Abstract
Anomaly detection is critical in thwarting malicious attacks on Cyber-Physical Systems. This work presents a novel inference engine that integrates two heterogeneous anomaly detectors, working at different levels of the system architecture, in order to produce a cross-level detector more effective than either one separately. The macro- or process-level detector uses a bank of observers of the physical plant that estimate the state of the process suspected to be under attack, specifically for its sensor to be compromised, from data gathered by available networked sensors. The estimates are then combined using a consensus algorithm to determine if the suspect sensor is reporting false readings. The micro-level detector uses time-sampled side-channel power measurements of an integrated circuit on the suspect sensor. By comparing power measurements against those from a known good state, differences indicate the code running inside has been altered. The cross-level detector performs a two-dimensional Neyman-Pearson hypothesis test that declares the presence of an attack on the sensor node. The cross-level detector is shown to be more accurate and less latent than its constituent parts. Detection was tested against a range of False Data Injection attacks on a hardware prototype and the detector performance was measured experimentally. The cross-level detector on average achieved a 93% rate of correct detection, compared with 72 and 85% for the macro- and micro-level detectors, respectively; and a 50% reduction in latency compared to the macro-level detector.
Similar content being viewed by others
References
Kim KD, Kumar PR (2012) Cyber-physical systems: a perspective at the centennial. Proc IEEE 100:1287–1308
National Science Foundation (2017) Cyber-Physical Systems (CPS) Program Solicitation. https://www.nsf.gov/pubs/2017/nsf17529/nsf17529.htm, accessed 26 June 2017
Ray S, Jin Y, Raychowdhury A (2016) The changing computing paradigm with internet of things: a tutorial introduction. IEEE Des Test 33(2):76–96. https://doi.org/10.1109/MDAT.2016.2526612
Khorrami F, Krishnamurthy P, Karri R (2016) Cybersecurity for control systems: a process-aware perspective. IEEE Des Test 33(5):75–83. https://doi.org/10.1109/MDAT.2016.2594178
(2016). ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) Year in Review 2016. Tech. rep., National Cybersecurity and Communications Integration Center (NCCIC). https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_Final_S508C.pdf
Liang G, Weller SR, Zhao J, Luo F, Dong ZY (2017) The 2015 Ukraine blackout: implications for false data injection attacks. IEEE Trans on Power Syst 32(4):3317–3318. https://doi.org/10.1109/TPWRS.2016.2631891
Lee RM, Assante MJ, Conway T (2016) Analysis of the cyber attack on the Ukrainian power grid. SANS Ind Control Syst. https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf
Castro M, Liskov B (1999) Practical byzantine fault tolerance. In: Proceedings of the Third Symposium on Operating System Design and Implement (OSDI). https://doi.org/10.1109/TPWRS.2016.2631891
Ren W, Beard RW (2005) Consensus seeking in multiagent systems under dynamically changing interaction topologies. IEEE Trans on Autom Control 50(5):655–661. https://doi.org/10.1109/TAC.2005.846556
Parno B (2008) Bootstrapping trust in a “Trusted” platform. In: Proceedings of the 3rd Conference on Hot Topics in Security. http://dl.acm.org/citation.cfm?id=1496671.1496680, pp 9:1–9:6
Gollmann D (2012) Veracity, plausibility, and reputation. In: Proceedings of Information Security Theory and Practice. https://doi.org/10.1007/978-3-642-30955-7_3, pp 20–28
Kocher P, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J of Cryptogr Eng 1(1):5–27. https://doi.org/10.1007/s13389-011-0006-y
Croteau B, Krishnankutty D, Robucci R, Patel C, Banerjee N, Kiriakidis K, Severson T, Rodriguez-Seda E (2017) Cross-level detection of sensor-based deception attacks on cyber-physical systems. In: Proceedings of the 7th Annual IEEE International Conference on CYBER Technology in Autonomous, Control, and Intelligent System
Rajkumar RR, Lee I, Sha L, Stankovic J (2010) Cyber-physical systems: the next computing revolution. In: Proceedings of the 47th Design Automation Conference (DAC). https://doi.org/10.1145/1837274.1837461, pp 731–736
Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: Proceedings of the 3rd Conference on Hot Topics in Security. http://dl.acm.org/citation.cfm?id=1496671.1496677, pp 6:1–6:6
Liu J, Xiao Y, Li S, Liang W, Chen CLP (2012) Cyber security and privacy issues in smart grids. IEEE Commun Surv Tutor 14(4):981–997. https://doi.org/10.1109/SURV.2011.122111.00145
He H, Yan J (2016) Cyber-physical attacks and defences in the smart grid: a survey. IET Cyber-Phys Syst: Theory Appl 1(1):13–27. https://doi.org/10.1049/iet-cps.2016.0019
Stouffer K, Lightman S, Pillitteri V, Abrams M, Hahn A (2014) NIST Special Publication 800-82 Revision 2, Guide to Industrial Control Systems (ICS) Security. Natl Inst of Stand and Technol. https://doi.org/10.6028/NIST.SP.800-82r2
Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water SCADA systems-part I: analysis and experimentation of stealthy deception attacks. IEEE Trans on Control Syst Technol 21(5):1963–1970. https://doi.org/10.1109/TCST.2012.2211873
Zhu B, Joseph A, Sastry S (2011) A taxonomy of cyber attacks on SCADA systems. In: Proceedings of 2011 IEEE International Conference on Internet of Things and Cyber, Phys and Soc Comput. https://doi.org/10.1109/iThings/CPSCom.2011.34, pp 380–388
Liu Y, Ning P, Reiter MK (2011) False data injection attacks against state estimation in electric power grids. ACM Trans Inf Syst Secur 14(1):13:1–13:33. https://doi.org/10.1145/1952982.1952995
Mo Y, Sinopoli B (2009) Secure control against replay attacks. In: 47th Annual Allerton Conference on Communication, Control, and Computing. https://doi.org/10.1109/ALLERTON.2009.5394956, pp 911–918
Murguia C, Ruths J (2016) CUSUM and chi-squared attack detection of compromised sensors. In: 2016 IEEE Conference on Control Applications (CCA). https://doi.org/10.1109/CCA.2016.7587875, pp 474–480
Fawzi H, Tabuada P, Diggavi S (2014) Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans on Autom Control 59(6):1454–1467. https://doi.org/10.1109/TAC.2014.2303233
Ivanov R, Pajic M, Lee I (2016) Attack-resilient sensor fusion for safety-critical cyber-physical systems. ACM Trans Embed Comput Syst 15(1):21:1–21:24. https://doi.org/10.1145/2847418
Kiriakidis K, Severson T, Connett B (2016) Detecting and Isolating Attacks of Deception in Networked Control Systems. In: 2016 IEEE International Conference on Autonomic Computing (ICAC). https://doi.org/10.1109/ICAC.2016.14, pp 269–274
Olfati-Saber R, Murray RM (2004) Consensus problems in networks of agents with switching topology and time-delays. IEEE Trans on Autom Control 49(9):1520–1533. https://doi.org/10.1109/TAC.2004.834113
Rodriguez-Seda EJ, Severson T, Kiriakidis K (2016) Recovery after attacks of deception on networked control systems. In: Proceedings of the 9th International Symposium on Resilient Control Systems. https://doi.org/10.1109/RWEEK.2016.7573316, pp 109–114
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptolog – CRYPTO’99. Springer, pp 789–789
Standaert FX, Malkin TG, Yung M (2009) A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks, pp 443–461. https://doi.org/10.1007/978-3-642-01001-9_26
Lee J, Tehranipoor M, Patel C, Plusquellic J (2007) Securing designs against scan-based side-channel attacks. IEEE Trans on Depend and Secur Comput 4(4):325–336. https://doi.org/10.1109/TDSC.2007.70215
Lin L, Kasper M, Güneysu T, Paar C, Burleson W (2009) Trojan side-channels: lightweight hardware Trojans through side-channel engineering, pp 382–395. https://doi.org/10.1007/978-3-642-04138-9_27
Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Des Test of Comput 27(1):10–25. https://doi.org/10.1109/MDT.2010.7
Narasimhan S, Du D, Chakraborty RS, Paul S, Wolff FG, Papachristou CA, Roy K, Bhunia S (2013) Hardware trojan detection by multiple-parameter side-channel analysis. IEEE Trans on Comput 62(11):2183–2195. https://doi.org/10.1109/TC.2012.200
Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247. https://doi.org/10.1109/JPROC.2014.2334493
Krishnankutty D, Robucci R, Banerjee N, Patel C (2017) Fiscal: firmware identification using side-channel power analysis. In: 2017 IEEE 35th VLSI Test Symposium (VTS). https://doi.org/10.1109/VTS.2017.7928948, pp 1–6
Eisenbarth T, Paar C, Weghenkel B (2010) Building a side channel based disassembler. In: Gavrilova ML, Tan C J K, Moreno ED (eds) Transactions on Computational Science X: Special Issue on Security in Computing, Part I. ISBN: 978-3-642-17499-5. https://doi.org/10.1007/978-3-642-17499-5_4. Berlin Heidelberg, Springer Berlin, pp 78–99
Msgna M, Markantonakis K, Mayes K (2014) Precise Instruction-Level Side Channel Profiling of Embedded Processors, pp 129–143. In: 26th USENIX Security Symposium (USENIX Security 17). https://doi.org/10.1007/978-3-319-06320-1_11
McCann D, Oswald E, Whitnall C (2017) Towards practical tools for side channel aware software engineering: ‘Grey Box’ modelling for instruction leakages. In: 26th USENIX Security Symposium (USENIX Security 17). ISSN: 978-1-931971-40-9. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/mccann. USENIX Association, Vancouver, BC, pp 199–216
Park J, Tyagi A (2017) Using power clues to hack IoT devices: the power side channel provides for instruction-level disassembly. IEEE Consum Electron Mag 6(3):92–102. https://doi.org/10.1109/MCE.2017.2684982
Aström K, Albertos P, Blanke M, Isidori A, Schaufelberger W, Sanz R (2001) Control of complex systems. https://doi.org/10.1007/978-1-4471-0349-3
Olfati-Saber R, Fax JA, Murray RM (2007) Consensus and cooperation in networked multi-agent systems. Proc IEEE 95(1):215–233. https://doi.org/10.1109/JPROC.2006.887293
Moon TK, Stirling WC (2000) Mathematical methods and algorithms for signal processing. ISBN 978-0201361865
opencoresorg (2016) openMSP430 Overview. https://opencores.org/project,openmsp430, accessed 18 Oct 2017
Psiaki ML, Humphreys TE, Stauffer B (2016) Attackers can spoof navigation signals without our knowledge. IEEE Spectr 53(8):26–53. https://doi.org/10.1109/MSPEC.2016.7524168
Newsome J, Shi E, Song D, Perrig A (2004) The Sybil attack in sensor networks: analysis & defenses. In: Proceedings of the 3rd International Symposium on Information Process in Sensor Network. https://doi.org/10.1145/984622.984660, pp 259–268
Funding
This work was supported by the U.S. Office of Naval Research under Awards N00014-15-1-2179 and N0001417WX01442.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Croteau, B., Krishnankutty, D., Kiriakidis, K. et al. Cross-Level Detection Framework for Attacks on Cyber-Physical Systems. J Hardw Syst Secur 1, 356–369 (2017). https://doi.org/10.1007/s41635-017-0027-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-017-0027-9