State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia

Distributed Fault Detection in Formation of Multi-Agent Systems with Attack Impact Analysis

Autonomous Underwater Vehicles (AUVs) are capable of performing a variety of deepwater marine applications as in multiple mobile robots and cooperative robot reconnaissance. Due to the environment that AUVs operate in, fault detection and isolation as well as the formation control of AUVs are more challenging than other Multi-Agent Systems (MASs). In this thesis, two main challenges are tackled. We first investigate the formation control and fault accommodation algorithms for AUVs in presence of abnormal events such as faults and communication attacks in any of the team members. These undesirable events can prevent the entire team to achieve a safe, reliable, and efficient performance while executing underwater mission tasks. For instance, AUVs may face unexpected actuator/sensor faults and the communication between AUVs can be compromised, and consequently make the entire multi-agent system vulnerable to cyber-attacks. Moreover, a possible deception attack on network system may have a negative impact on the environment and more importantly the national security. Furthermore, there are certain requirements for speed, position or depth of the AUV team. For this reason, we propose a distributed fault detection scheme that is able to detect and isolate faults in AUVs while maintaining their formation under security constraints. The effects of faults and communication attacks with a control theoretical perspective will be studied. Another contribution of this thesis is to study a state estimation problem for a linear dynamical system in presence of a Bias Injection Attack (BIA). For this purpose, a Kalman Filter (KF) is used, where we show that the impact of an attack can be analyzed as the solution of a quadratically constrained problem for which the exact solution can be found efficiently. We also introduce a lower bound for the attack impact in terms of the number of compromised actuators and a combination of sensors and actuators. The theoretical findings are accompanied by simulation results and numerical can study examples

Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

Development of directed randomization for discussing a minimal security architecture

Strategies for mitigating the impacts of cyberattacks on control systems using a control-oriented perspective have become of greater interest in recent years. Our group has contributed to this trend by developing several methods for detecting cyberattacks on process sensors, actuators, or both sensors and actuators simultaneously using an advanced optimization-based control strategy known as Lyapunov-based economic model predictive control (LEMPC). However, each technique comes with benefits and limitations, both with respect to one another and with respect to traditional information technology and computer science-type approaches to cybersecurity. An important question to ask, therefore, is what the goal should be of the development of new control-based techniques for handling cyberattacks on control systems, and how we will be able to benchmark these as “successful” compared to other techniques to drive development or signal when the research in this direction has reached maturity. In this paper, we propose that the goal of research in control system cybersecurity for next-generation manufacturing should be the development of a security architecture that provides flexibility and safety with lowest cost, and seek to clarify this concept by re-analyzing some of the security techniques from our prior work in such a context. We also show how new methods can be developed and analyzed within this “minimum security architecture” context by proposing a technique which we term “directed randomization” that may require less sensors to be secured in a system than some of our prior methods, potentially adding flexibility to the system while still maintaining security. Directed randomization seeks to utilize the existence of two possible stabilizing inputs at every sampling time to attempt to create a challenge for an attacker for setting up an arbitrary sensor attack policy without being detected within a finite number of sampling periods. We discuss benefits and limitations of this technique with respect to our prior cybersecurity strategies and also with respect to extended versions of these prior concepts, such as image-based control and distributed control, to provide further insights into the minimum security concep

Cybersecurity Strategy against Cyber Attacks towards Smart Grids with PVs

Cyber attacks threaten the security of distribution power grids, such as smart grids. The emerging renewable energy sources such as photovoltaics (PVs) with power electronics controllers introduce new potential vulnerabilities. Based on the electric waveform data measured by waveform sensors in the smart grids, we propose a novel cyber attack detection and identification approach. Firstly, we analyze the cyber attack impacts (including cyber attacks on the solar inverter causing unusual harmonics) on electric waveforms in distribution power grids. Then, we propose a novel deep learning based mechanism including attack detection and attack diagnosis. By leveraging the electric waveform sensor data structure, our approach does not need the training stage for both detection and the root cause diagnosis, which is needed for machine learning/deep learning-based methods. For comparison, we have evaluated classic data-driven methods, including -nearest neighbor (KNN), decision tree (DT), support vector machine (SVM), artificial neural network (ANN), and convolutional neural network (CNN). Comparison results verify the performance of the proposed method for detection and diagnosis of various cyber attacks on PV systems

Detection of replay attacks in cyber-physical systems using a frequency-based signature

This paper proposes a frequency-based approach for the detection of replay attacks affecting cyber-physical systems (CPS). In particular, the method employs a sinusoidal signal with a time-varying frequency (authentication signal) into the closed-loop system and checks whether the time profile of the frequency components in the output signal are compatible with the authentication signal or not. In order to carry out this target, the couplings between inputs and outputs are eliminated using a dynamic decoupling technique based on vector fitting. In this way, a signature introduced on a specific input channel will affect only the output that is selected to be associated with that input, which is a property that can be exploited to determine which channels are being affected. A bank of band-pass filters is used to generate signals whose energies can be compared to reconstruct an estimation of the time-varying frequency profile. By matching the known frequency profile with its estimation, the detector can provide the information about whether a replay attack is being carried out or not. The design of the signal generator and the detector are thoroughly discussed, and an example based on a quadruple-tank process is used to show the application and effectiveness of the proposed method.Peer ReviewedPostprint (author's final draft

State Estimation under Joint False Data Injection Attacks: Dealing with Constraints and Insecurity

This paper is concerned with the security issue in the state estimation problem for a networked control system (NCS). A new model of joint false data injection (FDI) attack is established wherein attacks are injected to both the remote estimator and the communication channels. Such a model is general that includes most existing FDI attack models as special cases. The joint FDI attacks are subjected to limited access and/or resource constraints, and this gives rise to a few attack scenarios to be examined one by one. Our objective is to establish the so-called insecurity conditions under which there exists an attack sequence capable of driving the estimation bias to infinity while bypassing the anomaly detector. By resorting to the generalized inverse theory, necessary and sufficient conditions are derived for the insecurity under different attack scenarios. Subsequently, easy-to-implement algorithms are proposed to generate attack sequences on insecure NCSs with respect to different attack scenarios. In particular, by using a matrix splitting technique, the constraint-induced sparsity of the attack vectors is dedicatedly investigated. Finally, several numerical examples are presented to verify the effectiveness of the proposed FDI attacks