Multistage Downstream Attack Detection in a Cyber Physical System

Qadeer, Rizwan; Murguia, Carlos; Ahmed, Chuadhry Mujeeb; Ruths, Justin

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Qadeer, Rizwan; Murguia, Carlos; Ahmed, Chuadhry Mujeeb et al.

2017 • In 3rd Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems In Conjunction With ESORICS 2017

Peer reviewed

Permalink
https://hdl.handle.net/10993/35400

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper_13.pdf

Publisher postprint (3.38 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

CPS Security, Critical Infrastructure Security; ICS Security; Water Treatment Systems

Abstract :

[en] We present a detection scheme for attacks on a Cyber-Physical System (CPS) in which we leverage the connectivity of a multistage process to detect attacks downstream from the point of attack. Our methods form a control theoretic approach to CPS security by characterizing a real water treatment facility with a mathematical model; obtaining a residual (error) signal from sensor measurements and sensor measurement estimates; and finally using Cumulative Sum (CUSUM) and Bad-Data detection methods to detect the presence of a sensor attack. In particular, the attacks are designed so that they do not raise alarms on the detectors in the same stage where the attack takes place, requiring detection to take place on a separate part of the system. Proposed scheme is implemented on a real world water treatment facility. Extensive experiments are carried out and results show the significance of the proposed scheme.

Disciplines :

Computer science

Author, co-author :

Qadeer, Rizwan ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC)

Murguia, Carlos; University of Melbourne

Ahmed, Chuadhry Mujeeb; Singapore University of Technology and Design

Ruths, Justin; The University of Texas at Dallas

External co-authors :

yes

Language :

English

Title :

Multistage Downstream Attack Detection in a Cyber Physical System

Publication date :

September 2017

Event name :

3rd Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems In Conjunction With ESORICS 2017

Event place :

Oslo, Norway

Event date :

15-09-2017 to 20-09-2017

Audience :

International

Main work title :

3rd Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems In Conjunction With ESORICS 2017

Publisher :

Springer

ISBN/EAN :

978-3-319-72817-9

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 30 March 2018

Statistics

Number of views

119 (37 by Unilu)

Number of downloads

311 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Ahmed, C.M., Sridhar, A., Aditya, M.: Limitations of state estimation based cyber attack detection schemes in industrial control systems. In: IEEE Smart City Security and Privacy Workshop, CPSWeek (2016)
Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 101–113. ACM, New York (2017). http://doi.acm.org/10.1145/3052973.3053011
Bai, C.Z., Gupta, V.: On Kalman filtering in the presence of a compromised sensor: fundamental performance bounds. In: 2014 American Control Conference, pp. 3029–3034. IEEE (2014)
Bai, C.Z., Pasqualetti, F., Gupta, V.: Security in stochastic control systems: fundamental limitations and performance bounds. In: 2015 American Control Conference (ACC), pp. 195–200. IEEE (2015)
Cardenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366. ACM (2011)
ICS-CERT: Ics-mm201408: May-august 2014. Report no., U.S. Department of Homeland Security-Industrial Control Systems-Cyber Emergency Response Team, Washington, D.C. (2014). https://ics-cert.us-cert.gov
Kwon, C., Liu, W., Hwang, I.: Security analysis for cyber-physical systems against stealthy deception attacks. In: American Control Conference (ACC), pp. 3344–3349 (2013)
Lee, E.A.: Cyber physical systems: design challenges. EECS Department, University of California, Berkeley, Technical report UCB/EECS-2008-8, January 2008. http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-8.html
Miao, F., Zhu, Q., Pajic, M., Pappas, G.J.: Coding sensor outputs for injection attacks detection. In: IEEE Conference in Decision and Control (CDC), pp. 5776– 5781 (2014)
Mo, Y., Garone, E., Casavola, A., Sinopoli, B.: False data injection attacks against state estimation in wireless sensor networks. In: 49th IEEE Conference on Decision and Control (CDC), pp. 5967–5972. IEEE (2010)
Mujeeb, C.A., Mathur, A.P.: Hardware identification via sensor fingerprinting in a cyber physical system. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 517–524. IEEE (2017)
Murguia, C., Ruths, J.: Characterization of a CUSUM model-based sensor attack detector. In: 55th IEEE Conference on Decision and Control Conference (CDC) (2016)
Murguia, C., Ruths, J.: CUSUM and chi-squared attack detection of compromised sensors. In: 2016 IEEE Conference on Control Applications (CCA), pp. 474–480, September 2016
Pasqualetti, F., Dörfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)
Ross, M.: Introduction to Probability Models, 9th edn. Academic Press Inc., Orlando (2006)
Sridhar, A., Aditya, M.: Generalized attacker and attack models for cyber physical systems. In: 40th IEEE COMPSAC (2016)
Urbina, D., Giraldo, J., Tippenhauer, N.O., Cardenas, A.: Attacking Fieldbus communications in ICS: applications to the SWaT Testbed. In: Singapore Cyber-Security Conference (SG-CRC), vol. 14, pp. 75–89 (2016)
Urbina, D.I., Giraldo, J., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: ACM CCS 3(iii) (2016)