Skip to main content
SpringerLink
Log in

Cross-Level Detection Framework for Attacks on Cyber-Physical Systems

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

Anomaly detection is critical in thwarting malicious attacks on Cyber-Physical Systems. This work presents a novel inference engine that integrates two heterogeneous anomaly detectors, working at different levels of the system architecture, in order to produce a cross-level detector more effective than either one separately. The macro- or process-level detector uses a bank of observers of the physical plant that estimate the state of the process suspected to be under attack, specifically for its sensor to be compromised, from data gathered by available networked sensors. The estimates are then combined using a consensus algorithm to determine if the suspect sensor is reporting false readings. The micro-level detector uses time-sampled side-channel power measurements of an integrated circuit on the suspect sensor. By comparing power measurements against those from a known good state, differences indicate the code running inside has been altered. The cross-level detector performs a two-dimensional Neyman-Pearson hypothesis test that declares the presence of an attack on the sensor node. The cross-level detector is shown to be more accurate and less latent than its constituent parts. Detection was tested against a range of False Data Injection attacks on a hardware prototype and the detector performance was measured experimentally. The cross-level detector on average achieved a 93% rate of correct detection, compared with 72 and 85% for the macro- and micro-level detectors, respectively; and a 50% reduction in latency compared to the macro-level detector.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 11
Fig. 12
Fig. 10

Similar content being viewed by others

References

  1. Kim KD, Kumar PR (2012) Cyber-physical systems: a perspective at the centennial. Proc IEEE 100:1287–1308

    Article  Google Scholar 

  2. National Science Foundation (2017) Cyber-Physical Systems (CPS) Program Solicitation. https://www.nsf.gov/pubs/2017/nsf17529/nsf17529.htm, accessed 26 June 2017

  3. Ray S, Jin Y, Raychowdhury A (2016) The changing computing paradigm with internet of things: a tutorial introduction. IEEE Des Test 33(2):76–96. https://doi.org/10.1109/MDAT.2016.2526612

    Article  Google Scholar 

  4. Khorrami F, Krishnamurthy P, Karri R (2016) Cybersecurity for control systems: a process-aware perspective. IEEE Des Test 33(5):75–83. https://doi.org/10.1109/MDAT.2016.2594178

    Article  Google Scholar 

  5. (2016). ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) Year in Review 2016. Tech. rep., National Cybersecurity and Communications Integration Center (NCCIC). https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_Final_S508C.pdf

  6. Liang G, Weller SR, Zhao J, Luo F, Dong ZY (2017) The 2015 Ukraine blackout: implications for false data injection attacks. IEEE Trans on Power Syst 32(4):3317–3318. https://doi.org/10.1109/TPWRS.2016.2631891

    Article  Google Scholar 

  7. Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. SANS Ind Control Syst. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf

  8. Castro M, Liskov B (1999) Practical byzantine fault tolerance. In: Proceedings of the Third Symposium on Operating System Design and Implement (OSDI). https://doi.org/10.1109/TPWRS.2016.2631891

  9. Ren W, Beard RW (2005) Consensus seeking in multiagent systems under dynamically changing interaction topologies. IEEE Trans on Autom Control 50(5):655–661. https://doi.org/10.1109/TAC.2005.846556

    Article  MathSciNet  MATH  Google Scholar 

  10. Parno B (2008) Bootstrapping trust in a “Trusted” platform. In: Proceedings of the 3rd Conference on Hot Topics in Security. http://dl.acm.org/citation.cfm?id=1496671.1496680, pp 9:1–9:6

  11. Gollmann D (2012) Veracity, plausibility, and reputation. In: Proceedings of Information Security Theory and Practice. https://doi.org/10.1007/978-3-642-30955-7_3, pp 20–28

  12. Kocher P, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J of Cryptogr Eng 1(1):5–27. https://doi.org/10.1007/s13389-011-0006-y

    Article  Google Scholar 

  13. Croteau B, Krishnankutty D, Robucci R, Patel C, Banerjee N, Kiriakidis K, Severson T, Rodriguez-Seda E (2017) Cross-level detection of sensor-based deception attacks on cyber-physical systems. In: Proceedings of the 7th Annual IEEE International Conference on CYBER Technology in Autonomous, Control, and Intelligent System

  14. Rajkumar RR, Lee I, Sha L, Stankovic J (2010) Cyber-physical systems: the next computing revolution. In: Proceedings of the 47th Design Automation Conference (DAC). https://doi.org/10.1145/1837274.1837461, pp 731–736

  15. Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: Proceedings of the 3rd Conference on Hot Topics in Security. http://dl.acm.org/citation.cfm?id=1496671.1496677, pp 6:1–6:6

  16. Liu J, Xiao Y, Li S, Liang W, Chen CLP (2012) Cyber security and privacy issues in smart grids. IEEE Commun Surv Tutor 14(4):981–997. https://doi.org/10.1109/SURV.2011.122111.00145

    Article  Google Scholar 

  17. He H, Yan J (2016) Cyber-physical attacks and defences in the smart grid: a survey. IET Cyber-Phys Syst: Theory Appl 1(1):13–27. https://doi.org/10.1049/iet-cps.2016.0019

    MathSciNet  Google Scholar 

  18. Stouffer K, Lightman S, Pillitteri V, Abrams M, Hahn A (2014) NIST Special Publication 800-82 Revision 2, Guide to Industrial Control Systems (ICS) Security. Natl Inst of Stand and Technol. https://doi.org/10.6028/NIST.SP.800-82r2

  19. Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water SCADA systems-part I: analysis and experimentation of stealthy deception attacks. IEEE Trans on Control Syst Technol 21(5):1963–1970. https://doi.org/10.1109/TCST.2012.2211873

    Article  Google Scholar 

  20. Zhu B, Joseph A, Sastry S (2011) A taxonomy of cyber attacks on SCADA systems. In: Proceedings of 2011 IEEE International Conference on Internet of Things and Cyber, Phys and Soc Comput. https://doi.org/10.1109/iThings/CPSCom.2011.34, pp 380–388

  21. Liu Y, Ning P, Reiter MK (2011) False data injection attacks against state estimation in electric power grids. ACM Trans Inf Syst Secur 14(1):13:1–13:33. https://doi.org/10.1145/1952982.1952995

    Article  Google Scholar 

  22. Mo Y, Sinopoli B (2009) Secure control against replay attacks. In: 47th Annual Allerton Conference on Communication, Control, and Computing. https://doi.org/10.1109/ALLERTON.2009.5394956, pp 911–918

  23. Murguia C, Ruths J (2016) CUSUM and chi-squared attack detection of compromised sensors. In: 2016 IEEE Conference on Control Applications (CCA). https://doi.org/10.1109/CCA.2016.7587875, pp 474–480

  24. Fawzi H, Tabuada P, Diggavi S (2014) Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans on Autom Control 59(6):1454–1467. https://doi.org/10.1109/TAC.2014.2303233

    Article  MathSciNet  MATH  Google Scholar 

  25. Ivanov R, Pajic M, Lee I (2016) Attack-resilient sensor fusion for safety-critical cyber-physical systems. ACM Trans Embed Comput Syst 15(1):21:1–21:24. https://doi.org/10.1145/2847418

    Article  Google Scholar 

  26. Kiriakidis K, Severson T, Connett B (2016) Detecting and Isolating Attacks of Deception in Networked Control Systems. In: 2016 IEEE International Conference on Autonomic Computing (ICAC). https://doi.org/10.1109/ICAC.2016.14, pp 269–274

  27. Olfati-Saber R, Murray RM (2004) Consensus problems in networks of agents with switching topology and time-delays. IEEE Trans on Autom Control 49(9):1520–1533. https://doi.org/10.1109/TAC.2004.834113

    Article  MathSciNet  MATH  Google Scholar 

  28. Rodriguez-Seda EJ, Severson T, Kiriakidis K (2016) Recovery after attacks of deception on networked control systems. In: Proceedings of the 9th International Symposium on Resilient Control Systems. https://doi.org/10.1109/RWEEK.2016.7573316, pp 109–114

  29. Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptolog – CRYPTO’99. Springer, pp 789–789

  30. Standaert FX, Malkin TG, Yung M (2009) A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks, pp 443–461. https://doi.org/10.1007/978-3-642-01001-9_26

  31. Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans on Depend and Secur Comput 4(4):325–336. https://doi.org/10.1109/TDSC.2007.70215

    Article  Google Scholar 

  32. Lin L, Kasper M, Güneysu T, Paar C, Burleson W (2009) Trojan side-channels: lightweight hardware Trojans through side-channel engineering, pp 382–395. https://doi.org/10.1007/978-3-642-04138-9_27

  33. Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test of Comput 27(1):10–25. https://doi.org/10.1109/MDT.2010.7

    Article  Google Scholar 

  34. Narasimhan S, Du D, Chakraborty RS, Paul S, Wolff FG, Papachristou CA, Roy K, Bhunia S (2013) Hardware trojan detection by multiple-parameter side-channel analysis. IEEE Trans on Comput 62(11):2183–2195. https://doi.org/10.1109/TC.2012.200

    Article  MathSciNet  MATH  Google Scholar 

  35. Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247. https://doi.org/10.1109/JPROC.2014.2334493

    Article  Google Scholar 

  36. Krishnankutty D, Robucci R, Banerjee N, Patel C (2017) Fiscal: firmware identification using side-channel power analysis. In: 2017 IEEE 35th VLSI Test Symposium (VTS). https://doi.org/10.1109/VTS.2017.7928948, pp 1–6

  37. Eisenbarth T, Paar C, Weghenkel B (2010) Building a side channel based disassembler. In: Gavrilova ML, Tan C J K, Moreno ED (eds) Transactions on Computational Science X: Special Issue on Security in Computing, Part I. ISBN: 978-3-642-17499-5. https://doi.org/10.1007/978-3-642-17499-5_4. Berlin Heidelberg, Springer Berlin, pp 78–99

  38. Msgna M, Markantonakis K, Mayes K (2014) Precise Instruction-Level Side Channel Profiling of Embedded Processors, pp 129–143. In: 26th USENIX Security Symposium (USENIX Security 17). https://doi.org/10.1007/978-3-319-06320-1_11

  39. McCann D, Oswald E, Whitnall C (2017) Towards practical tools for side channel aware software engineering: ‘Grey Box’ modelling for instruction leakages. In: 26th USENIX Security Symposium (USENIX Security 17). ISSN: 978-1-931971-40-9. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/mccann. USENIX Association, Vancouver, BC, pp 199–216

  40. Park J, Tyagi A (2017) Using power clues to hack IoT devices: the power side channel provides for instruction-level disassembly. IEEE Consum Electron Mag 6(3):92–102. https://doi.org/10.1109/MCE.2017.2684982

    Article  Google Scholar 

  41. Aström K, Albertos P, Blanke M, Isidori A, Schaufelberger W, Sanz R (2001) Control of complex systems. https://doi.org/10.1007/978-1-4471-0349-3

  42. Olfati-Saber R, Fax JA, Murray RM (2007) Consensus and cooperation in networked multi-agent systems. Proc IEEE 95(1):215–233. https://doi.org/10.1109/JPROC.2006.887293

    Article  MATH  Google Scholar 

  43. Moon TK, Stirling WC (2000) Mathematical methods and algorithms for signal processing. ISBN 978-0201361865

  44. opencoresorg (2016) openMSP430 Overview. https://opencores.org/project,openmsp430, accessed 18 Oct 2017

  45. Psiaki ML, Humphreys TE, Stauffer B (2016) Attackers can spoof navigation signals without our knowledge. IEEE Spectr 53(8):26–53. https://doi.org/10.1109/MSPEC.2016.7524168

    Article  Google Scholar 

  46. Newsome J, Shi E, Song D, Perrig A (2004) The Sybil attack in sensor networks: analysis & defenses. In: Proceedings of the 3rd International Symposium on Information Process in Sensor Network. https://doi.org/10.1145/984622.984660, pp 259–268

Download references

Funding

This work was supported by the U.S. Office of Naval Research under Awards N00014-15-1-2179 and N0001417WX01442.

Author information

Authors and Affiliations

  1. Computer Science and Electrical Engineering Department, University of Maryland Baltimore County, Baltimore, MD, USA

    Brien Croteau, Deepak Krishnankutty, Chintan Patel, Ryan Robucci & Nilanjan Banerjee

  2. Weapons and Systems Engineering Department, U.S. Naval Academy, Annapolis, MD, USA

    Kiriakos Kiriakidis, Tracie Severson & Erick Rodriguez-Seda

Authors
  1. Brien Croteau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Deepak Krishnankutty
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kiriakos Kiriakidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tracie Severson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chintan Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ryan Robucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Erick Rodriguez-Seda
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Nilanjan Banerjee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Brien Croteau.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Croteau, B., Krishnankutty, D., Kiriakidis, K. et al. Cross-Level Detection Framework for Attacks on Cyber-Physical Systems. J Hardw Syst Secur 1, 356–369 (2017). https://doi.org/10.1007/s41635-017-0027-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-017-0027-9

Keywords

Search

Navigation