This paper proposes a passive methodology for detecting a class of stealthy intermittent integrity attacks in cyberphysical systems subject to process disturbances and measurement noise.A stealthy intermittent integri...This paper proposes a passive methodology for detecting a class of stealthy intermittent integrity attacks in cyberphysical systems subject to process disturbances and measurement noise.A stealthy intermittent integrity attack strategy is first proposed by modifying a zero-dynamics attack model.The stealthiness of the generated attacks is rigorously investigated under the condition that the adversary does not know precisely the system state values.In order to help detect such attacks,a backward-in-time detection residual is proposed based on an equivalent quantity of the system state change,due to the attack,at a time prior to the attack occurrence time.A key characteristic of this residual is that its magnitude increases every time a new attack occurs.To estimate this unknown residual,an optimal fixed-point smoother is proposed by minimizing a piece-wise linear quadratic cost function with a set of specifically designed weighting matrices.The smoother design guarantees robustness with respect to process disturbances and measurement noise,and is also able to maintain sensitivity as time progresses to intermittent integrity attack by resetting the covariance matrix based on the weighting matrices.The adaptive threshold is designed based on the estimated backward-in-time residual,and the attack detectability analysis is rigorously investigated to characterize quantitatively the class of attacks that can be detected by the proposed methodology.Finally,a simulation example is used to demonstrate the effectiveness of the developed methodology.展开更多
Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are ...Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.展开更多
Mobile Agent has many benefits over traditional distributed systems such as reducing latency,bandwidth,and costs.Mobile Agent Systems are not fully utilized due to security problems.This paper focuses on mobile agent ...Mobile Agent has many benefits over traditional distributed systems such as reducing latency,bandwidth,and costs.Mobile Agent Systems are not fully utilized due to security problems.This paper focuses on mobile agent protection against malicious hosts.A new security mechanism called Checkpoints has been proposed.Checkpoint Mechanism(CPM)aims to protect Mobile Agent against malicious hosts in case of Capturing and Integrity attacks.CPM assumes using a free-roaming mobility mechanism by Mobile agent systems.The main idea behind CPM is to generate multiple versions of Mobile Agent.The multiple version is used to recover Mobile Agent from Capturing and Integrity attacks by untrusted hosts.MA versions are kept in Recovery Host(RH).RH plays a key role in CPM by controlling and monitoring MAs’recovery processes.A prototype method has been used to prove the feasibility of CPM.The p https://dsr.kau.edu.sa/Default-305-ARrototype was implemented by using the.Net framework and C#.full discussion for several scenarios has been done to analyze the feasibility and performance for CPM.As found from this research,CPM has a strong ability to protect Mobile Agents from Capturing and Integrity attacks completely.In addition,there is no negative impact on the overall performance of the mobile agent system.展开更多
基金This work was supported by the European Union’s Horizon 2020 Research and Innovation Programme under the Marie Skodowska-Curie(101027980(CSPCPS-A-ICA),739551(KIOS CoE-TEAMING))the Italian Ministry for Research in the Framework of the 2017 Program for Research Projects of National Interest(PRIN)(2017YKXYXJ)+3 种基金the National Natural Science Foundation of China(61903188,62073165,62020106003)the Natural Science Foundation of Jiangsu Province(BK20190403)the 111 Project(B20007)the Priority Academic Program Development of Jiangsu Higher Education Institutions.
文摘This paper proposes a passive methodology for detecting a class of stealthy intermittent integrity attacks in cyberphysical systems subject to process disturbances and measurement noise.A stealthy intermittent integrity attack strategy is first proposed by modifying a zero-dynamics attack model.The stealthiness of the generated attacks is rigorously investigated under the condition that the adversary does not know precisely the system state values.In order to help detect such attacks,a backward-in-time detection residual is proposed based on an equivalent quantity of the system state change,due to the attack,at a time prior to the attack occurrence time.A key characteristic of this residual is that its magnitude increases every time a new attack occurs.To estimate this unknown residual,an optimal fixed-point smoother is proposed by minimizing a piece-wise linear quadratic cost function with a set of specifically designed weighting matrices.The smoother design guarantees robustness with respect to process disturbances and measurement noise,and is also able to maintain sensitivity as time progresses to intermittent integrity attack by resetting the covariance matrix based on the weighting matrices.The adaptive threshold is designed based on the estimated backward-in-time residual,and the attack detectability analysis is rigorously investigated to characterize quantitatively the class of attacks that can be detected by the proposed methodology.Finally,a simulation example is used to demonstrate the effectiveness of the developed methodology.
基金National Natural Science Foundation of China(No.62172308,U1626107,61972297,62172144)。
文摘Cyber-physical systems(CPS)have been widely deployed in critical infrastructures and are vulnerable to various attacks.Data integrity attacks manipulate sensor measurements and cause control systems to fail,which are one of the prominent threats to CPS.Anomaly detection methods are proposed to secure CPS.However,existing anomaly detection studies usually require expert knowledge(e.g.,system model-based)or are lack of interpretability(e.g.,deep learning-based).In this paper,we present DEEPNOISE,a deep learning-based anomaly detection method for CPS with interpretability.Specifically,we utilize the sensor and process noise to detect data integrity attacks.Such noise represents the intrinsic characteristics of physical devices and the production process in CPS.One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data.Further,an LSTM-based detector is designed to inspect the obtained noise and detect anomalies.Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by DEEPNOISE.Evaluated on the SWaT testbed,DEEPNOISE achieves higher accuracy and recall compared with state-of-the-art model-based and deep learningbased methods.On average,when detecting direct attacks,the precision is 95.47%,the recall is 96.58%,and F_(1) is 95.98%.When detecting stealthy attacks,precision,recall,and F_(1) scores are between 96% and 99.5%.
基金This project funded by the Deanship of Scientific Research(DSR),King Abdulaziz University,Jeddah,under Grant No.D-152-611-1441.
文摘Mobile Agent has many benefits over traditional distributed systems such as reducing latency,bandwidth,and costs.Mobile Agent Systems are not fully utilized due to security problems.This paper focuses on mobile agent protection against malicious hosts.A new security mechanism called Checkpoints has been proposed.Checkpoint Mechanism(CPM)aims to protect Mobile Agent against malicious hosts in case of Capturing and Integrity attacks.CPM assumes using a free-roaming mobility mechanism by Mobile agent systems.The main idea behind CPM is to generate multiple versions of Mobile Agent.The multiple version is used to recover Mobile Agent from Capturing and Integrity attacks by untrusted hosts.MA versions are kept in Recovery Host(RH).RH plays a key role in CPM by controlling and monitoring MAs’recovery processes.A prototype method has been used to prove the feasibility of CPM.The p https://dsr.kau.edu.sa/Default-305-ARrototype was implemented by using the.Net framework and C#.full discussion for several scenarios has been done to analyze the feasibility and performance for CPM.As found from this research,CPM has a strong ability to protect Mobile Agents from Capturing and Integrity attacks completely.In addition,there is no negative impact on the overall performance of the mobile agent system.
