Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Beibei Li,Yuhao Wu,Jiarui Song,Rongxing Lu,Tao Li,Liang Zhao

DOI: https://doi.org/10.1109/tii.2020.3023430

IF: 12.3

2021-08-01

IEEE Transactions on Industrial Informatics

Abstract:The rapid convergence of legacy industrial infrastructures with intelligent networking and computing technologies (e.g., 5G, software-defined networking, and artificial intelligence), have dramatically increased the attack surface of industrial cyber–physical systems (CPSs). However, withstanding cyber threats to such large-scale, complex, and heterogeneous industrial CPSs has been extremely challenging, due to the insufficiency of high-quality attack examples. In this article, we propose a novel federated deep learning scheme, named DeepFed, to detect cyber threats against industrial CPSs. Specifically, we first design a new deep learning-based intrusion detection model for industrial CPSs, by making use of a convolutional neural network and a gated recurrent unit. Second, we develop a federated learning framework, allowing multiple industrial CPSs to collectively build a comprehensive intrusion detection model in a privacy-preserving way. Further, a Paillier cryptosystem-based secure communication protocol is crafted to preserve the security and privacy of model parameters through the training process. Extensive experiments on a real industrial CPS dataset demonstrate the high effectiveness of the proposed DeepFed scheme in detecting various types of cyber threats to industrial CPSs and the superiorities over state-of-the-art schemes.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Liang Xin,Guang He,Zhiqiang Long

DOI: https://doi.org/10.1109/tase.2023.3347538

IF: 6.636

2024-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Cyber-physical systems (CPSs) are increasingly threatened by stealthy false data injection (SFDI) attacks, which compromise system integrity by manipulating control signals and introducing false sensor data. These attacks are particularly challenging due to their diversity and often indistinguishable nature. In response to this issue, our work uncovers the fundamental causes behind SFDI attacks in linear time-invariant (LTI) systems and elucidates the principles enabling their stealth. We present a novel virtual extended system framework designed to eliminate strictly stealthy attacks within the entire CPS. Utilizing deep reinforcement learning (DRL) methodologies, we pioneer the use of detection results for real-time SFDI attack classification. Through numerical simulations, we validate our proposed method’s effectiveness, demonstrating a classification accuracy of no less than 95%. Notably, even in scenarios where attackers manage to breach the framework partially, our method continues to provide a reliable success rate in SFDI attack detection and classification, showcasing its robustness and efficacy. Note to Practitioners—Cyber-physical systems (CPSs), a critical component of modern industries, are becoming increasingly susceptible to stealthy false data injection (SFDI) attacks. These attacks compromise system integrity by subtly manipulating control signals and feeding false sensor data, making them challenging to detect. Our research presents an innovative framework that uses deep reinforcement learning techniques to detect and classify these elusive attacks, achieving a classification accuracy of over 95%. The information on SFDI attack categories, ascertained by this method, lays the groundwork for the development of subsequent defence strategies. For professionals working in sectors reliant on CPSs, such as manufacturing, healthcare, and transportation, this framework offers a promising tool to enhance system security. Even in scenarios where the system has been partially compromised, our method continues to provide reliable detection and classification, underscoring its robustness and practical utility. The system remains effective despite full breach attempts on specific attack types, ensuring resilience against a broad range of SFDI attacks. In conclusion, our research offers a substantial advancement in protecting CPSs against cyber threats.

automation & control systems

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

S. Krishnaveni,Thomas M. Chen,Mithileysh Sathiyanarayanan,B. Amutha

DOI: https://doi.org/10.1007/s10586-024-04320-x

2024-03-21

Cluster Computing

Abstract:The rise of digital twin-based operational improvements poses a challenge to protecting industrial cyber-physical systems. It is crucial to safeguard digital twins while disclosing internals, which can create an increased attack surface. However, leveraging digital twins to simulate attacks on physical infrastructure becomes essential for enhancing ICPS cybersecurity resilience. This paper introduces an integrated intelligent defense framework called CyberDefender to study various attacks on digital twin-based ICPS from a four-layer perspective (i.e., digital twin-based industrial cyber-physical systems infrastructure layer, honeynet and software-defined industrial network layer, intelligent security platform layer, and smart industrial application layer). To demonstrate its feasibility, we implemented a proof-of-concept (PoC) solution using open-source tools, including AWS for cloud infrastructure, T-Pot for Honeynet, Mininet for SDN support, ELK tools for data management, and Docker for containerization. This framework utilizes an integrated intelligent approach to enhance intrusion detection and classification capabilities for digital twin-based industrial cyber-physical systems (DT-ICPS). The proposed intrusion detection system (IDS) combines two strategies to improve security. First, we present an innovative approach to identifying essential features using explainable AI and ensemble-based filter feature selection (XAI-EFFS). By using Shapley Additive Explanations (SHAP), we analyze the impact of different variables on predictive outcomes. Secondly, we propose a hybrid GRU-LSTM deep-learning model for detecting and classifying intrusions. We optimize the hyperparameters of the GRU-LSTM model by using a Bayesian optimization algorithm. The proposed method demonstrates excellent performance, outperforming conventional state-of-the-art techniques with an accuracy rate of 98.96%, which is a remarkable improvement. Additionally, it effectively detects zero-day attacks, contributing to digital twin-based ICPS cybersecurity resilience.

computer science, information systems, theory & methods

Nils Müller,Charalampos Ziras,Kai Heussen

DOI: https://doi.org/10.48550/arXiv.2202.09352

2022-02-18

Cryptography and Security

Abstract:The increasing interaction of industrial control systems (ICSs) with public networks and digital devices introduces new cyber threats to power systems and other critical infrastructure. Recent cyber-physical attacks such as Stuxnet and Irongate revealed unexpected ICS vulnerabilities and a need for improved security measures. Intrusion detection systems constitute a key security technology, which typically monitors cyber network data for detecting malicious activities. However, a central characteristic of modern ICSs is the increasing interdependency of physical and cyber network processes. Thus, the integration of network and physical process data is seen as a promising approach to improve predictability in real-time intrusion detection for ICSs by accounting for physical constraints and underlying process patterns. This work systematically assesses machine learning-based cyber-physical intrusion detection and multi-class classification through a comparison to its purely network data-based counterpart and evaluation of misclassifications and detection delay. Multiple supervised detection and classification pipelines are applied on a recent cyber-physical dataset, which describes various cyber attacks and physical faults on a generic ICS. A key finding is that the integration of physical process data improves detection and classification of all considered attack types. In addition, it enables simultaneous processing of attacks and faults, paving the way for holistic cross-domain root cause identification.

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Cheng Feng,Tingting Li,Zhanxing Zhu,Deeph Chana

DOI: https://doi.org/10.48550/arXiv.1709.06397

2017-09-19

Cryptography and Security

Abstract:Industrial control systems (ICS), which in many cases are components of critical national infrastructure, are increasingly being connected to other networks and the wider internet motivated by factors such as enhanced operational functionality and improved efficiency. However, set in this context, it is easy to see that the cyber attack surface of these systems is expanding, making it more important than ever that innovative solutions for securing ICS be developed and that the limitations of these solutions are well understood. The development of anomaly based intrusion detection techniques has provided capability for protecting ICS from the serious physical damage that cyber breaches are capable of delivering to them by monitoring sensor and control signals for abnormal activity. Recently, the use of so-called stealthy attacks has been demonstrated where the injection of false sensor measurements can be used to mimic normal control system signals, thereby defeating anomaly detectors whilst still delivering attack objectives. In this paper we define a deep learning-based framework which allows an attacker to conduct stealthy attacks with minimal a-priori knowledge of the target ICS. Specifically, we show that by intercepting the sensor and/or control signals in an ICS for a period of time, a malicious program is able to automatically learn to generate high-quality stealthy attacks which can achieve specific attack goals whilst bypassing a black box anomaly detector. Furthermore, we demonstrate the effectiveness of our framework for conducting stealthy attacks using two real-world ICS case studies. We contend that our results motivate greater attention on this area by the security community as we demonstrate that currently assumed barriers for the successful execution of such attacks are relaxed.

Amro A. Nour,Abolfazl Mehbodniya,Julian L. Webber,Ali Bostani,Bhoomi Shah,Beknazarov Zafarjon Ergashevich,K Sathishkumar,Sathishkumar K

DOI: https://doi.org/10.1016/j.compeleceng.2023.108929

2023-08-31

Abstract:Applications of Cyber-Physical Systems (CPSs) greatly influenceseveral industrial sectors. Treating security-related concerns with utmost seriousness is necessary for the CPS to work correctly. Although CPS supervises the manufacturing process, the type and volume of cyberattacks that try to obtain data from CPS are significantly increasing. Since attacks on CPS can disrupt production, cause financial losses, and endanger national security, they must be prevented and detected. The general operation of the physical process can nevertheless be affected, and system failure is caused by specific traditional measures designed to anticipate CPS cyber-attacks. Also, as the system appears to be extremely complicated and no pertinent information about the item under investigation is available, the productive prediction of cyber-attacks in CPS remains a complex problem. This work will handle these issues using the proposed framework using Transfer Learning with the VGG16 model. The proposed TL-VGG16 achieves 96% accuracy, higher than existing CPS intrusion detection techniques.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Syeda Aunanya Mahmud,Nazmul Islam,Zahidul Islam,Ziaur Rahman,Sk. Tanzir Mehedi

DOI: https://doi.org/10.3390/math12203194

IF: 2.4

2024-10-13

Mathematics

Abstract:The Internet of Things (IoT) has revolutionized various industries, but the increased dependence on all kinds of IoT devices and the sensitive nature of the data accumulated by them pose a formidable threat to privacy and security. While traditional IDSs have been effective in securing critical infrastructures, the centralized nature of these systems raises serious data privacy concerns as sensitive information is sent to a central server for analysis. This research paper introduces a Federated Learning (FL) approach designed for detecting intrusions in diverse IoT networks to address the issue of data privacy by ensuring that sensitive information is kept in the individual IoT devices during model training. Our framework utilizes the Federated Averaging (FedAvg) algorithm, which aggregates model weights from distributed devices to refine the global model iteratively. The proposed model manages to achieve above 90% accuracies across various metrics, including precision, recall, and F1 score, while maintaining low computational demands. The results show that the proposed system successfully identifies various types of cyberattacks, including Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), data injection, ransomware, and several others, showcasing its robustness. This research makes a great advancement to the IDSs by providing an efficient and reliable solution that is more scalable and privacy friendly than any of the existing models.

mathematics

Kumar, Prabhat,Islam, A. K. M. Najmul

DOI: https://doi.org/10.1007/s12559-024-10309-w

IF: 4.89

2024-06-11

Cognitive Computation

Abstract:Industrial Cyber-Physical Systems (ICPSs) are becoming more and more networked and essential to modern infrastructure. This has led to an increase in the complexity of their dynamics and the challenges of protecting them from advanced cyber threats have escalated. Conventional intrusion detection systems (IDS) often struggle to interpret high-dimensional, sequential data efficiently and extract meaningful features. They are characterized by low accuracy and a high rate of false positives. In this article, we adopt the computational design science approach to design an IDS for ICPS, driven by Generative AI and cognitive computing. Initially, we designed a Long Short-Term Memory-based Sparse Variational Autoencoder (LSTM-SVAE) technique to extract relevant features from complex data patterns efficiently. Following this, a Bidirectional Recurrent Neural Network with Hierarchical Attention (BiRNN-HAID) is constructed. This stage focuses on proficiently identifying potential intrusions by processing data with enhanced focus and memory capabilities. Next, a Cognitive Enhancement for Contextual Intrusion Awareness (CE-CIA) is designed to refine the initial predictions by applying cognitive principles. This enhances the system's reliability by effectively balancing sensitivity and specificity, thereby reducing false positives. The final stage, Interpretive Assurance through Activation Insights in Detection Models (IAA-IDM), involves the visualizations of mean activations of LSTM and GRU layers for providing in-depth insights into the decision-making process for cybersecurity analysts. Our framework undergoes rigorous testing on two publicly accessible industrial datasets, ToN-IoT and Edge-IIoTset, demonstrating its superiority over both baseline methods and recent state-of-the-art approaches.

computer science, artificial intelligence,neurosciences

Bin Tang,Yan Lu,Qi Li,Yueying Bai,Jie Yu,Xu Yu

DOI: https://doi.org/10.3390/s23031141

2023-01-19

Abstract:Industrial Cyber-Physical Systems (ICPS) connect intelligent manufacturing equipment equipped with sensors, wireless and RFID communication technologies through data interaction, which makes the interior of the factory, even between factories, become a whole. However, intelligent factories will suffer information leakage and equipment damage when being attacked by ICPS intrusion. Therefore, the network security of ICPS cannot be ignored, and researchers have conducted in-depth research on network intrusion detection for ICPS. Though machine learning and deep learning methods are often used for network intrusion detection, the problem of data imbalance can cause the model to pay attention to the misclassification cost of the prevalent class, but ignore that of the rare class, which seriously affects the classification performance of network intrusion detection models. Considering the powerful generative power of the diffusion model, we propose an ICPS Intrusion Detection system based on the Diffusion model (IDD). Firstly, data corresponding to the rare class is generated by the diffusion model, which makes the training dataset of different classes balanced. Then, the improved BiLSTM classification network is trained on the balanced training set. Extensive experiments are conducted to show that the IDD method outperforms the existing baseline method on several available datasets.

Riccardo Colelli,Filippo Magri,Stefano Panzieri,Federica Pascucci

DOI: https://doi.org/10.48550/arXiv.2110.12963

2021-10-25

Cryptography and Security

Abstract:Over the past decade, industrial control systems have experienced a massive integration with information technologies. Industrial networks have undergone numerous technical transformations to protect operational and production processes, leading today to a new industrial revolution. Information Technology tools are not able to guarantee confidentiality, integrity and availability in the industrial domain, therefore it is of paramount importance to understand the interaction of the physical components with the networks. For this reason, usually, the industrial control systems are an example of Cyber-Physical Systems (CPS). This paper aims to provide a tool for the detection of cyber attacks in cyber-physical systems. This method is based on Machine Learning to increase the security of the system. Through the analysis of the values assumed by Machine Learning it is possible to evaluate the classification performance of the three models. The model obtained using the training set, allows to classify a sample of anomalous behavior and a sample that is related to normal behavior. The attack identification is implemented in water tank system, and the identification approach using Machine Learning aims to avoid dangerous states, such as the overflow of a tank. The results are promising, demonstrating its effectiveness.

Colman McGuan,Chansu Yu,Qin Lin

DOI: https://doi.org/10.48550/arXiv.2308.16769

2023-08-31

Cryptography and Security

Abstract:The protection of Industrial Control Systems (ICS) that are employed in public critical infrastructures is of utmost importance due to catastrophic physical damages cyberattacks may cause. The research community requires testbeds for validation and comparing various intrusion detection algorithms to protect ICS. However, there exist high barriers to entry for research and education in the ICS cybersecurity domain due to expensive hardware, software, and inherent dangers of manipulating real-world systems. To close the gap, built upon recently developed 3D high-fidelity simulators, we further showcase our integrated framework to automatically launch cyberattacks, collect data, train machine learning models, and evaluate for practical chemical and manufacturing processes. On our testbed, we validate our proposed intrusion detection model called Minimal Threshold and Window SVM (MinTWin SVM) that utilizes unsupervised machine learning via a one-class SVM in combination with a sliding window and classification threshold. Results show that MinTWin SVM minimizes false positives and is responsive to physical process anomalies. Furthermore, we incorporate our framework with ICS cybersecurity education by using our dataset in an undergraduate machine learning course where students gain hands-on experience in practicing machine learning theory with a practical ICS dataset. All of our implementations have been open-sourced.

Taejun Choi,Guangdong Bai,Ryan K L Ko,Naipeng Dong,Wenlu Zhang,Shunyao Wang

DOI: https://doi.org/10.48550/arXiv.2101.11866

2021-01-28

Abstract:Industrial control systems (ICS) of critical infrastructure are increasingly connected to the Internet for remote site management at scale. However, cyber attacks against ICS - especially at the communication channels between humanmachine interface (HMIs) and programmable logic controllers (PLCs) - are increasing at a rate which outstrips the rate of mitigation. In this paper, we introduce a vendor-agnostic analytics framework which allows security researchers to analyse attacks against ICS systems, even if the researchers have zero control automation domain knowledge or are faced with a myriad of heterogenous ICS systems. Unlike existing works that require expertise in domain knowledge and specialised tool usage, our analytics framework does not require prior knowledge about ICS communication protocols, PLCs, and expertise of any network penetration testing tool. Using `digital twin' scenarios comprising industry-representative HMIs, PLCs and firewalls in our test lab, our framework's steps were demonstrated to successfully implement a stealthy deception attack based on false data injection attacks (FDIA). Furthermore, our framework also demonstrated the relative ease of attack dataset collection, and the ability to leverage well-known penetration testing tools. We also introduce the concept of `heuristic inference attacks', a new family of attack types on ICS which is agnostic to PLC and HMI brands/models commonly deployed in ICS. Our experiments were also validated on a separate ICS dataset collected from a cyber-physical scenario of water utilities. Finally, we utilized time complexity theory to estimate the difficulty for the attacker to conduct the proposed packet analyses, and recommended countermeasures based on our findings.

Cryptography and Security

Zhenyong Zhang,Ruilong Deng,Peng Cheng,Qiang Wei

DOI: https://doi.org/10.1109/jiot.2021.3118065

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the widespread adoption of Internet of Things (IoT) technologies, cyber–physical systems (CPSs) are facing threats from cyberattacks due to the vulnerabilities exposed in IoT devices. In this article, we analyze the feasibility of a coordinated attack, named TD-FDIA, on CPS by the synchronizing the time-delay attack (TDA) and false data injection attack (FDIA). It seems that the coordinated attack is more powerful than either one. But the analysis of its stealthiness and effectiveness is challenging. In the context of the networked control system, we first propose a general formulation for the impact of TD-FDIA on the system’s stability. Then, we analyze whether the combination of TDA and FDIA can destabilize the system and remain stealthy or not with different setups when the controller is with and without an observer, and the communication protocol between the controller and actuator is UDP and TCP, respectively. The conditions required to make TD-FDIA stealthy are given in some cases. Finally, we conduct extensive experiments to evaluate the impact of TDA, FDIA, and TD-FDIA on the system’s stability with three different CPS scenarios.

Fatemeh Akbarian,William Tärneberg,Emma Fitzgerald,Maria Kihl,William Tarneberg

DOI: https://doi.org/10.1109/etfa45728.2021.9613545

2021-09-07

Abstract:With the help of modern technologies and advances in communication systems, the functionality of Industrial control systems (ICS) has been enhanced leading toward to have more efficient and smarter ICS. However, this makes these systems more and more connected and part of a networked system. This can provide an entry point for attackers to infiltrate the system and cause damage with potentially catastrophic consequences. Therefore, in this paper, we propose a digital twin-based security framework for ICS that consists of two parts: attack detection and attack mitigation. In this framework we deploy an intrusion detection system in digital domain that can detect attacks in a timely manner. Then, using our mitigation method, we keep the system stable with acceptable performance during the attack. Additionally, we implement our framework on a real testbed and evaluate its capability by subjecting it to a set of attacks.