Skip to main content
SpringerLink
Log in

Model-Based CPS Attack Detection Techniques: Strengths and Limitations

  • Chapter
  • First Online:
Security in Cyber-Physical Systems

Part of the book series: Studies in Systems, Decision and Control ((SSDC,volume 339))

Abstract

Given the intricate interactions between the physical and cyber components found in urban cyber-physical systems (CPSs), the detection of attacks in such infrastructure has been approached in various ways. This work presents an exhaustive study that compares different kinds of attack detection mechanisms and evaluates them using a set of defined metrics. Model-based attack detectors are investigated in this report, which use mathematical system models with the input and output as the sets of actuators and sensors of the underlying physical processes, respectively. The detection methods comprise statistical change monitoring procedures (CUSUM and bad-data detectors) and a device fingerprinting technique. The case studies of two research facilities, a smart water treatment plant (SWaT) and a water distribution plant (WADI), have been used to assess these security measures. These testbeds represent the diversity of CPS infrastructures found in cities today. Several types of attacks have been simulated on the plants to experimentally analyse the performance of the detection methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Laboratory Virtual Instrument Engineering Workbench (LabVIEW) is a system-design software developed by National Instruments. For attack tool see: https://gitlab.com/gyani/NiSploit.

References

  1. Cardenas, A., Amin, S., Lin, Z., Huang, Y., Huang, C., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: 6th ACM Symposium on Information. Computer and Communications Security, pp. 355–366 (2011)

    Google Scholar 

  2. Ahmed, C.M., Zhou, J.: Challenges and opportunities in cps security: a physics-based perspective. IEEE Secur, Priv (2020)

    Book  Google Scholar 

  3. Ahmed, C.M., Ochoa, M., Zhou, J., Mathur, A.P., Qadeer, R., Murguia, C., Ruths, J.: Noiseprint: attack detection using sensor and process noise fingerprint in cyber physical systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ser. ASIACCS ’18, pp. 483–497. ACM, New York, NY, USA (2018). http://doi.acm.org/10.1145/3196494.3196532

  4. Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 449–460. ACM (2016)

    Google Scholar 

  5. Prakash J., Ahmed, M.: Can you see me on performance of wireless fingerprinting in a cyber physical system. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)

    Google Scholar 

  6. Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 664–669, July 2013

    Google Scholar 

  7. Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., Srivastava, M.: Pycra: physical challenge-response authentication for active sensors under spoofing attacks. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15, pp. 1004–1015. ACM, New York, NY, USA (2015). http://doi.acm.org/10.1145/2810103.2813679

  8. Ahmed, C.M., Prakash, J., Zhou, J.: Revisiting anomaly detection in ICS: Aimed at segregation of attacks and faults (2020)

    Google Scholar 

  9. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—a survey. CoRR (2017). arxiv:abs/1701.04525

  10. Tahsini, A., Dunstatter, N., Guirguis, M., Ahmed, C.M.: Deepbloc: a framework for securing cps through deep reinforcement learning on stochastic games. IEEE Conference on Communications and Network Security (CNS) 2020, 1–9 (2020)

    Google Scholar 

  11. Slay, J., Miller, M.: Lessons learned from the maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection, pp. 73–82. Springer, Boston, MA, USA (2008)

    Google Scholar 

  12. Hemsley, K., Fisher, R.: A history of cyber incidents and threats involving industrial control systems. In: Staggs, J., Shenoi, S. (eds.) Critical Infrastructure Protection XII, pp. 215–242. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  13. Pasqualetti, F., Dörfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)

    Article  MathSciNet  Google Scholar 

  14. Pasqualetti, F., Dorfler, F., Bullo, F.: Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design. In: Proceedings of the 50th IEEE Conference on Decision and Control and European Control Conference (2011)

    Google Scholar 

  15. Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 47th Annual Allerton Conference on Communication, Control, and Computing, Allerton (2009)

    Google Scholar 

  16. Athalye, S., Ahmed, C.M., Zhou, J.: A tale of two testbeds: a comparative study of attack detection techniques in cps. In: Rashid, A., Popov, P. (eds.) Critical Information Infrastructures Security, pp. 17–30. Springer International Publishing, Cham (2020)

    Chapter  Google Scholar 

  17. Mitchell, R., Chen, I.-R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 1–29 (2014)

    Article  Google Scholar 

  18. Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1653662.1653666

  19. Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ser. ASIA CCS ’17, pp. 101–113. ACM, New York, NY, USA (2017). http://doi.acm.org/10.1145/3052973.3053011

  20. Mo, Y., Weerakkody, S., Sinopoli, B.: Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. Mag. 35(1), 93–109 (2015)

    Article  MathSciNet  Google Scholar 

  21. Bai, C.-Z., Gupta, V.: On kalman filtering in the presence of a compromised sensor: fundamental performance bounds. In: American Control Conference, vol. 2014, pp. 3029–3034. IEEE (2014)

    Google Scholar 

  22. Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: 2016 Smart City Security and Privacy Workshop (SCSP-W), pp. 1–5, Apr 2016

    Google Scholar 

  23. Murguia, C., Ruths, J.: Characterization of a cusum model-based sensor attack detector. In: 2016 IEEE 55th Conference on Decision and Control (CDC), vol. 12, pp. 1303–1309 (2016)

    Google Scholar 

  24. Qadeer, R., Murguia, C., Ahmed, C.M., Ruths, J.: Multistage downstream attack detection in a cyber physical system. In: Katsikas, S.K., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S. (eds.) Computer Security, pp. 177–185. Springer International Publishing, Cham (2018)

    Chapter  Google Scholar 

  25. Shoukry, Y., Chong, M., Wakaiki, M., Nuzzo, P., Sangiovanni-Vincentelli, A., Seshia, S.A., Hespanha, J.P., Tabuada, P.: Smt-based observer design for cyber-physical systems under sensor attacks. ACM Trans. Cyber-Phys. Syst. 2(1), 1–27 (2018)

    Article  Google Scholar 

  26. Mishra, S., Shoukry, Y., Karamchandani, N., Diggavi, S.N., Tabuada, P.: Secure state estimation against sensor attacks in the presence of noise. IEEE Trans. Control Netw. Syst. 4(1), 49–59 (2016)

    Article  MathSciNet  Google Scholar 

  27. Roth, T., McMillin, B.: Physical attestation in the smart grid for distributed state verification. IEEE Trans. Dependable Secur. Comput. 15(2), 275–288 (2016)

    Article  Google Scholar 

  28. Chen, Y., Poskitt, C.M., Sun, J.: Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. In: IEEE Symposium on Security and Privacy (SP), vol. 2018, pp. 648–660. IEEE (2018)

    Google Scholar 

  29. Agrawal, A., Ahmed, C.M., Chang, E.-C.: Poster: physics-based attack detection for an insider threat model in a cyber-physical system. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 821–823 (2018)

    Google Scholar 

  30. Ahmed, C.M., Prakash, J., Qadeer, R., Agrawal, A., Zhou, J.: Process skew: fingerprinting the process for anomaly detection in industrial control systems. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, ser. WiSec ’20, pp. 219–230. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3395351.3399364

  31. Ahmed, C.M., Mathur, A.P.: Hardware identification via sensor fingerprinting in a cyber physical system. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 517–524, July 2017

    Google Scholar 

  32. Mujeeb, A., Mathur, A., Martin, O.: NoiSense: detecting data integrity attacks on sensor measurements using hardware based fingerprints. ArXiv e-prints, Dec. 2017

    Google Scholar 

  33. Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ecus using inimitable characteristics of signals in controller area networks. CoRR (2016). arxiv: abs/1607.00497

  34. Amin, S., Litrico, X., Sastry, S.S., Bayen, A.M.: Cyber security of water SCADA systems 2014-Part II: attack detection using enhanced hydrodynamic models. IEEE Trans. Control Syst. Technol. 21(5), 1679–1693 (2013)

    Article  Google Scholar 

  35. Amin, S., Litrico, X., Sastry, S., Bayen, A.M.: Cyber security of water SCADA systems 2014Part I: Analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. 21(5), 1963–1970 (2013)

    Google Scholar 

  36. Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proceedings of the 3rd Conference on Hot Topics in Security, ser. HOTSEC’08, pp. 6:1–6:6. USENIX Association, Berkeley, CA, USA (2008)

    Google Scholar 

  37. Amin, S., Cárdenas, A., Sastry, S.S.: Safe and secure networked control systems under denial-of-service attacks. In: proceedings of the 12th International Conference on Hybrid Systems: Computation and Control (HSCC), vol. 5469, pp. 31–45. LNCS, Springer (2009)

    Google Scholar 

  38. Gupta, A., Langbort, C., Basar, T.: Optimal control in the presence of an intelligent jammer with limited actions. In: 49th IEEE Conference on Decision and Control (CDC), pp. 1096–1101, Dec. 2010

    Google Scholar 

  39. Liang, G., Zhao, J., Luo, F., Weller, S.R., Dong, Z.Y.: A review of false data injection attacks against modern power systems. IEEE Trans. Smart Grid 8(4), 1630–1638 (2017)

    Article  Google Scholar 

  40. Deng, R., Xiao, G., Lu, R.: Defending against false data injection attacks on power system state estimation. IEEE Trans. Industrial Informatics 13(1), 198–207 (2017)

    Article  Google Scholar 

  41. Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918 (2009)

    Google Scholar 

  42. Teixeira, A., Pérez, D., Sandberg, H., Johansson, K.H.: Attack models and scenarios for networked control systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, ser. HiCoNS ’12, pp. 55–64 (2012)

    Google Scholar 

  43. Ntalampiras, S.: Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans. Ind. Inf. 11(1), 104–111 (2015)

    Article  Google Scholar 

  44. Palleti, V.R., Tan, Y.C., Samavedham, L.: A mechanistic fault detection and isolation approach using kalman filter to improve the security of cyber physical systems. J. Process Control 68, 160–170 (2018)

    Article  Google Scholar 

  45. SWaT: Secure Water Treatment Testbed (2015). https://itrust.sutd.edu.sg/wp-content/uploads/sites/3/2015/11/Brief-Introduction-to-SWaT_181115.pdf

  46. Ahmed, C.M., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, ser. CySWATER ’17, pp. 25–28 (2017)

    Google Scholar 

  47. Wei, X., Verhaegen, M., van Engelen, T.: Sensor fault detection and isolation for wind turbines based on subspace identification and kalman filter techniques. Int. J. Adapt. Control Signal Process. 24(8), 687–707 (2010). http://dx.doi.org/10.1002/acs.1162

  48. Montgomery, D.: Introduction to Statistical Quality Control. Wiley (2009)

    Google Scholar 

  49. Adams, B., Woodall, W., Lowry, C.: The use (and misuse) of false alarm probabilities in control chart design. Front. Stat. Qual. Control 4, 155–168 (1992)

    Article  Google Scholar 

  50. van de Dobben, C.: Bruyn: Cumulative Sum Tests: Theory and Practice. Griffin, London (1968)

    Google Scholar 

  51. Liu, T., Gu, Y., Wang, D., Gui, Y., Guan, X.: A novel method to detect bad data injection attack in smart grid. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 49–54. IEEE (2013)

    Google Scholar 

  52. Aström, K.J., Wittenmark, B.: Computer-controlled Systems, 3rd edn. Prentice-Hall Inc, Upper Saddle River, NJ, USA (1997)

    Google Scholar 

  53. Ahmed, C.M., Zhou, J., Mathur, A.P.: Noise matters: using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in cp. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 566–581 (2018)

    Google Scholar 

  54. Welch, P.: The use of fast fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms. IEEE Trans. Audio Electroacoust. 15(2), 70–73 (1967)

    Article  Google Scholar 

  55. Urbina, D.I., Giraldo, J.A., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16, pp. 1092–1105. ACM, New York, NY, USA (2016). http://doi.acm.org/10.1145/2976749.2978388

  56. Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part I: Analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. 21(5), 1963–1970 (2013)

    Google Scholar 

  57. Formby, D., Srinivasan, P., Leonard, A., Rogers, J., Beyah, R.: Who’s in control of your control system? device fingerprinting for cyber-physical systems. In: NDSS, Apr 2016

    Google Scholar 

  58. Sridhar, S., Hahn, A., Govindarasu, M.: Cyber physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2012)

    Article  Google Scholar 

  59. Adepu, S., Mishra, G., Mathur, A.: Access control in water distribution networks: a case study. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 184–191, July 2017

    Google Scholar 

Download references

Acknowledgements

The authors thank the reviewers for their comments. This work has extensively made use of the research facilities offered by the iTrust research centre at Singapore University of Technology and Design for which, the authors would like to express their gratitude.

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Surabhi Athalye, Chuadhry Mujeeb Ahmed & Jianying Zhou

Authors
  1. Surabhi Athalye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chuadhry Mujeeb Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Surabhi Athalye .

Editor information

Editors and Affiliations

  1. Department of Computer Science, Electrical and Space Engineering, Luleå University of Technology, Luleå, Sweden

    Ali Ismail Awad

  2. School of Computer Science, University of Nottingham, Nottingham, UK

    Steven Furnell

  3. Systems Research Institute, Polish Academy of Sciences, Warszawa, Poland

    Marcin Paprzycki

  4. Institute of Information Technology and Management, New Delhi, India

    Sudhir Kumar Sharma

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Athalye, S., Mujeeb Ahmed, C., Zhou, J. (2021). Model-Based CPS Attack Detection Techniques: Strengths and Limitations. In: Awad, A.I., Furnell, S., Paprzycki, M., Sharma, S.K. (eds) Security in Cyber-Physical Systems. Studies in Systems, Decision and Control, vol 339. Springer, Cham. https://doi.org/10.1007/978-3-030-67361-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-67361-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-67360-4

  • Online ISBN: 978-3-030-67361-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation