Abstract
Attacks on sensor measurements can take the system to an unwanted state. The disadvantage of using a system model-based approach for attack detection is that it could not isolate which sensor was under attack. For example, if one of two sensors that are physically coupled is under attack, the attack would reflect in both. In this work, we propose an attack detection and isolation technique using a multi-model framework named Bank of Models (BoM) in which the same process will be represented by multiple system models. This technique can achieve higher accuracy for attack detection with low false alarm rates. We make extensive empirical performance evaluation on a realistic ICS testbed to demonstrate the viability of this technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, C.M., A.Sridhar, M., A.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: IEEE Smart City Security and Privacy Workshop, CPSWeek (2016)
Ahmed, C.M., Mathur, A.P.: Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In: Proceedings of the 6th ACM on Cyber-Physical System Security Workshop. p. 23–29. CPSS ’20, Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3384941.3409588
Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 101–113. ASIA CCS ’17, ACM, New York, NY, USA (2017). https://doi.org/10.1145/3052973.3053011
Ahmed, C.M., et al.: Noiseprint: Attack detection using sensor and process noise fingerprint in cyber physical systems. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 483–497. ASIACCS ’18, ACM, New York, NY, USA (2018). https://doi.org/10.1145/3196494.3196532
Ahmed, C.M., Zhou, J.: Challenges and opportunities in cyberphysical systems security: a physics-based perspective. IEEE Secur. Privacy 18(6), 14–22 (2020)
Aström, K.J., Wittenmark, B.: Computer-controlled Systems, 3rd edn. Prentice-Hall Inc, Upper Saddle River, NJ, USA (1997)
Athalye, S., Ahmed, C.M., Zhou, J.: A tale of two testbeds: a comparative study of attack detection techniques in cps. In: International Conference on Critical Information Infrastructures Security, pp. 17–30. Springer (2020). https://doi.org/10.1007/978-3-030-58295-1_2
Cardenas, A., Amin, S., Lin, Z., Huang, Y., Huang, C., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366 (2011)
Case, D.U.: Analysis of the cyber attack on the ukrainian power grid (2016)
Chang, C.C., Lin, C.J.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 1–27 (2011) www.csie.ntu.edu.tw/cjlin/libsvm
Chen, Y., Poskitt, C.M., Sun, J.: Learning from mutants: using code mutation to learn and monitor invariants of a cyber-physical system. IEEE Security and Privacy 2018 abs/1801.00903 (2018). arxiv.org/abs/1801.00903
CNN: Staged cyber attack reveals vulnerability in power grid (2007). edition.cnn.com/2007/US/09/26/power.at.risk/index.html, year
Dan, G., Sandberg, H.: Stealth attacks and protection schemes for state estimators in power systems. In: Smart Grid Communications (SmartGridComm), 2010 First IEEE International Conference on, pp. 214–219. IEEE (2010)
Ding, S.X.: Model-based fault diagnosis techniques: design schemes, algorithms, and tools. Springer Sci. Business Media (2008)
Esfahani, P.M., Vrakopoulou, M., Andersson, G., Lygeros, J.: A tractable nonlinear fault detection and isolation technique with application to the cyber-physical security of power systems. In: Proceedings of the 51st IEEE Conference on Decision and Control, pp. 3433–3438 (2012)
Falliere, N., Murchu, L., Chien, E.: W32 stuxnet dossier. symantec, version 1.4 (2011). www.symantec.com/content/en/us/enterprise/media/security
Fawzi, H., Tabuada, P., Diggavi, S.: Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Autom. Control 59(6), 1454–1467 (2014)
Filonov, P., Kitashov, F., Lavrentyev, A.: Rnn-based early cyber-attack detection for the tennessee eastman process. arXiv preprint arXiv:1709.02232 (2017)
Filonov, P., Lavrentyev, A., Vorontsov, A.: Multivariate industrial time series with cyber-attack simulation: fault detection using an lstm-based predictive data model. arXiv preprint arXiv:1612.06676 (2016)
Garcia, L., Brasser, F., Cintuglu, M.H., Sadeghi, A.R., Mohammed, O., Zonouz, S.A.: Hey, my malware knows physics! attacking plcs with physical model aware rootkit. In: 24th Annual Network and Distributed System Security Symposium (NDSS) (Feb 2017)
Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) Critical Information Infrastructures Security, pp. 88–99. Springer International Publishing, Cham (2017)
Gollmann, D., Krotofil, M.: Cyber-physical systems security, pp. 195–204. Springer, Berlin Heidelberg (2016). https://doi.org/10.1007/978-3-662-49301-4_14
Huda, S., Yearwood, J., Hassan, M.M., Almogren, A.: Securing the operations in scada-iot platform based industrial control system using ensemble of deep belief networks. Appl. Soft Comput. 71, 66–77 (2018)
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065. IEEE (2017)
iTrust: Sutd security showdown. itrust.sutd.edu.sg/scy-phy-systems-week/2017-2/s317-event/ year = 2017
Kravchik, M., Shabtai, A.: Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, pp. 72–83. ACM (2018)
Krotofil, M., Cárdenas, A.A.: Is this a good time? deciding when to launch attacks on process control systems. In: Proceedings of the 3rd International Conference on High Confidence Networked Systems, p. 65–66. HiCoNS ’14, Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2566468.2576852
Krotofil, M., Cárdenas, A.A., Manning, B., Larsen, J.: Cps: driving cyber-physical systems to unsafe operating conditions by timing dos attacks on sensor signals. In: Proceedings of the 30th Annual Computer Security Applications Conference, p. 146–155. ACSAC ’14, Association for Computing Machinery, New York, NY, USA (2014). https://doi.org/10.1145/2664243.2664290
Krotofil, M., Larsen, J., Gollmann, D.: The process matters: ensuring data veracity in cyber-physical systems. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, pp. 133–144. ASIA CCS ’15, ACM, New York, NY, USA (2015). https://doi.org/10.1145/2714576.2714599
Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 670–675 (2013). https://doi.org/10.1109/INDIN.2013.6622964
Li, X., Ye, N.: Decision tree classifiers for computer intrusion detection. J. Parallel Distrib Comput Practices 4(2), 179–190 (2001)
Liu, Y., Ning, P., Reiter, M.: False data injection attacks against state estimation in electric power grids. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 21–32 (2009)
Mathur, A.P., Tippenhauer, N.O.: Swat: a water treatment testbed for research and training on ics security. In: 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36 (2016). https://doi.org/10.1109/CySWater.2016.7469060
Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918 (2009). https://doi.org/10.1109/ALLERTON.2009.5394956
Mo, Y., Sinopoli, B.: Integrity attacks on cyber-physical systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 47–54. HiCoNS ’12, ACM, New York, NY, USA (2012). https://doi.org/10.1145/2185505.2185514
Mohammadi, A., Yang, C., Chen, Q.w.: Attack detection/isolation via a secure multisensor fusion framework for cyberphysical systems. Complexity 2018 (2018)
NIST: Cyber-physical systems (2014). www.nist.gov/el/cyber-physical-systems
Overschee, P.V., Moor, B.D.: Subspace identification for linear systems: theory, implementation, applications. Kluwer Academic Publications, Boston (1996)
Pasqualetti, F., Dorfler, F., Bullo, F.: Attack detection and identification in Cyber-Physical Systems, models and fundamental limitations. IEEE Transactions on Automatic Control 58(11), 2715–2729 (2013)
Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Analysis of intrusion detection systems in industrial ecosystems. In: SECRYPT, pp. 116–128 (2017)
Sethi, K., Sai Rupesh, E., Kumar, R., Bera, P., Venu Madhav, Y.: A context-aware robust intrusion detection system: a reinforcement learning-based approach. Int. J. Inf. Secur. 19(6), 657–678 (2019). https://doi.org/10.1007/s10207-019-00482-7
Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., Srivastava, M.: Pycra: physical challenge-response authentication for active sensors under spoofing attacks. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1004–1015. CCS ’15, ACM, New York, NY, USA (2015). https://doi.org/10.1145/2810103.2813679
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305–316. IEEE (2010)
Urbina, D.I., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092–1105. ACM (2016)
Wang, X., Luo, X., Zhang, M., Jiang, Z., Guan, X.: Detection and isolation of false data injection attacks in smart grid via unknown input interval observer. IEEE Internet of Things J.7(4), 3214–3229 (2020). https://doi.org/10.1109/JIOT.2020.2966221
Wei, X., Verhaegen, M., van Engelen, T.: Sensor fault detection and isolation for wind turbines based on subspace identification and kalman filter techniques. Int. J. Adapt. Control Signal Process. 24(8), 687–707 (2010). https://doi.org/10.1002/acs.1162
Welch, P.: The use of fast fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms. IEEE Trans. Audio Electroac. 15(2), 70–73 (1967)
Wired: A cyberattack has caused confirmed physical damage for the second time ever (2015). www.wired.com/2015/01/german-steel-mill-hack-destruction/
Yang, T., Murguia, C., Kuijper, M., Nešić, D.: An unknown input multi-observer approach for estimation, attack isolation, and control of lti systems under actuator attacks. In: 2019 18th European Control Conference (ECC), pp. 4350–4355 (2019). https://doi.org/10.23919/ECC.2019.8796178
Acknowledgements
This research is supported by the National Research Foundation, Singapore, under its National Satellite of Excellence Programme “Design Science and Technology for Secure Critical Infrastructure” (Award Number: NSoE_DeST-SCI2019-0002). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of National Research Foundation, Singapore.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ahmed, C.M., Zhou, J. (2021). Bank of Models: Sensor Attack Detection and Isolation in Industrial Control Systems. In: Percia David, D., Mermoud, A., Maillart, T. (eds) Critical Information Infrastructures Security. CRITIS 2021. Lecture Notes in Computer Science(), vol 13139. Springer, Cham. https://doi.org/10.1007/978-3-030-93200-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-93200-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93199-5
Online ISBN: 978-3-030-93200-8
eBook Packages: Computer ScienceComputer Science (R0)