The detection of sensor signal attacks in industrial control systems

U cilju povećanja produktivnosti i efikasnosti proizvodnje, četvrta industrijska revolucija vodi ka implementaciji kibernetsko fizičkih sistema i interneta stvari u industrijskom okruženju. Sveobuhvatna komunikacija čini kibernetsko fizičke sisteme podložnim na spoljašnje uticaje, koji često mogu imati negativnu nameru, npr. napadi i smetnje proistekli od različitih uzročnika. Uticaj napada na sistem može dovesti do anomalija i ozbiljnih posledica po delove sistema ili sistem u celosti. Stoga, odbrambeni mehanizmi za pravovremenu detekciju napada moraju biti razvijeni, kako bi se sistem zaštitio i održala njegova funkcionalnost. U ovom radu, predložen je metod za detekciju napada na senzorske signale u kontinualno upravljanim sistemima. Metod je baziran na mašinama sa nosećim vektorima, a testiran na skupu podataka iz sistema za preradu vode.To improve productivity and efficiency in industrial manufacturing, the fourth industrial revolution leads to the implementation of Cyber Physical Systems (CPS) and Internet of Things (IoT) in the industrial environment. Ubiquitous communication makes CPS susceptible to external influences, which can have a negative intention; for instance, CPS are prone to various attacks and malicious threats by different adversaries. The impact of an attack on the system can lead to anomalies and serious consequences for system parts or the system as a whole. Security mechanisms must be developed in order to timely detect different attacks and to keep the system safe and protected. In this paper, a method for sensor signal attacks detection in a continuous time controlled systems has been proposed. The method is based on Support Vector Machines (SVM) and tested on the data obtained from the Secure Water Treatment (SWaT) testbed, a scaled-down plant that produces purified water

The detection of sensor signal attacks in industrial control systems

U cilju povećanja produktivnosti i efikasnosti proizvodnje, četvrta industrijska revolucija vodi ka implementaciji kibernetsko fizičkih sistema i interneta stvari u industrijskom okruženju. Sveobuhvatna komunikacija čini kibernetsko fizičke sisteme podložnim na spoljašnje uticaje, koji često mogu imati negativnu nameru, npr. napadi i smetnje proistekli od različitih uzročnika. Uticaj napada na sistem može dovesti do anomalija i ozbiljnih posledica po delove sistema ili sistem u celosti. Stoga, odbrambeni mehanizmi za pravovremenu detekciju napada moraju biti razvijeni, kako bi se sistem zaštitio i održala njegova funkcionalnost. U ovom radu, predložen je metod za detekciju napada na senzorske signale u kontinualno upravljanim sistemima. Metod je baziran na mašinama sa nosećim vektorima, a testiran na skupu podataka iz sistema za preradu vode.To improve productivity and efficiency in industrial manufacturing, the fourth industrial revolution leads to the implementation of Cyber Physical Systems (CPS) and Internet of Things (IoT) in the industrial environment. Ubiquitous communication makes CPS susceptible to external influences, which can have a negative intention; for instance, CPS are prone to various attacks and malicious threats by different adversaries. The impact of an attack on the system can lead to anomalies and serious consequences for system parts or the system as a whole. Security mechanisms must be developed in order to timely detect different attacks and to keep the system safe and protected. In this paper, a method for sensor signal attacks detection in a continuous time controlled systems has been proposed. The method is based on Support Vector Machines (SVM) and tested on the data obtained from the Secure Water Treatment (SWaT) testbed, a scaled-down plant that produces purified water

Detection of cyber-attacks in systems with distributed control based on support vector regression

Concept of Industry 4.0 and implementation of Cyber Physical Systems (CPS) and Internet of Things (IoT) in industrial plants are changing the way we manufacture. Introduction of industrial IoT leads to ubiquitous communication (usually wireless) between devices in industrial control systems, thus introducing numerous security concerns and opening up wide space for potential malicious threats and attacks. As a consequence of various cyber-attacks, fatal failures can occur on system parts or the system as a whole. Therefore, security mechanisms must be developed to provide sufficient resilience to cyber-attacks and keep the system safe and protected. In this paper we present a method for detection of attacks on sensor signals, based on e insensitive support vector regression (e-SVR). The method is implemented on publicly available data obtained from Secure Water Treatment (SWaT) testbed as well as on a real-world continuous time controlled electro-pneumatic positioning system. In both cases, the method successfully detected all considered attacks (without false positives)

Detection of cyber-attacks in systems with distributed control based on support vector regression

Concept of Industry 4.0 and implementation of Cyber Physical Systems (CPS) and Internet of Things (IoT) in industrial plants are changing the way we manufacture. Introduction of industrial IoT leads to ubiquitous communication (usually wireless) between devices in industrial control systems, thus introducing numerous security concerns and opening up wide space for potential malicious threats and attacks. As a consequence of various cyber-attacks, fatal failures can occur on system parts or the system as a whole. Therefore, security mechanisms must be developed to provide sufficient resilience to cyber-attacks and keep the system safe and protected. In this paper we present a method for detection of attacks on sensor signals, based on e insensitive support vector regression (e-SVR). The method is implemented on publicly available data obtained from Secure Water Treatment (SWaT) testbed as well as on a real-world continuous time controlled electro-pneumatic positioning system. In both cases, the method successfully detected all considered attacks (without false positives)

Data-Driven Attack Detection for Linear Systems

This paper studies the attack detection problem in a data-driven and model-free setting, for deterministic systems with linear and time-invariant dynamics. Differently from existing studies that leverage knowledge of the system dynamics to derive security bounds and monitoring schemes, we focus on the case where the system dynamics, as well as the attack strategy and attack location, are unknown. We derive fundamental security limitations as a function of only the observed data and without estimating the system dynamics (in fact, no assumption is made on the identifiability of the system). In particular, (i) we derive detection limitations as a function of the informativity and length of the observed data, (ii) provide a data-driven characterization of undetectable attacks, and (iii) construct a data-driven detection monitor. Surprisingly, and in accordance with recent studies on data-driven control, our results show that model-based and data-driven security techniques share the same fundamental limitations, provided that the collected data remains sufficiently informative.Comment: 6 pages, 2 figure

Gan-based data augmentation in the design of Cyber-attack detection methods

The advent of the Industry 4.0 paradigm that relies on the concepts of Cyber-Physical Systems (CPS) and the Industrial Internet of Things (IIoT) leads to the transition from centralized to distributed control. In this approach, interconnected smart devices (sensors, actuators, etc.) as the key enablers achieve system control through coordinated work. Introduction of IIoT leads to ubiquitous communication between smart devices, thus opening up a vast area for potential malicious threats and attacks which can cause serious consequences, take to system dysfunction or even endanger human lives. Therefore, security mechanisms have to be developed to provide timely detection of different cyber-attacks and to keep the system safe and protected. Since industrial processes are often very complex and their analytical model is very difficult to determine, deep learning based methods for cyber-security mechanisms development are imposed as a technique of choice. Successful employment of data-driven solutions, particularly based on deep learning approaches usually requires a big amount of data. However, due to various limitations in the acquisition of data from the real process, its availability is still a major challenge. For instance, the Industry 4.0 factory implies frequent reconfiguration which reduces the time intervals available for experimental procedures such as data acquisition. One of the ways to deal with this issue is called data augmentation. In this paper, we apply data augmentation in the design of cyber-attack detection methods in Industrial Control Systems (ICS). In particular, we explore the possibilities for utilization of Generative Adversarial Networks (GAN) to generate the necessary amount of data for deep learning based modeling sing a relatively small number of available samples on input

Adversarial Attacks on Machine Learning Cybersecurity Defences in Industrial Control Systems

The proliferation and application of machine learning based Intrusion Detection Systems (IDS) have allowed for more flexibility and efficiency in the automated detection of cyber attacks in Industrial Control Systems (ICS). However, the introduction of such IDSs has also created an additional attack vector; the learning models may also be subject to cyber attacks, otherwise referred to as Adversarial Machine Learning (AML). Such attacks may have severe consequences in ICS systems, as adversaries could potentially bypass the IDS. This could lead to delayed attack detection which may result in infrastructure damages, financial loss, and even loss of life. This paper explores how adversarial learning can be used to target supervised models by generating adversarial samples using the Jacobian-based Saliency Map attack and exploring classification behaviours. The analysis also includes the exploration of how such samples can support the robustness of supervised models using adversarial training. An authentic power system dataset was used to support the experiments presented herein. Overall, the classification performance of two widely used classifiers, Random Forest and J48, decreased by 16 and 20 percentage points when adversarial samples were present. Their performances improved following adversarial training, demonstrating their robustness towards such attacks.Comment: 9 pages. 7 figures. 7 tables. 46 references. Submitted to a special issue Journal of Information Security and Applications, Machine Learning Techniques for Cyber Security: Challenges and Future Trends, Elsevie

Cyber security in continuous-time controlled systems – overview of the results within the project of mission4.0

U okviru ovog rada navode se rezultati istraživanja sprovedenih u okviru projekta MISSION4.0 pod nazivom Optimizacioni algoritmi za upravljanje i terminiranje kibernetsko fizičkih sistema u okviru Industrije 4.0 zasnovani na dubokom mašinskom učenju i inteligenciji roja, finansiranog od strane Fonda za nauku Republike Srbije u periodu od 2020-2022. godine. Prikazani rezultati odnose se na oblast sajber bezbednosti u kontinualnim sistemima upravljanja što predstavlja jedan od radnih paketa projekta MISSION4.0. U skladu sa tim, pravci istraživanja odnosili su se na razvoj algoritama za detekciju napada u industrijskim sistemima upravljanja sa centralizovanom i distribuiranom arhitekturom, kao i na primenu otvorene platforme za komunikaciju, u cilju bezbedne razmene podataka između uređaja različitih proizvođača. Pored toga, dobijeni rezultati i njihova integracija u predavanja i laboratorijske vežbe poslužili su kao osnova za edukaciju inženjera u oblastima kibernetsko fizičkih sistema, industrijskog interneta stvari i sajber bezbednosti