Synthesis of Covert Actuator Attackers for Free

In this paper, we shall formulate and address a problem of covert actuator attacker synthesis for cyber-physical systems that are modelled by discrete-event systems. We assume the actuator attacker partially observes the execution of the closed-loop system and is able to modify each control command issued by the supervisor on a specified attackable subset of controllable events. We provide straightforward but in general exponential-time reductions, due to the use of subset construction procedure, from the covert actuator attacker synthesis problems to the Ramadge-Wonham supervisor synthesis problems. It then follows that it is possible to use the many techniques and tools already developed for solving the supervisor synthesis problem to solve the covert actuator attacker synthesis problem for free. In particular, we show that, if the attacker cannot attack unobservable events to the supervisor, then the reductions can be carried out in polynomial time. We also provide a brief discussion on some other conditions under which the exponential blowup in state size can be avoided. Finally, we show how the reduction based synthesis procedure can be extended for the synthesis of successful covert actuator attackers that also eavesdrop the control commands issued by the supervisor.Comment: The paper has been accepted for the journal Discrete Event Dynamic System

A Polynomial Approach to Verifying the Existence of a Threatening Sensor Attacker

The development of cyber-physical systems (CPS) has brought much attention of researchers to cyber-attack and cyber-security. A sensor attacker targeting on a supervised discrete event system can modify a set of sensor readings and cause the closed-loop system to reach undesirable states. In this letter, we propose a new attack detection mechanism under which the supervisor only needs to keep track of the last observable event received. Given a plant and a supervisor enforcing a state specification, we define a sensor attacker threatening if it may cause the closed-loop system to enter a forbidden state. Our goal is to verify whether there exists such a threatening sensor attacker for a given controlled system. A new structure, called All Sensor Attack (ASA), is proposed to capture all possible sensor attacks launched by the attacker. Based on the ASA automaton, a necessary and sufficient condition for the existence of a stealthy threatening sensor attacker is presented. Finally, we show that the condition can be verified in polynomial time

Gan-based data augmentation in the design of Cyber-attack detection methods

The advent of the Industry 4.0 paradigm that relies on the concepts of Cyber-Physical Systems (CPS) and the Industrial Internet of Things (IIoT) leads to the transition from centralized to distributed control. In this approach, interconnected smart devices (sensors, actuators, etc.) as the key enablers achieve system control through coordinated work. Introduction of IIoT leads to ubiquitous communication between smart devices, thus opening up a vast area for potential malicious threats and attacks which can cause serious consequences, take to system dysfunction or even endanger human lives. Therefore, security mechanisms have to be developed to provide timely detection of different cyber-attacks and to keep the system safe and protected. Since industrial processes are often very complex and their analytical model is very difficult to determine, deep learning based methods for cyber-security mechanisms development are imposed as a technique of choice. Successful employment of data-driven solutions, particularly based on deep learning approaches usually requires a big amount of data. However, due to various limitations in the acquisition of data from the real process, its availability is still a major challenge. For instance, the Industry 4.0 factory implies frequent reconfiguration which reduces the time intervals available for experimental procedures such as data acquisition. One of the ways to deal with this issue is called data augmentation. In this paper, we apply data augmentation in the design of cyber-attack detection methods in Industrial Control Systems (ICS). In particular, we explore the possibilities for utilization of Generative Adversarial Networks (GAN) to generate the necessary amount of data for deep learning based modeling sing a relatively small number of available samples on input

Selection of a stealthy and harmful attack function in discrete event systems

In this paper we consider the problem of joint state estimation under attack in partially-observed discrete event systems. An operator observes the evolution of the plant to evaluate its current states. The attacker may tamper with the sensor readings received by the operator inserting dummy events or erasing real events that have occurred in the plant with the goal of preventing the operator from computing the correct state estimation. An attack function is said to be harmful if the state estimation consistent with the correct observation and the state estimation consistent with the corrupted observation satisfy a given misleading relation. On the basis of an automaton called joint estimator, we show how to compute a supremal stealthy joint subestimator that allows the attacker to remain stealthy, no matter what the future evolution of the plant is. Finally, we show how to select a stealthy and harmful attack function based on such a subestimator

Efficient Synthesis of Sensor Deception Attacks Using Observation Equivalence-Based Abstraction

This paper investigates the synthesis of successful sensor deception attack functions in supervisory control using abstraction methods to reduce computational complexity. In sensor deception attacks, an attacker hijacks a subset of the sensors of the plant and feeds incorrect information to the supervisor with the intent on causing damage to the supervised system. The attacker is successful if its attack causes damage to the system and it is not identified by an intrusion detection module. The existence test and the synthesis method of successful sensor deception attack functions are computationally expensive, specifically in partially observed systems. For this reason, we leverage results on abstraction methods to reduce the computational effort in solving these problems. Namely, we introduce an equivalence relation called restricted observation equivalence, that is used to abstract the original system before calculating attack functions. Based on this equivalence relation we prove that the existence of successful attack functions in the abstracted supervised system guarantees the existence of successful attack functions in the unabstracted supervised system and vice versa. Moreover, successful attack functions synthesized from the abstracted system can be exactly mapped to successful attack functions on the unabstracted system, thereby providing a complete solution to the attack synthesis problem

On Decidability of Existence of Nonblocking Supervisors Resilient to Smart Sensor Attacks

Cybersecurity of discrete event systems (DES) has been gaining more and more attention recently, due to its high relevance to the so-called 4th industrial revolution that heavily relies on data communication among networked systems. One key challenge is how to ensure system resilience to sensor and/or actuator attacks, which may tamper data integrity and service availability. In this paper we focus on some key decidability issues related to smart sensor attacks. We first present a sufficient and necessary condition that ensures the existence of a smart sensor attack, which reveals a novel demand-supply relationship between an attacker and a controlled plant, represented as a set of risky pairs. Each risky pair consists of a damage string desired by the attacker and an observable sequence feasible in the supervisor such that the latter induces a sequence of control patterns, which allows the damage string to happen. It turns out that each risky pair can induce a smart weak sensor attack. Next, we show that, when the plant, supervisor and damage language are regular, it is computationally feasible to remove all such risky pairs from the plant behaviour, via a genuine encoding scheme, upon which we are able to establish our key result that the existence of a nonblocking supervisor resilient to smart sensor attacks is decidable. To the best of our knowledge, this is the first result of its kind in the DES literature on cyber attacks. The proposed decision process renders a specific synthesis procedure that guarantees to compute a resilient supervisor whenever it exists, which so far has not been achieved in the literature.Comment: 14 pages, 11 figure