Yifan Jia,Jingyi Wang,Christopher M. Poskitt,Sudipta Chattopadhyay,Jun Sun,Yuqi Chen

DOI: https://doi.org/10.1016/j.ijcip.2021.100452

IF: 3.683

2021-01-01

International Journal of Critical Infrastructure Protection

Abstract:The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated research into a multitude of attack detection mechanisms, including anomaly detectors based on neural network models. The effectiveness of anomaly detectors can be assessed by subjecting them to test suites of attacks, but less consideration has been given to adversarial attackers that craft noise specifically designed to deceive them. While successfully applied in domains such as images and audio, adversarial attacks are much harder to implement in CPSs due to the presence of other built-in defence mechanisms such as rule checkers (or invariant checkers). In this work, we present an adversarial attack that simultaneously evades the anomaly detectors and rule checkers of a CPS. Inspired by existing gradient-based approaches, our adversarial attack crafts noise over the sensor and actuator values, then uses a genetic algorithm to optimise the latter, ensuring that the neural network and the rule checking system are both deceived. We implemented our approach for two real-world critical infrastructure testbeds, successfully reducing the classification accuracy of their detectors by over 50% on average, while simultaneously avoiding detection by rule checkers. Finally, we explore whether these attacks can be mitigated by training the detectors on adversarial samples.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Qinghua Xu,Shaukat Ali,Tao Yue

DOI: https://doi.org/10.1109/ICST49551.2021.00031

2021-01-01

Abstract:Cyber-Physical Systems (CPS) are susceptible to various anomalies during their operations. Thus, it is important to detect such anomalies. Detecting such anomalies is challenging since it is uncertain when and where anomalies can happen. To this end, we present a novel approach called Anomaly deTection with digiTAl twIN (ATTAIN), which continuously and automatically builds a digital twin with live...

Jiang Jiang,Yongxiang Xia,Sheng Xu,Hui-Liang Shen,Jiajing Wu

DOI: https://doi.org/10.1063/1.5139254

2020-01-01

Abstract:Cyber-physical systems (CPSs) are integrations of information technology and physical systems, which are more and more significant in society. As a typical example of CPSs, smart grids integrate many advanced devices and information technologies to form a safer and more efficient power system. However, interconnection with the cyber network makes the system more complex, so that the robustness assessment of CPSs becomes more difficult. This paper proposes a new CPS model from a complex network perspective. We try to consider the real dynamics of cyber and physical parts and the asymmetric interdependency between them. Simulation results show that coupling with the communication network makes better robustness of power system. But since the influences between the power and communication networks are asymmetric, the system parameters play an important role to determine the robustness of the whole system.

Jiang,Hui-Liang Shen,Yongxiang Xia,Herbert H. C. Iu

DOI: https://doi.org/10.1109/iscas51556.2021.9401252

2021-01-01

Abstract:In the modern society, physical infrastructure and information technology are inseparable. The concept of cyber-physical systems (CPSs) is then proposed and has been widely concerned by researchers in recent years. Various models have been introduced to meet the actual needs. In one type of those models, the physical part and the cyber part are coupled and influence each other. The cyber part monitors and controls the physical part, but at the same time it may also bring certain harm; the fault in one part may also be transmitted to the other and affect the performance of the counterpart. Here, this paper introduces an asymmetric interdependent model and studies how the coupling pattern of CPSs affects the system robustness. In addition, the coupling pattern of CPSs is optimized by using the simulated annealing (SA) algorithm to reduce the performance loss. The results of this paper may find applications in the future CPS planning.

Tianyu Zhao,Ernest Foo,Hui Tian

DOI: https://doi.org/10.48550/arXiv.2204.13859

2022-04-29

Abstract:Currently, most of the research in digital twins focuses on simulation and optimization. Digital twins are especially useful for critical systems. However, digital twins can also be used for safety and cyber security. The idea of this paper is motivated by the limitations of cyber security in Cyber-Physical Systems (CPSs). We introduce an efficient synchronization approach to maintain the state between the virtual environment and the physical environment. In this case, we can receive prompt feedback by conducting security analysis in the virtual domain. Thus, helping to enhance the cyber security of CPSs, we propose a digital twin-based framework. Based on the approach, the security of the CPSs can be protected by the digital twin system. Moreover, the proposed architecture has also been optimized to meet the security requirements and maintain less network burden for CPSs

Cryptography and Security

Yuan Luo,Ya Xiao,Long Cheng,Guojun Peng,Danfeng (Daphne) Yao

DOI: https://doi.org/10.1145/3453155

IF: 16.6

2022-06-30

ACM Computing Surveys

Abstract:Anomaly detection is crucial to ensure the security of cyber-physical systems (CPS). However, due to the increasing complexity of CPSs and more sophisticated attacks, conventional anomaly detection methods, which face the growing volume of data and need domain-specific knowledge, cannot be directly applied to address these challenges. To this end, deep learning-based anomaly detection (DLAD) methods have been proposed. In this article, we review state-of-the-art DLAD methods in CPSs. We propose a taxonomy in terms of the type of anomalies, strategies, implementation, and evaluation metrics to understand the essential properties of current methods. Further, we utilize this taxonomy to identify and highlight new characteristics and designs in each CPS domain. Also, we discuss the limitations and open problems of these methods. Moreover, to give users insights into choosing proper DLAD methods in practice, we experimentally explore the characteristics of typical neural models, the workflow of DLAD methods, and the running performance of DL models. Finally, we discuss the deficiencies of DL approaches, our findings, and possible directions to improve DLAD methods and motivate future research.

computer science, theory & methods

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Aidong Xu,Yixin Jiang,Yunan Zhang,Chao Hong,Xingpu Cai

DOI: https://doi.org/10.1109/appeec48164.2020.9220716

2020-01-01

Abstract:With the great development of the information communication technology, power systems have been typical Cyber Physical Systems (CPSs). Although the control function of the grid side is becoming more intelligent, Grid Cyber Physical System (GCPS) brings the risk of potential cyberattacks. In this paper, the impacts of cyber-attacks against GCPS are analyzed based on confusion matrix model firstly, then a double-layer cyber physical collaboration control strategy adjustment methods is proposed considering the status of cyber modules and physical devices infected by cyber-attacks. Finally, the feasibility and effectiveness of the proposed method are verified on the IEEE standard system.

Di Wang,Fangyu Li,Kaibo Liu,Xi Zhang

DOI: https://doi.org/10.1145/3582009

2024-01-01

ACM Transactions on Sensor Networks

Abstract:Cyber-Physical Systems (CPS) has emerged as a paradigm that connects cyber and physical worlds, which provides unprecedented opportunities to realize intelligent applications such as smart home, smart cities, and smart manufacturing. However, CPS faces a great number of information security challenges (e.g., attacks) due to the integration of CPS as well as the human behaviors and interactions. Therefore, accurate and real-time attack detection and identification are essential to ensure information security and reliability of CPS. In this paper, we propose a novel integrated learning method that accurately detects an attack of a CPS system and then identifies the attack type in real time. Specifically, we consider a One-Class Support Vector Machine (OCSVM) model that only relies on the data from the normal state for training to achieve a real-time and effective detection of a CPS system state (i.e., normal or under-attack). If the system is detected to be under-attack, we then develop a Pairwise Self-supervised Long Short-Term Memory (PSLSTM) approach to identify the attack type, which aims to accurately distinguish the known attack types and discover unknown new attacks. Lastly, experimental results show the proposed method achieves promising performances compared with conventional and state-of-the-art learning-based benchmarks.

S. Krishnaveni,Thomas M. Chen,Mithileysh Sathiyanarayanan,B. Amutha

DOI: https://doi.org/10.1007/s10586-024-04320-x

2024-03-21

Cluster Computing

Abstract:The rise of digital twin-based operational improvements poses a challenge to protecting industrial cyber-physical systems. It is crucial to safeguard digital twins while disclosing internals, which can create an increased attack surface. However, leveraging digital twins to simulate attacks on physical infrastructure becomes essential for enhancing ICPS cybersecurity resilience. This paper introduces an integrated intelligent defense framework called CyberDefender to study various attacks on digital twin-based ICPS from a four-layer perspective (i.e., digital twin-based industrial cyber-physical systems infrastructure layer, honeynet and software-defined industrial network layer, intelligent security platform layer, and smart industrial application layer). To demonstrate its feasibility, we implemented a proof-of-concept (PoC) solution using open-source tools, including AWS for cloud infrastructure, T-Pot for Honeynet, Mininet for SDN support, ELK tools for data management, and Docker for containerization. This framework utilizes an integrated intelligent approach to enhance intrusion detection and classification capabilities for digital twin-based industrial cyber-physical systems (DT-ICPS). The proposed intrusion detection system (IDS) combines two strategies to improve security. First, we present an innovative approach to identifying essential features using explainable AI and ensemble-based filter feature selection (XAI-EFFS). By using Shapley Additive Explanations (SHAP), we analyze the impact of different variables on predictive outcomes. Secondly, we propose a hybrid GRU-LSTM deep-learning model for detecting and classifying intrusions. We optimize the hyperparameters of the GRU-LSTM model by using a Bayesian optimization algorithm. The proposed method demonstrates excellent performance, outperforming conventional state-of-the-art techniques with an accuracy rate of 98.96%, which is a remarkable improvement. Additionally, it effectively detects zero-day attacks, contributing to digital twin-based ICPS cybersecurity resilience.

computer science, information systems, theory & methods

Jiang Xing,Dandan Wang,Liang Zhang,Lijie Li

DOI: https://doi.org/10.1007/s11277-024-11201-4

IF: 2.017

2024-06-19

Wireless Personal Communications

Abstract:A live or non-living object's digital twin is its mirror image. Businesses, particularly in the healthcare sector, are entering a new era thanks to digital twins and cyber-physical systems (CPS), which collect patient health data to offer users quick, efficient, and on-demand services. Under the proposed system, a range of patient health metrics are gathered via various medical devices and wearables that send data to the main database. This data is then analysed to improve diagnosis and train automated systems. A physical item serves as the primary database, and to investigate, summarise, and mine data for diagnosis while keeping an eye on the patient in real time, a virtual object or digital twin of the same is maintained in parallel. The e-health cloud data must be secured against unwanted access using an iris biometric feature for biometric authentication. The proposed article developed a two-phase Enhanced Efficient Net Convolution Neural Network-based architecture to distinguish between the real and fake user samples. To distinguish between faked and real iris biometric samples, the suggested system is trained on several datasets using an Enhanced Efficient Net Convolution Neural Network to make modifications.

telecommunications

Dajun Du,Minggao Zhu,Xue Li,Minrui Fei,Siqi Bu,Lei Wu,Kang Li

DOI: https://doi.org/10.35833/mpce.2021.000604

IF: 4.469

2023-01-01

Journal of Modern Power Systems and Clean Energy

Abstract:Potential malicious cyber-attacks to power systems which are connected to a wide range of stakeholders from the top to tail will impose significant societal risks and challenges. The timely detection and defense are of crucial importance for safe and reliable operation of cyber-physical power systems (CPPSs). This paper presents a comprehensive review of some of the latest attack detection and defense strategies. Firstly, the vulnerabilities brought by some new information and communication technologies (ICTs) are analyzed, and their impacts on the security of CPPSs are discussed. Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework, and their features and negative impacts are discussed. Secondly, two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed, and their benefits and drawbacks are discussed. Moreover, two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed. Finally, the trends and challenges in attack detection and defense strategies in CPPSs are provided.

engineering, electrical & electronic

Sangjun Kim,Kyung-Joon Park,Chenyang Lu

DOI: https://doi.org/10.1109/comst.2022.3187531

2022-09-03

Abstract:Cyber-physical systems (CPS) are considered the integration of physical systems in the real world and control software in computing systems. In CPS, the real world and the computing systems are connected through networks with real-time information exchange. The introduction of networking technologies in CPS has substantial advantages in terms of system efficiency, scalability, maintenance, and many more. However, CPS are vulnerable to malicious attackers intruding on the network. The attackers aim to destroy the physical systems with cyber-physical attacks, in which the main objective is to remotely cause malfunctions in physical systems through networks. Therefore, extensive research on cyber-physical security has been conducted to detect cyber-physical attacks and guarantee the stability of the physical systems under cyber-physical attacks. In this survey, we conduct an exhaustive review of the literature on threats to CPS and on resilient CPS design strategies. First, we discuss the structure of CPS, considering physical dynamics, computing systems, and networks. Then, we provide a taxonomy of cyber-physical attacks with three properties (attack space, attack location, and stealthiness). These three attributes represent the requirements for the implementation of cyber-physical attacks. We review existing studies on anomaly-detection strategies against cyber-physical attacks in terms of physics, networks, and machine learning techniques. Moreover, we analyze the impact of typical cyber-physical attacks and the constraints on attack implementations. In particular, for each of the well-established cyber-physical attacks, we present numerical examples that clearly illustrate the time responses of the physical systems with a conventional physics-based anomaly detector. We also review advances in the typical cyber-physical attacks and the detection methods for these attacks. Furthermore, we review resilient CPS designs in the context of control theory, network managem- nt, and data-driven technologies. We conclude the survey by identifying future research directions.

Paul Griffioen,Sean Weerakkody,Omur Ozel,Yilin Mo,Bruno Sinopoli

DOI: https://doi.org/10.23919/ecc.2019.8796117

2019-01-01

Abstract:Cyber-physical systems (CPSs) have become targets for malicious adversaries, creating new challenges for attaining reliable CPS performance. Achieving CPS security requires tools which extend beyond what is offered in state of the art software and cyber security. In this tutorial, we consider a science of CPS security which combines tools from both cyber security and system theory to defend against adversarial behavior. We discuss realistic and intelligent attack models from an adversarial perspective and then present mechanisms for defenders to achieve resilience by recognizing and responding to such malicious behavior. The focus of this tutorial is particularly on the recognition and detection of attacks, which is the first and foremost step in achieving resilience and is a necessary prerequisite to any active response.

Andrew Kacmarcik,Milos Prvulovic

DOI: https://doi.org/10.1109/access.2024.3456050

IF: 3.9

2024-09-21

IEEE Access

Abstract:The continuing proliferation of Cyber Physical Systems (CPSs), those that integrate electronic control circuitry with a mechanical system allowing software commands to affect the physical world, while allowing for new efficiencies and convenience, also facilitates new security risks. While the cyber-domain components of a CPS control the behavior of the physical-domain components, attacks on either the physical-domain or cyber-domain can be used to control or subvert the CPS in ways that may cause serious harm or even loss of life. Unfortunately, most research in CPS attack detection has focused solely on monitoring the cyber domain for malicious software activity, and the few works that do monitor the physical domain neglect or independently monitor the cyber domain. With that in mind, this paper proposes a method of jointly monitoring both domains (cyber and physical) of a CPS, verifying not only that software commands are faithfully executed by the cyber-components of the CPS, but also that the physical-domain behavior of the CPS corresponds to those commands. We demonstrate the effectiveness of this approach through experiments using a medical CPS device subjected to both cyber and physical attacks. We show that different analog side channels (EM and acoustic in our experiments) are similarly effective for such monitoring and attack detection. We also show that, while some attacks can be detected through physical-domain monitoring alone or through cyber-domain monitoring alone, our joint monitoring of both domains allows for the detection of additional attacks that cannot be detected by monitoring only one of the domains, resulting in >99% attack detection accuracy measured over 1,000 instances of CPS activity.

computer science, information systems,telecommunications,engineering, electrical & electronic

Prakhar Ganesh,Xin Lou,Yao Chen,Rui Tan,David K. Y. Yau,Deming Chen,Marianne Winslett

DOI: https://doi.org/10.1109/tsg.2021.3058682

IF: 10.275

2021-07-01

IEEE Transactions on Smart Grid

Abstract:Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.

engineering, electrical & electronic

Jun Zhang,Lei Pan,Qing-Long Han,Chao Chen,Sheng Wen,Yang Xiang

DOI: https://doi.org/10.1109/jas.2021.1004261

2022-03-01

IEEE/CAA Journal of Automatica Sinica

Abstract:With the booming of cyber attacks and cyber criminals against cyber-physical systems (CPSs), detecting these attacks remains challenging. It might be the worst of times, but it might be the best of times because of opportunities brought by machine learning (ML), in particular deep learning (DL). In general, DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data. DL models are adopted quickly to cyber attacks against CPS systems. In this survey, a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context. A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems. The methodology includes CPS scenario analysis, cyber attack identification, ML problem formulation, DL model customization, data acquisition for training, and performance evaluation. The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules. Moreover, excellent performance is achieved partly because of several high-quality datasets that are readily available for public use. Furthermore, challenges, opportunities, and research trends are pointed out for future research.

Chongxing Ji,Yi Niu

DOI: https://doi.org/10.1016/j.seta.2024.103650

IF: 7.632

2024-02-21

Sustainable Energy Technologies and Assessments

Abstract:The amalgamation of Internet of Things (IoT) and communication systems within Smart Grid Control Systems (SGCS) has amplified their susceptibility to cyber-attacks, posing a significant threat. Traditional intrusion detection systems (IDSs), originally designed for securing IT systems, exhibit limitations in SGCS due to reliance on predefined structures and training on specific cyber-attack patterns. This study addresses the challenge by proposing a deep learning (DL) framework to establish balanced representations for the inherently asymmetric SGCS datasets. These representations are seamlessly integrated into a dedicated DL-based model for attack detection within the SGCS environment. Utilizing Support Vector Machines (SVM) and K-Nearest Neighbors (K-NN), the model identifies novel cyber-attack representations. Performance evaluation through 10-fold cross-validation on two real SGCS datasets reveals the proposed approach's superiority over traditional methods like Random Forest (RF) and Deep Neural Networks (DNN). Additionally, the generalized method can be effortlessly implemented in existing SGCS infrastructures with minimal complexity. This study introduces a novel cybersecurity enhancement method for Smart Grid Control Systems by integrating a Cyber-Physical Digital Twin with a deep learning-based IDS. This approach intricately models both physical and cyber components, facilitating real-time training and fine-tuning of the intrusion detection model using synthetic cyber threats. The digital twin undergoes rigorous testing to assess the model's effectiveness, employing scenario analyses to identify vulnerabilities and formulate response strategies. The adaptive digital twin fosters a proactive cybersecurity stance by implementing security measures such as access controls and cyber range simulation. Real-time monitoring, analytics, and stakeholder collaboration enhance incident response readiness. The lifecycle simulation, spanning from model development to deployment, ensures alignment with regulations. This integrated approach not only detects but proactively responds to cyber threats, fortifying Smart Grid Control Systems against evolving risks.

energy & fuels,green & sustainable science & technology

Xu, Wuyue

DOI: https://doi.org/10.1007/s11277-024-11182-4

IF: 2.017

2024-06-06

Wireless Personal Communications

Abstract:Cyber-physical systems (CPS) have been widely utilized in healthcare industry to provide excellent patient care in a variety of clinical contexts. Because of the heterogeneity of medical devices in these systems (body sensor nodes and mobile devices), there are large attack surfaces introduced, which makes strong security solutions necessary for these complex environments. Therefore, the Attack Detection Framework with cognitive machine learning support has been presented in this study in order to securely convey healthcare data. Healthcare CPS will find it simple to transfer the collected data to cloud storage. This study offers a novel approach to deep learning models-based cyber physical system-based smart healthcare data analysis and threat detection. The cloud edge model with firewall intrusion detection system is used to construct the CPS that is based on the smart healthcare paradigm. Then, using an encoder neural network and a convolutional adversarial fuzzy model, the smart healthcare system analyses bogus user data. The universal robot (UR5) receives the item detection data from the camera system that makes up the CPS and uses them to pick it up and deposit it where it belongs. One significant element that can affect the effectiveness of real-time activities is communication latency. In terms of accuracy, precision, recall, F-1 score, NSE, RMSE, experimental study is performed for a variety of CPS-based fake user analysis datasets. Proposed technique accuracy 95%, precision 83%, recall 73%, F-1 score 63%, NSE 63%, RMSE 51%.

telecommunications