Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Haicheng Tu,Yongxiang Xia,Xi Zhang,Hui-liang Shen

DOI: https://doi.org/10.1063/5.0043601

2021-01-01

Chaos An Interdisciplinary Journal of Nonlinear Science

Abstract:With the rapid development of information technology, traditional infrastructure networks have evolved into cyber physical systems (CPSs). However, this evolution has brought along with it cyber failures, in addition to physical failures, which can affect the safe and stable operation of the whole system. In light of this, in this paper, we propose an interdependence-constrained optimization model to improve the robustness of the cyber physical system. The proposed model includes not only the realistic physical law but also the interdependence between the physical network and the cyber network. However, this model is highly nonlinear and cannot be solved directly. Therefore, we transform the model into a bi-level mixed integer linear programming problem, which can be easily and effectively solved in polynomial time. We conduct the simulation based on standard Institute of Electrical and Electronics Engineers test cases and study the impact of the disaster level and coupling strength on the robustness of the whole system. The simulation results show that our proposed model can effectively improve the robustness of the cyber physical system. Moreover, we compare the performance of the power supply in different CPSs, which have different network structures of the cyber network. Our work can provide useful instructions for system operators to improve the robustness of CPSs after extreme events happen in them.

Takumi Akazaki,Shuang Liu,Yoriyuki Yamagata,Yihai Duan,Jianye Hao

DOI: https://doi.org/10.1007/978-3-319-95582-7_27

2018-05-01

Abstract:With the rapid development of software and distributed computing, Cyber-Physical Systems (CPS) are widely adopted in many application areas, e.g., smart grid, autonomous automobile. It is difficult to detect defects in CPS models due to the complexities involved in the software and physical systems. To find defects in CPS models efficiently, robustness guided falsification of CPS is introduced. Existing methods use several optimization techniques to generate counterexamples, which falsify the given properties of a CPS. However those methods may require a large number of simulation runs to find the counterexample and is far from practical. In this work, we explore state-of-the-art Deep Reinforcement Learning (DRL) techniques to reduce the number of simulation runs required to find such counterexamples. We report our method and the preliminary evaluation results.

Software Engineering,Machine Learning

Jiawan Wang,Wenxia Liu,Muzimiao Zhang,Jiaqi Wei,Yuhui Shi,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-031-65633-0_15

2024-01-01

Abstract:Cyber-physical systems (CPSs) are used in many safety-critical areas, making it crucial to ensure their safety. However, with CPSs increasingly dynamically deployed and reconfigured during run-time, their safety analysis becomes challenging. For one thing, reconfigurable CPSs usually consist of multiple agents dynamically connected during runtime. Their highly dynamic system topologies are too intricate for traditional modeling languages, which, in turn, hinders formal analysis. For another, due to the growing size and uncertainty of reconfigurable CPSs, their system models can be huge and even unavailable at design time. This calls for runtime analysis approaches with better scalability and efficiency. To address these challenges, we propose a scenario-based hierarchical modeling language for reconfigurable CPS. It provides template models for agent inherent features, together with an instantiation mechanism to activate single agent's runtime behavior, communication configurations for multiple agents' connected behaviors, and scenario task configurations for their dynamic topologies. We also present a path-oriented falsification approach to falsify system requirements. It employs classification-model-based optimization to explore search space effectively and cut unnecessary system simulations and robustness calculations for efficiency. Our modeling and falsification are implemented in a tool called SNIFF. Experiments have shown that it can largely reduce modeling time and improve modeling accuracy, and perform scalable CPS falsification with high success rates in seconds.

Masaki Waga

DOI: https://doi.org/10.1145/3365365.3382193

2021-11-09

Abstract:For exhaustive formal verification, industrial-scale cyber-physical systems (CPSs) are often too large and complex, and lightweight alternatives (e.g., monitoring and testing) have attracted the attention of both industrial practitioners and academic researchers. Falsification is one popular testing method of CPSs utilizing stochastic optimization. In state-of-the-art falsification methods, the result of the previous falsification trials is discarded, and we always try to falsify without any prior knowledge. To concisely memorize such prior information on the CPS model and exploit it, we employ Black-box checking (BBC), which is a combination of automata learning and model checking. Moreover, we enhance BBC using the robust semantics of STL formulas, which is the essential gadget in falsification. Our experiment results suggest that our robustness-guided BBC outperforms a state-of-the-art falsification tool.

Logic in Computer Science,Systems and Control

Yuqi Chen,Christopher M. Poskitt,Jun Sun

DOI: https://doi.org/10.1109/SP.2018.00016

2018-06-13

Abstract:Cyber-physical systems (CPS) consist of sensors, actuators, and controllers all communicating over a network; if any subset becomes compromised, an attacker could cause significant damage. With access to data logs and a model of the CPS, the physical effects of an attack could potentially be detected before any damage is done. Manually building a model that is accurate enough in practice, however, is extremely difficult. In this paper, we propose a novel approach for constructing models of CPS automatically, by applying supervised machine learning to data traces obtained after systematically seeding their software components with faults ("mutants"). We demonstrate the efficacy of this approach on the simulator of a real-world water purification plant, presenting a framework that automatically generates mutants, collects data traces, and learns an SVM-based model. Using cross-validation and statistical model checking, we show that the learnt model characterises an invariant physical property of the system. Furthermore, we demonstrate the usefulness of the invariant by subjecting the system to 55 network and code-modification attacks, and showing that it can detect 85% of them from the data logs generated at runtime.

Software Engineering,Cryptography and Security,Machine Learning

Lei Bu,Qixin Wang,Xin Chen,Linzhang Wang,Tian Zhang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/2000367.2000368

2011-01-01

Abstract:Many Cyber-Physical Systems (CPS) are highly nondeterministic. This often makes it impractical to model and predict the complete system behavior. To address this problem, we propose that instead of offline modeling and verification, many CPS systems should be modeled and verified online, and we shall focus on the system's time-bounded behavior in short-run future , which is more describable and predictable. Meanwhile, as the system model is generated/updated online, the verification has to be fast. It is meaningless to tell an online model is unsafe when it is already out-dated. To demonstrate the feasibility of our proposal, we study two cases of our ongoing projects, one on the modeling and verification of a train control system, and the other on a Medical Device Plug-and-Play (MDPnP) application. Both cases are about safety-critical CPS systems. Through these two cases, we exemplify how to build online models that describe the time-bounded short-run behavior of CPS systems; and we show that fast online modeling and verification is possible.

Zhenya Zhang,Deyun Lyu,Paolo Arcaini,Lei Ma,Ichiro Hasuo,Jianjun Zhao

DOI: https://doi.org/10.1109/tse.2022.3194640

IF: 7.4

2023-04-21

IEEE Transactions on Software Engineering

Abstract:Modern Cyber-Physical Systems (CPSs) that need to perform complex control tasks (e.g., autonomous driving) are increasingly using AI-enabled controllers, mainly based on deep neural networks (DNNs). The quality assurance of such types of systems is of vital importance. However, their verification can be extremely challenging, due to their complexity and uninterpretable decision logic. Falsification is an established approach for CPS quality assurance, which, instead of attempting to prove the system correctness, aims at finding a time-variant input signal violating a formal specification describing the desired behavior; it often employs a search-based testing approach that tries to minimize the robustness of the specification, given by its quantitative semantics. However, guidance provided by robustness is mostly black-box and only related to the system output, but does not allow to understand whether the temporal internal behavior determined by multiple consecutive executions of the neural network controller has been explored sufficiently. To bridge this gap, in this paper, we make an early attempt at exploring the temporal behavior determined by the repeated executions of the neural network controllers in hybrid control systems and first propose eight time-aware coverage criteria specifically designed for neural network controllers in the context of CPS, which consider different features by design: the simple temporal activation of a neuron, the continuous activation of a neuron for a given duration, and the differential neuron activation behavior over time. Second, we introduce a falsification framework, named FalsifAI, that exploits the coverage information for better falsification guidance. Namely, in- uts of the controller that increase the coverage (so improving the exploration of the DNN behaviors), are prioritized in the exploitation phase of robustness minimization. Our large-scale evaluation over a total of 3 typical CPS tasks, 6 system specifications, 18 DNN models and more than 12,000 experiment runs, demonstrates 1) the advantage of our proposed technique in outperforming two state-of-the-art falsification approaches, and 2) the usefulness of our proposed time-aware coverage criteria for effective falsification guidance.

engineering, electrical & electronic,computer science, software engineering

Lei Bu,Tian Zhang,Xin Chen,Linzhang Wang,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1145/3229783.3229793

2018-01-01

Abstract:By combining communication, computation, and control (3C), Cyber-Physical Systems (CPS)0tightly couple the physical world with the cyber-world, to enable more applications, enhance performance, increase dependability and etc. Among these goals, as CPS are widely used in the safety-critical area, guaranteeing the basic dependability/safety is after all the prerequisite and often the top concern. However, the behavior of CPS is extremely complex. First of all, due to the existence of both discrete control modes transition and continuous real-time behavior in CPS, the behavior of CPS is a complex hybrid state space, which is difficult to understand and handle. Secondly, most CPS applications are working in the open environment and acquiring real-time data from the environment intensively to adjust their own behavior. The dynamic environment makes the behavior space more complex to reason. When a system is too complex to analyze directly, building an abstract model of the system and then conducting analysis on the model to answer questions about the original system is an important and widely-used method. Meanwhile, a reasonable model also plays important roles in the phase of specification, design, development, testing, monitoring and so on. Therefore, it is an important topic of investigating how model-based methods can be applied in the context of CPS to increase the quality and dependability of the system. During the past decade, our research group at Nanjing University has devoted a lot of efforts into this mission. We conducted comprehensive research in a wide spectrum of CPS including model-driven design, verification, control, monitoring, and testing. In this paper, we will make a general review of the progress we made on these directions recently.

Fan Zhang,Qianmei Wu,Bohan Xuan,Yuqi Chen,Wei Lin,Christopher M. Poskitt,Jun Sun,Binbin Chen

DOI: https://doi.org/10.1109/tse.2023.3309330

2020-01-01

Abstract:Cyber-physical systems (CPSs) automating critical public infrastructure face a pervasive threat of attack, motivating research into different types of countermeasures. Assessing the effectiveness of these countermeasures is challenging, however, as benchmarks are difficult to construct manually, existing automated testing solutions often make unrealistic assumptions, and blindly fuzzing is ineffective at finding attacks due to the enormous search spaces and resource requirements. In this work, we propose active sensor fuzzing , a fully automated approach for building test suites without requiring any a prior knowledge about a CPS. Our approach employs active learning techniques. Applied to a real-world water treatment system, our approach manages to find attacks that drive the system into 15 different unsafe states involving water flow, pressure, and tank levels, including nine that were not covered by an established attack benchmark. Furthermore, we successfully generate targeted multi-point attacks which have been long suspected to be possible. We reveal that active sensor fuzzing successfully extends the attack benchmarks generated by our previous work, an ML-guided fuzzing tool, with two more kinds of attacks. Finally, we investigate the impact of active learning on models and the reason that the model trained with active learning is able to discover more attacks.

Yan Zhang,Jin Shi,Tian Zhang,Xiangwei Liu,Zhuzhong Qian

DOI: https://doi.org/10.1016/j.pmcj.2015.07.008

IF: 3.848

2015-01-01

Pervasive and Mobile Computing

Abstract:Cyber–Physical Systems (CPS) are hybrid, safety-critical systems. For finding safety or security hazard in the design phase, modeling for CPS and checking their properties become very important. We focus on the compatibility, i.e., two systems can work together, and behavioral nonexistent consistency, i.e., forbidden behaviors do not occur in a system. Hybrid interface automata (HIA), which extend from interface automata and is not input-enabled, are introduced to model CPS. The compatibility of HIA is checked under an optimistic approach, which means if there is an environment in which two HIA cannot reach an illegal location, namely, at the location one cannot accept the input send by the other, they are compatible. Based on a scenario that specifies forbidden behaviors, behavioral nonexistent consistency is boundedly checked by transforming it to an unconstrained dynamic programming, and solving the programming by a genetic algorithm. The method can directly apply to nonlinear hybrid model. It relaxes a restriction on the form of the system dynamic in traditional algorithms. An experiment and simulation validate our algorithms.

Anthony Corso,Robert J. Moss,Mark Koren,Ritchie Lee,Mykel J. Kochenderfer

DOI: https://doi.org/10.1613/jair.1.12716

2021-10-15

Abstract:Autonomous cyber-physical systems (CPS) can improve safety and efficiency for safety-critical applications, but require rigorous testing before deployment. The complexity of these systems often precludes the use of formal verification and real-world testing can be too dangerous during development. Therefore, simulation-based techniques have been developed that treat the system under test as a black box operating in a simulated environment. Safety validation tasks include finding disturbances in the environment that cause the system to fail (falsification), finding the most-likely failure, and estimating the probability that the system fails. Motivated by the prevalence of safety-critical artificial intelligence, this work provides a survey of state-of-the-art safety validation techniques for CPS with a focus on applied algorithms and their modifications for the safety validation problem. We present and discuss algorithms in the domains of optimization, path planning, reinforcement learning, and importance sampling. Problem decomposition techniques are presented to help scale algorithms to large state spaces, which are common for CPS. A brief overview of safety-critical applications is given, including autonomous vehicles and aircraft collision avoidance systems. Finally, we present a survey of existing academic and commercially available safety validation tools.

Machine Learning,Artificial Intelligence,Systems and Control

Reza Soltani,Eun-Young Kang,Juan Esteban Heredia Mena

DOI: https://doi.org/10.48550/arXiv.2109.01574

2021-09-03

Software Engineering

Abstract:Optimizing CPS behavior in terms of energy consumption can have a significant impact on system reliability. The environment influences the system's behavior, and neglecting the environmental behavior has an indirect negative impact on optimizing the system's behavior. In this work, to increase the system's flexibility, the behavior of the environment is modeled dynamically to apply the disorderliness of its behavior. The resulting models are formally verified. By examining the past environmental behavior and predicting its future behavior, energy optimization is done more dynamically. The verification results acquired using a UPPAAL-SMC show that the optimization of system behavior by predicting the environmental behavior has been successful. Our approach is demonstrated using a case study within an I4 setting.

Jiang,Hui-Liang Shen,Yongxiang Xia,Herbert H. C. Iu

DOI: https://doi.org/10.1109/iscas51556.2021.9401252

2021-01-01

Abstract:In the modern society, physical infrastructure and information technology are inseparable. The concept of cyber-physical systems (CPSs) is then proposed and has been widely concerned by researchers in recent years. Various models have been introduced to meet the actual needs. In one type of those models, the physical part and the cyber part are coupled and influence each other. The cyber part monitors and controls the physical part, but at the same time it may also bring certain harm; the fault in one part may also be transmitted to the other and affect the performance of the counterpart. Here, this paper introduces an asymmetric interdependent model and studies how the coupling pattern of CPSs affects the system robustness. In addition, the coupling pattern of CPSs is optimized by using the simulated annealing (SA) algorithm to reduce the performance loss. The results of this paper may find applications in the future CPS planning.

Danial Abshari,Chenglong Fu,Meera Sridhar

2024-11-17

Abstract:Modern industrial infrastructures rely heavily on Cyber-Physical Systems (CPS), but these are vulnerable to cyber-attacks with potentially catastrophic effects. To reduce these risks, anomaly detection methods based on physical invariants have been developed. However, these methods often require domain-specific expertise to manually define invariants, making them costly and difficult to scale. To address this limitation, we propose a novel approach to extract physical invariants from CPS testbeds for anomaly detection. Our insight is that CPS design documentation often contains semantically rich descriptions of physical procedures, which can profile inter-correlated dynamics among system components. Leveraging the built-in physics and engineering knowledge of recent generative AI models, we aim to automate this traditionally manual process, improving scalability and reducing costs. This work focuses on designing and optimizing a Retrieval-Augmented-Generation (RAG) workflow with a customized prompting system tailored for CPS documentation, enabling accurate extraction of semantic information and inference of physical invariants from complex, multimodal content. Then, rather than directly applying the inferred invariants for anomaly detection, we introduce an innovative statistics-based learning approach that integrates these invariants into the training dataset. This method addresses limitations such as hallucination and concept drift, enhancing the reliability of the model. We evaluate our approach on real-world public CPS security dataset which contains 86 data points and 58 attacking cases. The results show that our approach achieves a high precision of 0.923, accurately detecting anomalies while minimizing false alarms.

Cryptography and Security,Artificial Intelligence

Lei Bu,Qixin Wang,Xinyue Ren,Shaopeng Xing,Xuandong Li

DOI: https://doi.org/10.1109/tcad.2019.2935062

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Unlike standalone embedded devices, behaviors of a cyber-physical system (CPS) are highly dynamic. Many parameter values (e.g., those related to nature environment and third party black box functions) are unknown offline. Furthermore, distributed sub-CPSs may exchange data online. In this article, we first propose the concept of parametric hybrid automata (PHA) to describe such complex CPSs. As some PHA parameter values are unknown until runtime, conventional offline model checking is infeasible. Instead, we propose to carry out PHA model checking online, as a fault prediction mechanism. However, this usage is challenged by the high time cost of state reachability verification, which is the conventional focus of model checking. To address this challenge, we propose that the model checking shall focus on online scenario reachability validation instead. Furthermore, we propose a mechanism to compose/decompose scenarios. Our scenario reachability validation can exploit linear programming to achieve polynomial time cost. Evaluations on a state-of-the-art train control system show that our approach can cut online model checking time cost from over 1 h to within 200 ms.

Emmanuel Ledinot

DOI: https://doi.org/10.48550/arXiv.2104.13210

2021-04-26

Abstract:Virtualization of computing and networking, IT-OT convergence, cybersecurity and AI-based enhancement of autonomy are significantly increasing the complexity of CPS and CPSoS. New challenges have emerged to demonstrate that these systems are safe and secure. We emphasize the role of control and emerging fields therein, like symbolic control or set-based fault-tolerant and decentralized control, to address safety. We have chosen three open verification problems we deem central in cost-effective development and certification of safety critical CPSoS. We review some promising threads of research that could lead in the long term to a scalable and powerful verification strategy. Its main components are set-based and invariant-based design, contracts, adversarial testing, algorithmic geometry of dynamics, and probabilistic estimation derived from compositional massive testing. To explore these orientations in collaborative projects, and to promote them in certification arenas, we propose to continue and upgrade an open innovation drone-based use case that originated from a collaborative research project in aeronautic certification reformation

Systems and Control,Symbolic Computation

Ezio Bartocci,Niveditha Manjunath,Leonardo Mariani,Cristinel Mateis,Dejan Ničković

DOI: https://doi.org/10.48550/arXiv.1903.12468

2019-03-29

Abstract:Debugging Cyber-Physical System (CPS) models can be extremely complex. Indeed, only the detection of a failure is insuffcient to know how to correct a faulty model. Faults can propagate in time and in space producing observable misbehaviours in locations completely different from the location of the fault. Understanding the reason of an observed failure is typically a challenging and laborious task left to the experience and domain knowledge of the designer. \n In this paper, we propose CPSDebug, a novel approach that by combining testing, specification mining, and failure analysis, can automatically explain failures in Simulink/Stateflow models. We evaluate CPSDebug on two case studies, involving two use scenarios and several classes of faults, demonstrating the potential value of our approach.

Software Engineering,Logic in Computer Science

Yan Zhang,Xiangwei Liu,Jin Shi,Tian Zhang,Zhuzhong Qian

DOI: https://doi.org/10.1109/IMIS.2014.8

2014-01-01

Abstract:Cyber-Physical Systems (CPS) play an important role in the safety-critical systems. It is very significant to verify whether some concerned behaviors exist in a CPS. Hybrid interface automata, extension of a non-hybrid version, are used to model a CPS. A scenario, described by MARTE sequence diagram, specifies the concerned behaviors. An algorithm is given for bounded checking the behavioral nonexistent consistency, namely, the behaviors specified by a scenario all do not exist in a hybrid interface automaton. The idea of the algorithm is, firstly, encoding the behavioral nonexistent consistency to an unconstrained dynamic programming, secondly, solving the unconstrained dynamic programming by a genetic algorithm. The algorithm can search the results on the real domain, and be applied to nonlinear as well as linear hybrid systems.

Wenhua Yang,Chang Xu,Minxue Pan,Yu Zhou,Zhiqiu Huang

DOI: https://doi.org/10.1109/tr.2022.3167116

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:Cyber-physical systems (CPSs) are complex ensembles of physical and cyber components that cooperate to offer dynamic and adaptive functionalities. Uncertainty can arise from a plethora of sources in the entangled components, ranging from the unreliable perception, the nondeterministic action effects, to even the changes in the environment. Existing controlling approaches, such as those using Markov decision process, have limited ability in handling uncertainty. To address the challenge, in this article, we novelly propose using partially observable Markov decision processes (POMDPs) to model CPS under uncertainty and show that common types of uncertainties can be modeled by partial observations and nondeterministic actions over probabilistic distributions. With POMDPs, strategies that can optimally control CPS are synthesized. We further propose a strategywise verification method, which resolves the difficult problem of verifying the entire POMDP, to offer reliable controlling strategies. Experiments on two representative cases of CPS show promising results compared with existing approaches.