automation systems by means of hybrid use of model checking and testing. This framework represents a way to achieve a trade-off between verification reliability and computational complexity which has not yet been explored in other approaches. Instead of undergoing usual model checking, system requirements are checked only on particular system behaviors which represent a test suite achieving coverage for both the system and the requirements. Then, all stages of the framework support the case of a closed-loop model, where not only the controller, but also the plant is modeled.

Eero Siivola, Seppo Sierla, Hannu Niemistö et al.

The emergence of the Industrial Internet results in an increasing number of complicated temporal interdependencies between automation systems and the processes to be controlled. There is a need for verification methods that scale better than formal verification methods and which are more exact than testing. Simulation-based runtime verification is proposed as such a method, and an application of Metric temporal logic is presented as a contribution. The practical scalability of the proposed approach is validated against a production process designed by an industrial partner, resulting in the discovery of requirement violations.