APERIO Data Forgery Protection

by Aperio Systems

APERIO developed the ‘’polygraph for machines’’. Our data polygraph technology enables operational teams to verify the integrity of the data they receive.

Solution Overview

Recent Cyber attacks on Critical Infrastructures around the world, show again that the attackers' ultimate goal is to create physical damage, and that they are fully capable of doing so. These attacks also demonstrate that the concept of putting walls around critical networks will eventually fail, and attackers will get in. Very recent attacks also represent a significant evolution in the feasible tool-sets of the attackers. Vendors and security defenders are now in a new position - controlling and identifying the attacks after impact! Or in other words - it is no longer about building the highest walls or the deepest canals, but it is about having the best Intelligence to deal with the intruders from the inside. APERIO developed the ‘’polygraph for machines’’. Our data polygraph technology enables operational teams to verify the integrity of the data they receive. Using advanced algorithms, we identify and track the unique signal 'fingerprints' of each sensor. Once a system fingerprint baseline exists for each sensor, deviations can be characterized and investigated, and the 'truth' of a given dataset can be determined.

APERIO provides a LAST LINE OF DEFENCE against the most sophisticated and dangerous hackers and adversaries, ensuring physical state awareness in the face of such attacks. Our solution allows for: Process Continuity - enables trust in the most critical data and provides resilience when attacked. Unlike traditional industrial IDS/IPS, APERIO not only detects that there’s an attack, but also pinpoints the manipulation and suggests a correction. Operational Alerts - provides fast, actionable, specific and accurate alerts - integrating cyber-security into operational emergency procedures, allowing the operators to mitigate heavy permanent damage. Accuracy and Relevanxy - While classic anomaly detection products falsely alert when new legitimate operating modes are implemented, APERIO alerts only when the reported process state does not reflect the plant’s real situation. Minimized Risk - APERIO is passive and non-intrusive – minimizing operational risks, as well as installation and maintenance costs. Unlike traditional industrial IDS/IPS, APERIO solution doesn’t require a painful deployment in the production network. Counters Insider Threats - APERIO protects the plant’s process continuity from both external and internal actors.

Solution Approach

Aperio’s software connects passively into OSIsoft PI System and using advanced proprietary algorithms, the software creates unique ‘’fingerprints’’ in reported sensor signals to detect Forged Data - measurements that do not behave like in a real physical world. If sensor-data is forged we alert the control room and pinpoint the attacked equipment. Our technological advance is based on machine learning algorithms trained to detect artificial manipulations of process data and to reconstruct the true state of the system in real time. Aperio is delivered as a pre-packaged Virtual Machine (VM) that can be deployed in no-time. Aperio supports VMware vSphere, Microsoft Hyper-V and KVM. Secondary there is another small Windows VM, allowing to connect to the PI Server. Other than some processing power from your virtualization solution there are no hidden infrastructure costs. Aperio is a software only license. Aperio as a product is shipped as a pre-packaged virtual machine. It is a plug & play technology that requires little effort for implementation other than connecting to your historian server. Installation at our customers sites are up and running within a couple of hours. There is no implementation scenario involved. Once the Aperio application is connected to the historian server, the operators can start using the product. The impact on the PI Server is minimal. Aperio collects data in a read-only fashion from your existing historian. No data is pushed back. This means that both an installation or an uninstallation is nothing more than deleting the Virtual Machine and removing the database connector.

Supporting Documents



  • Sensor-Data Validity
  • Forgery Detection and Alerting
  • Integrating with any type of SIEM system
  • Real-time view of measured values of every sensor


  • Alerts from Data Forgery Detection in real time
  • No configuration needed, plug and play appliance
  • Easy integration to PI System & Asset Framework (AF)
  • Simple, obvious user experience that does not require training

PI System Requirements

PI Server 3.4.390 or later, PSA Server

Solution Type

Data Validation, Downtime Tracking, IoT, Safety Compliance, Security, Visualization


  • Chemical & Petrochemical
  • Mining, Metallurgy & Material
  • Oil & Gas
  • Pharmaceuticals & Life Sciences
  • Power Generation
  • Water & Wastewater
  • Transmission & Distribution
  • Government

Business Impacts

Evaluate Quality, Increase Asset Health & Uptime, Manage Risk & Regulatory, Advance Safety Performances, Security


Applications for the PI System, Hardware