Abstract
Given the intricate interactions between the physical and cyber components found in urban cyber-physical systems (CPSs), the detection of attacks in such infrastructure has been approached in various ways. This work presents an exhaustive study that compares different kinds of attack detection mechanisms and evaluates them using a set of defined metrics. Model-based attack detectors are investigated in this report, which use mathematical system models with the input and output as the sets of actuators and sensors of the underlying physical processes, respectively. The detection methods comprise statistical change monitoring procedures (CUSUM and bad-data detectors) and a device fingerprinting technique. The case studies of two research facilities, a smart water treatment plant (SWaT) and a water distribution plant (WADI), have been used to assess these security measures. These testbeds represent the diversity of CPS infrastructures found in cities today. Several types of attacks have been simulated on the plants to experimentally analyse the performance of the detection methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Laboratory Virtual Instrument Engineering Workbench (LabVIEW) is a system-design software developed by National Instruments. For attack tool see: https://gitlab.com/gyani/NiSploit.
References
Cardenas, A., Amin, S., Lin, Z., Huang, Y., Huang, C., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: 6th ACM Symposium on Information. Computer and Communications Security, pp. 355–366 (2011)
Ahmed, C.M., Zhou, J.: Challenges and opportunities in cps security: a physics-based perspective. IEEE Secur, Priv (2020)
Ahmed, C.M., Ochoa, M., Zhou, J., Mathur, A.P., Qadeer, R., Murguia, C., Ruths, J.: Noiseprint: attack detection using sensor and process noise fingerprint in cyber physical systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, ser. ASIACCS ’18, pp. 483–497. ACM, New York, NY, USA (2018). http://doi.acm.org/10.1145/3196494.3196532
Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 449–460. ACM (2016)
Prakash J., Ahmed, M.: Can you see me on performance of wireless fingerprinting in a cyber physical system. In: 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)
Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 664–669, July 2013
Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., Srivastava, M.: Pycra: physical challenge-response authentication for active sensors under spoofing attacks. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15, pp. 1004–1015. ACM, New York, NY, USA (2015). http://doi.acm.org/10.1145/2810103.2813679
Ahmed, C.M., Prakash, J., Zhou, J.: Revisiting anomaly detection in ICS: Aimed at segregation of attacks and faults (2020)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—a survey. CoRR (2017). arxiv:abs/1701.04525
Tahsini, A., Dunstatter, N., Guirguis, M., Ahmed, C.M.: Deepbloc: a framework for securing cps through deep reinforcement learning on stochastic games. IEEE Conference on Communications and Network Security (CNS) 2020, 1–9 (2020)
Slay, J., Miller, M.: Lessons learned from the maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection, pp. 73–82. Springer, Boston, MA, USA (2008)
Hemsley, K., Fisher, R.: A history of cyber incidents and threats involving industrial control systems. In: Staggs, J., Shenoi, S. (eds.) Critical Infrastructure Protection XII, pp. 215–242. Springer International Publishing, Cham (2018)
Pasqualetti, F., Dörfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)
Pasqualetti, F., Dorfler, F., Bullo, F.: Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design. In: Proceedings of the 50th IEEE Conference on Decision and Control and European Control Conference (2011)
Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 47th Annual Allerton Conference on Communication, Control, and Computing, Allerton (2009)
Athalye, S., Ahmed, C.M., Zhou, J.: A tale of two testbeds: a comparative study of attack detection techniques in cps. In: Rashid, A., Popov, P. (eds.) Critical Information Infrastructures Security, pp. 17–30. Springer International Publishing, Cham (2020)
Mitchell, R., Chen, I.-R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 1–29 (2014)
Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09. Association for Computing Machinery, New York, NY, USA (2009). https://doi.org/10.1145/1653662.1653666
Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ser. ASIA CCS ’17, pp. 101–113. ACM, New York, NY, USA (2017). http://doi.acm.org/10.1145/3052973.3053011
Mo, Y., Weerakkody, S., Sinopoli, B.: Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. Mag. 35(1), 93–109 (2015)
Bai, C.-Z., Gupta, V.: On kalman filtering in the presence of a compromised sensor: fundamental performance bounds. In: American Control Conference, vol. 2014, pp. 3029–3034. IEEE (2014)
Ahmed, C.M., Adepu, S., Mathur, A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: 2016 Smart City Security and Privacy Workshop (SCSP-W), pp. 1–5, Apr 2016
Murguia, C., Ruths, J.: Characterization of a cusum model-based sensor attack detector. In: 2016 IEEE 55th Conference on Decision and Control (CDC), vol. 12, pp. 1303–1309 (2016)
Qadeer, R., Murguia, C., Ahmed, C.M., Ruths, J.: Multistage downstream attack detection in a cyber physical system. In: Katsikas, S.K., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Kalloniatis, C., Mylopoulos, J., Antón, A., Gritzalis, S. (eds.) Computer Security, pp. 177–185. Springer International Publishing, Cham (2018)
Shoukry, Y., Chong, M., Wakaiki, M., Nuzzo, P., Sangiovanni-Vincentelli, A., Seshia, S.A., Hespanha, J.P., Tabuada, P.: Smt-based observer design for cyber-physical systems under sensor attacks. ACM Trans. Cyber-Phys. Syst. 2(1), 1–27 (2018)
Mishra, S., Shoukry, Y., Karamchandani, N., Diggavi, S.N., Tabuada, P.: Secure state estimation against sensor attacks in the presence of noise. IEEE Trans. Control Netw. Syst. 4(1), 49–59 (2016)
Roth, T., McMillin, B.: Physical attestation in the smart grid for distributed state verification. IEEE Trans. Dependable Secur. Comput. 15(2), 275–288 (2016)
Chen, Y., Poskitt, C.M., Sun, J.: Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. In: IEEE Symposium on Security and Privacy (SP), vol. 2018, pp. 648–660. IEEE (2018)
Agrawal, A., Ahmed, C.M., Chang, E.-C.: Poster: physics-based attack detection for an insider threat model in a cyber-physical system. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 821–823 (2018)
Ahmed, C.M., Prakash, J., Qadeer, R., Agrawal, A., Zhou, J.: Process skew: fingerprinting the process for anomaly detection in industrial control systems. In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, ser. WiSec ’20, pp. 219–230. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3395351.3399364
Ahmed, C.M., Mathur, A.P.: Hardware identification via sensor fingerprinting in a cyber physical system. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 517–524, July 2017
Mujeeb, A., Mathur, A., Martin, O.: NoiSense: detecting data integrity attacks on sensor measurements using hardware based fingerprints. ArXiv e-prints, Dec. 2017
Choi, W., Jo, H.J., Woo, S., Chun, J.Y., Park, J., Lee, D.H.: Identifying ecus using inimitable characteristics of signals in controller area networks. CoRR (2016). arxiv: abs/1607.00497
Amin, S., Litrico, X., Sastry, S.S., Bayen, A.M.: Cyber security of water SCADA systems 2014-Part II: attack detection using enhanced hydrodynamic models. IEEE Trans. Control Syst. Technol. 21(5), 1679–1693 (2013)
Amin, S., Litrico, X., Sastry, S., Bayen, A.M.: Cyber security of water SCADA systems 2014Part I: Analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. 21(5), 1963–1970 (2013)
Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proceedings of the 3rd Conference on Hot Topics in Security, ser. HOTSEC’08, pp. 6:1–6:6. USENIX Association, Berkeley, CA, USA (2008)
Amin, S., Cárdenas, A., Sastry, S.S.: Safe and secure networked control systems under denial-of-service attacks. In: proceedings of the 12th International Conference on Hybrid Systems: Computation and Control (HSCC), vol. 5469, pp. 31–45. LNCS, Springer (2009)
Gupta, A., Langbort, C., Basar, T.: Optimal control in the presence of an intelligent jammer with limited actions. In: 49th IEEE Conference on Decision and Control (CDC), pp. 1096–1101, Dec. 2010
Liang, G., Zhao, J., Luo, F., Weller, S.R., Dong, Z.Y.: A review of false data injection attacks against modern power systems. IEEE Trans. Smart Grid 8(4), 1630–1638 (2017)
Deng, R., Xiao, G., Lu, R.: Defending against false data injection attacks on power system state estimation. IEEE Trans. Industrial Informatics 13(1), 198–207 (2017)
Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918 (2009)
Teixeira, A., Pérez, D., Sandberg, H., Johansson, K.H.: Attack models and scenarios for networked control systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, ser. HiCoNS ’12, pp. 55–64 (2012)
Ntalampiras, S.: Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans. Ind. Inf. 11(1), 104–111 (2015)
Palleti, V.R., Tan, Y.C., Samavedham, L.: A mechanistic fault detection and isolation approach using kalman filter to improve the security of cyber physical systems. J. Process Control 68, 160–170 (2018)
SWaT: Secure Water Treatment Testbed (2015). https://itrust.sutd.edu.sg/wp-content/uploads/sites/3/2015/11/Brief-Introduction-to-SWaT_181115.pdf
Ahmed, C.M., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, ser. CySWATER ’17, pp. 25–28 (2017)
Wei, X., Verhaegen, M., van Engelen, T.: Sensor fault detection and isolation for wind turbines based on subspace identification and kalman filter techniques. Int. J. Adapt. Control Signal Process. 24(8), 687–707 (2010). http://dx.doi.org/10.1002/acs.1162
Montgomery, D.: Introduction to Statistical Quality Control. Wiley (2009)
Adams, B., Woodall, W., Lowry, C.: The use (and misuse) of false alarm probabilities in control chart design. Front. Stat. Qual. Control 4, 155–168 (1992)
van de Dobben, C.: Bruyn: Cumulative Sum Tests: Theory and Practice. Griffin, London (1968)
Liu, T., Gu, Y., Wang, D., Gui, Y., Guan, X.: A novel method to detect bad data injection attack in smart grid. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 49–54. IEEE (2013)
Aström, K.J., Wittenmark, B.: Computer-controlled Systems, 3rd edn. Prentice-Hall Inc, Upper Saddle River, NJ, USA (1997)
Ahmed, C.M., Zhou, J., Mathur, A.P.: Noise matters: using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in cp. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 566–581 (2018)
Welch, P.: The use of fast fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms. IEEE Trans. Audio Electroacoust. 15(2), 70–73 (1967)
Urbina, D.I., Giraldo, J.A., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16, pp. 1092–1105. ACM, New York, NY, USA (2016). http://doi.acm.org/10.1145/2976749.2978388
Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water SCADA systems; Part I: Analysis and experimentation of stealthy deception attacks. IEEE Trans. Control Syst. Technol. 21(5), 1963–1970 (2013)
Formby, D., Srinivasan, P., Leonard, A., Rogers, J., Beyah, R.: Who’s in control of your control system? device fingerprinting for cyber-physical systems. In: NDSS, Apr 2016
Sridhar, S., Hahn, A., Govindarasu, M.: Cyber physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2012)
Adepu, S., Mishra, G., Mathur, A.: Access control in water distribution networks: a case study. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 184–191, July 2017
Acknowledgements
The authors thank the reviewers for their comments. This work has extensively made use of the research facilities offered by the iTrust research centre at Singapore University of Technology and Design for which, the authors would like to express their gratitude.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Athalye, S., Mujeeb Ahmed, C., Zhou, J. (2021). Model-Based CPS Attack Detection Techniques: Strengths and Limitations. In: Awad, A.I., Furnell, S., Paprzycki, M., Sharma, S.K. (eds) Security in Cyber-Physical Systems. Studies in Systems, Decision and Control, vol 339. Springer, Cham. https://doi.org/10.1007/978-3-030-67361-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-67361-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-67360-4
Online ISBN: 978-3-030-67361-1
eBook Packages: EngineeringEngineering (R0)