Skip to main content
SpringerLink
Log in

Real-time detection of deception attacks in cyber-physical systems

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

A Correction to this article was published on 19 April 2023

This article has been updated

Abstract

Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data availability statement

The datasets generated during and/or analyzed during the current study are available from the corresponding author on reasonable request.

Change history

Notes

  1. In this paper, “normal” refers to the intended behavior of the system without any attack and “abnormal” refers specifically to the abnormal behavior due to attacks.

  2. It should be noted that the observations (control signals) can be either from historical data that has been occurred in the network or modified arbitrarily by an attacker.

References

  1. Anwar, A., Mahmood, A., Ray, B., Mahmud, M.A., Tari, Z.: Machine learning to ensure data integrity in power system topological network database. Electronics 9(4), 693 (2020)

    Article  Google Scholar 

  2. Bengio, Y. , Frasconi, P., Simard, P.Y.: The problem of learning long-term dependencies in recurrent networks. In: Proceedings of International Conference on Neural Networks, ICNN ’88 (1993)

  3. Bishop, C.: Mixture density networks. Technical Report (1994)

  4. Brockman, G., Cheung, V., Pettersson, L., Schneider, J., Schulman, J., Tang, J., Zaremba, W.: Openai gym. CoRR. arXiv:1606.01540 (2016)

  5. Cai, F., Koutsoukos, X.D.: Real-time out-of-distribution detection in learning-enabled cyber-physical systems. In: 11th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS (2020)

  6. Cai, F., Li, J., Koutsoukos, X.D.: Detecting adversarial examples in learning-enabled cyber-physical systems using variational autoencoder for regression. In: IEEE Security and Privacy Workshops (2020)

  7. Cai, F., Ozdagli, A.I., Koutsoukos, X.D.: Detection of dataset shifts in learning-enabled cyber-physical systems using variational autoencoder for regression. In: 4th IEEE International Conference on Industrial Cyber-Physical Systems, ICPS (2021)

  8. Cárdenas, A.A., Amin, S., Sastry, S.: Secure control: towards survivable cyber-physical systems. In: 28th IEEE International Conference on Distributed Computing Systems Workshops (2008)

  9. Depeweg, S., Hernández-Lobato, J.M., Doshi-Velez, F., Udluft, S.: Learning and policy search in stochastic dynamical systems with Bayesian neural networks. In: 5th International Conference on Learning Representations, ICLR (2017)

  10. Dosovitskiy, A., Ros, G., Codevilla, F., López A., Koltun, V.: CARLA: an open urban driving simulator. In: 1st Annual Conference on Robot Learning, CoRL (2017)

  11. Fedorova, V., Gammerman, A.J., Nouretdinov, I., Vovk, V.: Plug-in martingales for testing exchangeability on-line. In: Proceedings of the 29th International Conference on Machine Learning, ICML ’12 (2012)

  12. Feng, Y., Ng, D.J.X., Easwaran, A.: Improving variational autoencoder based out-of-distribution detection for embedded real-time applications. ACM Trans. Embed. Comput. Syst. (TECS) 20(5s), 1–26 (2021)

    Article  Google Scholar 

  13. Ferragut, E.M., Laska, J., Olama, M.M., Ozmen, O.: Real-time cyber-physical false data attack detection in smart grids using neural networks. In: International Conference on Computational Science and Computational Intelligence (CSCI) (2017)

  14. Garip, M.T., Gursoy, M.E., Reiher, P., Gerla, M.: Congestion attacks to autonomous cars using vehicular botnets. In: NDSS Workshop on Security of Emerging Networking Technologies (SENT) (2015)

  15. Goh, J., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: 11th International Conference on Critical Information Infrastructures Security, CRITIS (2016)

  16. Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: 18th IEEE International Symposium on High Assurance Systems Engineering, HASE ’2017 (2017)

  17. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: 3rd International Conference on Learning Representations, ICLR (2015)

  18. Gu, X., Easwaran, A.: Towards safe machine learning for cps: infer uncertainty from training data. In: 10th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS, pp. 249–258 (2019)

  19. Ha, D., Schmidhuber, J.: Recurrent world models facilitate policy evolution. In: Advances in Neural Information Processing Systems, NeurIPS, vol. 31 (2018)

  20. Habler, E., Shabtai, A.: Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages. Comput. Secur. 78, 155–173 (2018)

    Article  Google Scholar 

  21. Hoehn, A., Zhang, P.: Detection of replay attacks in cyber-physical systems. In: American Control Conference, ACC, pp. 290–295. IEEE (2016)

  22. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C.M., Sun, J.: Anomaly detection for a water treatment system using unsupervised machine learning. In: IEEE International Conference on Data Mining Workshops (2017)

  23. Ishimtsev, V., Bernstein, A., Burnaev, E., Nazarov, I.: Conformal \(k\)-NN anomaly detector for univariate data streams. In: Proceedings of Machine Learning Research, vol. 60, pp. 213–227. PMLR (2017)

  24. Kantaros, Y., Carpenter, T.J., Sridhar, K., Yang, Y., Lee, I., Weimer, J.: Real-time detectors for digital and physical adversarial inputs to perception systems. In: 12th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS (2021)

  25. Keahey, K., Anderson, J., Zhen, Z., Riteau, P., Ruth, P., Stanzione, D., Cevik, M., Colleran, J., Gunawi, H.S., Hammock, C., Mambretti, J., Barnes, A., Halbach, F., Rocha, A., Stubbs, J.: Lessons learned from the chameleon testbed. In: USENIX Annual Technical Conference (2020)

  26. Khaitan, S.K., McCalley, J.D.: Design techniques and applications of cyberphysical systems: a survey. IEEE Syst. J. 9(2), 350–365 (2014)

    Article  Google Scholar 

  27. Kingma, D.P., Welling, M.: Auto-encoding variational Bayes. In: 2nd International Conference on Learning Representations, ICLR (2014)

  28. Kravchik, M., Shabtai, A.: Detecting cyber attacks in industrial control systems using convolutional neural networks. In: Proceedings of the 2018 Workshop on Cyber-physical Systems Security and Privacy (2018)

  29. Laxhammar, R., Falkman, G.: Conformal prediction for distribution-independent anomaly detection in streaming vessel data. In: 1st International Workshop on Novel Data Stream Pattern Mining Techniques (2010)

  30. Laxhammar, R., Falkman, G.: Inductive conformal anomaly detection for sequential detection of anomalous sub-trajectories. Ann. Math. Artif. Intell. 74, 67–94 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  31. Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, S.: MAD-GAN: multivariate anomaly detection for time series data with generative adversarial networks. In: 28th International Conference on Artificial Neural Networks, ICANN ’2019 (2019)

  32. Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14(1), 13:1-13:33 (2011)

    Article  Google Scholar 

  33. McAllister, R., Rasmussen, C.E.: Data-efficient reinforcement learning in continuous state-action gaussian-pomdps (2017)

  34. Mo, Y., Sinopoli, B.: Integrity attacks on cyber-physical systems. In: 1st International Conference on High Confidence Networked Systems, HiCoNS (2012)

  35. Mo, Y., Weerakkody, S., Sinopoli, B.: Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. Mag. 35(1), 93–109 (2015)

  36. Nizam, F., Chaki, S., Al Mamun, S., Kaiser, M.S., et al.: Attack detection and prevention in the cyber physical system. In: International Conference on Computer Communication and Informatics (ICCCI) (2016)

  37. Pang, Z.-H., Liu, G., Dong, Z.: Secure networked control systems under denial of service attacks. IFAC Proc. Vol. 44(1), 8908–8913 (2011)

    Article  Google Scholar 

  38. Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning internal representations by error propagation. Technical report, California Univ. San Diego La Jolla Inst for Cognitive Science (1985)

  39. Schmidhuber, J.: On learning to think: algorithmic information theory for novel combinations of reinforcement learning controllers and recurrent neural world models. arXiv preprint arXiv:1511.09249 (2015)

  40. Smith, J., Nouretdinov, I., Craddock, R., Offer, C., Gammerman, A.: Anomaly detection of trajectories with kernel density estimation by conformal prediction. In: International Conference on Artificial Intelligence Applications and Innovations, AIAI (2014)

  41. Srikantha, P., Kundur, D.: Denial of service attacks and mitigation for stability in cyber-enabled power grid. In: 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), pp. 1–5. IEEE (2015)

  42. Su, Y., Zhao, Y., Niu, C., Liu, R., Sun, W., Pei, D.: Robust anomaly detection for multivariate time series through stochastic recurrent neural network. In: 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, KDD (2019)

  43. Zhou, M., Zhang, Z., Xie, L.: Permutation entropy based detection scheme of replay attacks in industrial cyber-physical systems. J. Frankl. Inst. 358(7), 4058–4076 (2021)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Funding

The material presented in this paper is based upon work supported by the National Science Foundation (NSF) under Grant Numbers CNS 1739328 and the Defense Advanced Research Projects Agency (DARPA) through Contract Number FA8750-18-C-0089. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, or NSF.

Author information

Authors and Affiliations

  1. Institute for Software Integrated Systems, Vanderbilt University, Nashville, TN, USA

    Feiyang Cai & Xenofon Koutsoukos

Authors
  1. Feiyang Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xenofon Koutsoukos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Feiyang Cai.

Ethics declarations

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cai, F., Koutsoukos, X. Real-time detection of deception attacks in cyber-physical systems. Int. J. Inf. Secur. 22, 1099–1114 (2023). https://doi.org/10.1007/s10207-023-00677-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00677-z

Keywords

Search

Navigation