ABSTRACT
In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.
- EPANET: software that models the hydraulic and water quality behavior of water distribution piping systems. https://www.epa.gov/water-research/epanet. Accessed: 2016-03--29.Google Scholar
- I. C. 2014. Ics-mm201408: May-august 2014. Report no., U.S. Department of Homeland Security-Industrial Control Systems-Cyber Emergency Response Team, Washington, D.C. Available online at https://ics-cert.us-cert.gov., 2014.Google Scholar
- B. Adams, W. Woodall, and C. Lowry. The use (and misuse) of false alarm probabilities in control chart design. Frontiers in Statistical Quality Control 4, pages 155--168, 1992.Google ScholarCross Ref
- C. M. Ahmed, A.Sridhar, and M. Aditya. Limitations of state estimation based cyber attack detection schemes in industrial control systems. In IEEE Smart City Security and Privacy Workshop, CPSWeek, 2016.Google ScholarCross Ref
- S. Amin, X. Litrico, S. Sastry, and A. M. Bayen. Cyber security of water scada systems-part i: analysis and experimentation of stealthy deception attacks. IEEE Transactions on Systems Technology, pages 1963--1970, 2013a.Google ScholarCross Ref
- S. Amin, X. Litrico, S. Sastry, and A. M. Bayen. Cyber security of water scada systems-part ii: Attack detection using enhanced hydrodynamic models. IEEE Transactions on Systems Technology, pages 1679--1693, 2013b.Google ScholarCross Ref
- K. J. Aström and B. Wittenmark. Computer-controlled Systems (3rd Ed.). Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1997. Google ScholarDigital Library
- A. Bobat, T. Gezgin, and H. Aslan. The scada system applications in management of yuvacik dam and reservoir. Desalination and Water Treatment, 2015.Google Scholar
- A. Cardenas, S. Amin, Z. Lin, Y. Huang, C. Huang, and S. Sastry. Attacks against process control systems: Risk assessment, detection, and response. In 6th ACM Symposium on Information, Computer and Communications Security, pages 355--366, 2011. Google ScholarDigital Library
- J. Giraldo, A. Cardenas, and N. Quijano. Integrity attacks on realtime pricing in smart grids: Impact and countermeasures. IEEE Transactions on Smart Grid, 2016.Google Scholar
- Y. Gu, T. Liu, D. Wang, X. Guan, and Z. Xu. Bad data detection method for smart grids based on distributed estimation. In IEEE ICC, 2013.Google ScholarCross Ref
- R. A. Horn and C. R. Johnson. Matrix Analysis. Cambridge University Press, New York, NY, USA, 2nd edition, 2012. Google ScholarDigital Library
- C. Kwon, W. Liu, and I. Hwang. Security analysis for cyber-physical systems against stealthy deception attacks. In American Control Conference (ACC), pages 3344--3349, 2013.Google Scholar
- E. A. Lee. Cyber physical systems: Design challenges. In EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2008--8. http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS- 2008--8.html, Jan. 2008.Google Scholar
- N. Lehtinen. Error functions. Stanford University,Webpage:http://nlpc.stanford.edu/nleht/ Science/reference/errorfun.pdf, April 2010.Google Scholar
- F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas. Coding sensor outputs for injection attacks detection. In IEEE conference in Decision and Control (CDC), pages 5776--5781, 2014.Google ScholarCross Ref
- L. Mili, T. Cutsen, and M.R.-Pavella. Bad data identification methods in power system state estimation - a comparative study. IEEE Trans. on Power Apparatus and Systems, 1985.Google Scholar
- Y. Mo, E. Garone, A. Casavola, and B. Sinopoli. False data injection attacks against state estimation in wireless sensor networks. In IEEE conference in Decision and Control (CDC), pages 5967--5972, 2010.Google ScholarCross Ref
- C. Murguia and J. Ruths. Characterization of a cusum model-based sensor attack detector. In 55th IEEE Conference on Decision and Control Conference (CDC), 2016.Google ScholarCross Ref
- C. Murguia and J. Ruths. Cusum and chi-squared attack detection of compromised sensors. In 2016 IEEE Conference on Control Applications (CCA), pages 474--480, Sept 2016.Google ScholarCross Ref
- P. V. Overschee and B. D. Moor. Subspace identification for linear systems: theory, implementation, applications. Boston: Kluwer Academic Publications, 1996.Google Scholar
- E. Page. Continuous inspection schemes. Biometrika, 41:100--115, 1954.Google ScholarCross Ref
- L. Perelman and S. Amin. A network interdiction model for analyzing the vulnerability of water distribution systems. In Proceedings of the 3rd international conference on High confidence networked systems, ACM., pages 135--144, 2014. Google ScholarDigital Library
- M. Ross. Introduction to Probability Models, Ninth Edition. Academic Press, Inc., Orlando, FL, USA, 2006. Google ScholarDigital Library
- J. Slay and M. Miller. Lessons learned from the maroochy water breach. Springer 620 US, Boston, MA, pages 73--82, 2008.Google Scholar
- A. Sridhar and M. Aditya. Generalized attacker and attack models for cyber physical systems. In 40th IEEE COMPSAC, 2016.Google Scholar
- C. van Dobben de Bruyn. Cumulative sum tests : theory and practice. London : Griffin, 1968.Google Scholar
Index Terms
- Model-based Attack Detection Scheme for Smart Water Distribution Networks
Recommendations
Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?
Special Issue on Security and Privacy for Connected CPSIndustrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-...
DDoSniffer: Detecting DDoS attack at the source agents
Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite the existing defence mechanisms, attackers manage to build large sets of impersonated hosts. Our approach consists in detecting DDoS directly on these ...
Super Detector: An Ensemble Approach for Anomaly Detection in Industrial Control Systems
Critical Information Infrastructures SecurityAbstractIndustrial Control Systems encompass supervisory systems (SCADA) and cyber-physical components (sensors/actuators), which are typically deployed in critical infrastructure to control physical processes. Their interconnectedness and controllability ...
Comments