Skip to main content
SpringerLink
Log in

Bank of Models: Sensor Attack Detection and Isolation in Industrial Control Systems

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13139))

Abstract

Attacks on sensor measurements can take the system to an unwanted state. The disadvantage of using a system model-based approach for attack detection is that it could not isolate which sensor was under attack. For example, if one of two sensors that are physically coupled is under attack, the attack would reflect in both. In this work, we propose an attack detection and isolation technique using a multi-model framework named Bank of Models (BoM) in which the same process will be represented by multiple system models. This technique can achieve higher accuracy for attack detection with low false alarm rates. We make extensive empirical performance evaluation on a realistic ICS testbed to demonstrate the viability of this technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmed, C.M., A.Sridhar, M., A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: IEEE Smart City Security and Privacy Workshop, CPSWeek (2016)

    Google Scholar 

  2. Ahmed, C.M., Mathur, A.P.: Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In: Proceedings of the 6th ACM on Cyber-Physical System Security Workshop. p. 23–29. CPSS ’20, Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3384941.3409588

  3. Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 101–113. ASIA CCS ’17, ACM, New York, NY, USA (2017). https://doi.org/10.1145/3052973.3053011

  4. Ahmed, C.M., et al.: Noiseprint: Attack detection using sensor and process noise fingerprint in cyber physical systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 483–497. ASIACCS ’18, ACM, New York, NY, USA (2018). https://doi.org/10.1145/3196494.3196532

  5. Ahmed, C.M., Zhou, J.: Challenges and opportunities in cyberphysical systems security: a physics-based perspective. IEEE Secur. Privacy 18(6), 14–22 (2020)

    Google Scholar 

  6. Aström, K.J., Wittenmark, B.: Computer-controlled Systems, 3rd edn. Prentice-Hall Inc, Upper Saddle River, NJ, USA (1997)

    Google Scholar 

  7. Athalye, S., Ahmed, C.M., Zhou, J.: A tale of two testbeds: a comparative study of attack detection techniques in cps. In: International Conference on Critical Information Infrastructures Security, pp. 17–30. Springer (2020). https://doi.org/10.1007/978-3-030-58295-1_2

  8. Cardenas, A., Amin, S., Lin, Z., Huang, Y., Huang, C., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366 (2011)

    Google Scholar 

  9. Case, D.U.: Analysis of the cyber attack on the ukrainian power grid (2016)

    Google Scholar 

  10. Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 1–27 (2011) www.csie.ntu.edu.tw/cjlin/libsvm

  11. Chen, Y., Poskitt, C.M., Sun, J.: Learning from mutants: using code mutation to learn and monitor invariants of a cyber-physical system. IEEE Security and Privacy 2018 abs/1801.00903 (2018). arxiv.org/abs/1801.00903

  12. CNN: Staged cyber attack reveals vulnerability in power grid (2007). edition.cnn.com/2007/US/09/26/power.at.risk/index.html, year

  13. Dan, G., Sandberg, H.: Stealth attacks and protection schemes for state estimators in power systems. In: Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, pp. 214–219. IEEE (2010)

    Google Scholar 

  14. Ding, S.X.: Model-based fault diagnosis techniques: design schemes, algorithms, and tools. Springer Sci. Business Media (2008)

    Google Scholar 

  15. Esfahani, P.M., Vrakopoulou, M., Andersson, G., Lygeros, J.: A tractable nonlinear fault detection and isolation technique with application to the cyber-physical security of power systems. In: Proceedings of the 51st IEEE Conference on Decision and Control, pp. 3433–3438 (2012)

    Google Scholar 

  16. Falliere, N., Murchu, L., Chien, E.: W32 stuxnet dossier. symantec, version 1.4 (2011). www.symantec.com/content/en/us/enterprise/media/security

  17. Fawzi, H., Tabuada, P., Diggavi, S.: Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Autom. Control 59(6), 1454–1467 (2014)

    Article  MathSciNet  Google Scholar 

  18. Filonov, P., Kitashov, F., Lavrentyev, A.: Rnn-based early cyber-attack detection for the tennessee eastman process. arXiv preprint arXiv:1709.02232 (2017)

  19. Filonov, P., Lavrentyev, A., Vorontsov, A.: Multivariate industrial time series with cyber-attack simulation: fault detection using an lstm-based predictive data model. arXiv preprint arXiv:1612.06676 (2016)

  20. Garcia, L., Brasser, F., Cintuglu, M.H., Sadeghi, A.R., Mohammed, O., Zonouz, S.A.: Hey, my malware knows physics! attacking plcs with physical model aware rootkit. In: 24th Annual Network and Distributed System Security Symposium (NDSS) (Feb 2017)

    Google Scholar 

  21. Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security, pp. 88–99. Springer International Publishing, Cham (2017)

    Chapter  Google Scholar 

  22. Gollmann, D., Krotofil, M.: Cyber-physical systems security, pp. 195–204. Springer, Berlin Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4_14

  23. Huda, S., Yearwood, J., Hassan, M.M., Almogren, A.: Securing the operations in scada-iot platform based industrial control system using ensemble of deep belief networks. Appl. Soft Comput. 71, 66–77 (2018)

    Google Scholar 

  24. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065. IEEE (2017)

    Google Scholar 

  25. iTrust: Sutd security showdown. itrust.sutd.edu.sg/scy-phy-systems-week/2017-2/s317-event/ year = 2017

  26. Kravchik, M., Shabtai, A.: Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, pp. 72–83. ACM (2018)

    Google Scholar 

  27. Krotofil, M., Cárdenas, A.A.: Is this a good time? deciding when to launch attacks on process control systems. In: Proceedings of the 3rd International Conference on High Confidence Networked Systems, p. 65–66. HiCoNS ’14, Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2566468.2576852

  28. Krotofil, M., Cárdenas, A.A., Manning, B., Larsen, J.: Cps: driving cyber-physical systems to unsafe operating conditions by timing dos attacks on sensor signals. In: Proceedings of the 30th Annual Computer Security Applications Conference, p. 146–155. ACSAC ’14, Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2664243.2664290

  29. Krotofil, M., Larsen, J., Gollmann, D.: The process matters: ensuring data veracity in cyber-physical systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 133–144. ASIA CCS ’15, ACM, New York, NY, USA (2015). https://doi.org/10.1145/2714576.2714599

  30. Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 670–675 (2013). https://doi.org/10.1109/INDIN.2013.6622964

  31. Li, X., Ye, N.: Decision tree classifiers for computer intrusion detection. J. Parallel Distrib Comput Practices 4(2), 179–190 (2001)

    Google Scholar 

  32. Liu, Y., Ning, P., Reiter, M.: False data injection attacks against state estimation in electric power grids. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 21–32 (2009)

    Google Scholar 

  33. Mathur, A.P., Tippenhauer, N.O.: Swat: a water treatment testbed for research and training on ics security. In: 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36 (2016). https://doi.org/10.1109/CySWater.2016.7469060

  34. Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918 (2009). https://doi.org/10.1109/ALLERTON.2009.5394956

  35. Mo, Y., Sinopoli, B.: Integrity attacks on cyber-physical systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 47–54. HiCoNS ’12, ACM, New York, NY, USA (2012). https://doi.org/10.1145/2185505.2185514

  36. Mohammadi, A., Yang, C., Chen, Q.w.: Attack detection/isolation via a secure multisensor fusion framework for cyberphysical systems. Complexity 2018 (2018)

    Google Scholar 

  37. NIST: Cyber-physical systems (2014). www.nist.gov/el/cyber-physical-systems

  38. Overschee, P.V., Moor, B.D.: Subspace identification for linear systems: theory, implementation, applications. Kluwer Academic Publications, Boston (1996)

    Book  Google Scholar 

  39. Pasqualetti, F., Dorfler, F., Bullo, F.: Attack detection and identification in Cyber-Physical Systems, models and fundamental limitations. IEEE Transactions on Automatic Control 58(11), 2715–2729 (2013)

    Article  MathSciNet  Google Scholar 

  40. Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Analysis of intrusion detection systems in industrial ecosystems. In: SECRYPT, pp. 116–128 (2017)

    Google Scholar 

  41. Sethi, K., Sai Rupesh, E., Kumar, R., Bera, P., Venu Madhav, Y.: A context-aware robust intrusion detection system: a reinforcement learning-based approach. Int. J. Inf. Secur. 19(6), 657–678 (2019). https://doi.org/10.1007/s10207-019-00482-7

  42. Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., Srivastava, M.: Pycra: physical challenge-response authentication for active sensors under spoofing attacks. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1004–1015. CCS ’15, ACM, New York, NY, USA (2015). https://doi.org/10.1145/2810103.2813679

  43. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305–316. IEEE (2010)

    Google Scholar 

  44. Urbina, D.I., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092–1105. ACM (2016)

    Google Scholar 

  45. Wang, X., Luo, X., Zhang, M., Jiang, Z., Guan, X.: Detection and isolation of false data injection attacks in smart grid via unknown input interval observer. IEEE Internet of Things J.7(4), 3214–3229 (2020). https://doi.org/10.1109/JIOT.2020.2966221

  46. Wei, X., Verhaegen, M., van Engelen, T.: Sensor fault detection and isolation for wind turbines based on subspace identification and kalman filter techniques. Int. J. Adapt. Control Signal Process. 24(8), 687–707 (2010). https://doi.org/10.1002/acs.1162

  47. Welch, P.: The use of fast fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms. IEEE Trans. Audio Electroac. 15(2), 70–73 (1967)

    Google Scholar 

  48. Wired: A cyberattack has caused confirmed physical damage for the second time ever (2015). www.wired.com/2015/01/german-steel-mill-hack-destruction/

  49. Yang, T., Murguia, C., Kuijper, M., Nešić, D.: An unknown input multi-observer approach for estimation, attack isolation, and control of lti systems under actuator attacks. In: 2019 18th European Control Conference (ECC), pp. 4350–4355 (2019). https://doi.org/10.23919/ECC.2019.8796178

Download references

Acknowledgements

This research is supported by the National Research Foundation, Singapore, under its National Satellite of Excellence Programme “Design Science and Technology for Secure Critical Infrastructure” (Award Number: NSoE_DeST-SCI2019-0002). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of National Research Foundation, Singapore.

Author information

Authors and Affiliations

  1. Computer and Information Sciences, University of Strathclyde, Glasgow, Scotland

    Chuadhry Mujeeb Ahmed

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Authors
  1. Chuadhry Mujeeb Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chuadhry Mujeeb Ahmed .

Editor information

Editors and Affiliations

  1. University of Geneva, Geneva, Switzerland

    Dimitri Percia David

  2. armasuisse Science and Technology S+T, Thun, Switzerland

    Alain Mermoud

  3. University of Geneva, Geneva, Switzerland

    Thomas Maillart

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmed, C.M., Zhou, J. (2021). Bank of Models: Sensor Attack Detection and Isolation in Industrial Control Systems. In: Percia David, D., Mermoud, A., Maillart, T. (eds) Critical Information Infrastructures Security. CRITIS 2021. Lecture Notes in Computer Science(), vol 13139. Springer, Cham. https://doi.org/10.1007/978-3-030-93200-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93200-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93199-5

  • Online ISBN: 978-3-030-93200-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation