Skip to main content
SpringerLink
Log in

A Tale of Two Testbeds: A Comparative Study of Attack Detection Techniques in CPS

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12332))

Abstract

Attack detection in cyber-physical systems (CPS) has been approached in several ways due to the complex interactions among the physical and cyber components. A comprehensive study is presented in this paper to compare different attack detection techniques and evaluate them based on a defined set of metrics. This work investigates model-based attack detectors that use mathematical system models with the sensor/actuator set as the input/output of the underlying physical processes. The detection mechanisms include statistical change monitoring (CUSUM and Bad-Data detectors) and a machine learning based-method that analyses the residual signal. This is a tale of two testbeds, a secure water treatment plant (SWaT) and a water distribution plant (WADI), which serve as case studies for the diverse range of CPS infrastructures found in cities today. The performance of the detection methods is experimentally studied by executing various types of attacks on the plants.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Laboratory Virtual Instrument Engineering Workbench (LabVIEW) is a system-design software developed by National Instruments. For attack tool see: https://gitlab.com/gyani/NiSploit.

References

  1. Cardenas, A., Amin, S., Lin, Z., Huang, Y., Huang, C., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: 6th ACM Symposium on Information. Computer and Communications Security, pp. 355–366 (2011)

    Google Scholar 

  2. Ahmed, C.M., Zhou, J.: Challenges and opportunities in CPS security: a physics-based perspective. IEEE Secur. Priv. (2020)

    Google Scholar 

  3. Ahmed, C.M., et al.: NoisePrint: attack detection using sensor and process noise fingerprint in cyber physical systems. In: AsiaCCS 18, pp. 483–497. ACM (2018)

    Google Scholar 

  4. Rocchetto, M., Tippenhauer, N.O.: On attacker models and profiles for cyber-physical systems. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 427–449. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_22

    Chapter  Google Scholar 

  5. Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 664–669, July 2013

    Google Scholar 

  6. Shoukry, Y., Martin, P., Yona, Y., Diggavi, S., Srivastava, M.: PyCRA: physical challenge-response authentication for active sensors under spoofing attacks. In: CCS 15, pp. 1004–1015. ACM (2015)

    Google Scholar 

  7. Mitchell, R., Chen, I.-R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 1–29 (2014)

    Article  Google Scholar 

  8. SWaT: Secure Water Treatment Testbed (2015). https://itrust.sutd.edu.sg/wp-content/uploads/sites/3/2015/11/Brief-Introduction-to-SWaT_181115.pdf

  9. Ahmed, C.M., Palleti, V.R., Mathur, A.P.: WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: CPS Week. CySWATER 2017, pp. 25–28. ACM, 2017

    Google Scholar 

  10. Wei, X., Verhaegen, M., van Engelen, T.: Sensor fault detection and isolation for wind turbines based on subspace identification and Kalman filter techniques. Int. J. Adapt. Control Signal Process. 24(8), 687–707 (2010). https://doi.org/10.1002/acs.1162

    Article  MathSciNet  MATH  Google Scholar 

  11. Ahmed, C.M., Murguia, C., Ruths, J.: Model-based attack detection scheme for smart water distribution networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ASIA CCS 2017, pp. 101–113. ACM, New York (2017). https://doi.org/10.1145/3052973.3053011

  12. Qadeer, R., Murguia, C., Ahmed, C.M., Ruths, J.: Multistage downstream attack detection in a cyber physical system. In: Katsikas, S.K., et al. (eds.) CyberICPS/SECPRE -2017. LNCS, vol. 10683, pp. 177–185. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_12

    Chapter  Google Scholar 

  13. Murguia, C., Ruths, J.: Characterization of a CUSUM model-based sensor attack detector. In: 2016 IEEE 55th Conference on Decision and Control (CDC), pp. 1303–1309, December 2016

    Google Scholar 

  14. Urbina, D.I., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1092–1105. ACM (2016)

    Google Scholar 

  15. Montgomery, D.: Introduction to Statistical Quality Control. Wiley, Hoboken (2009)

    MATH  Google Scholar 

  16. Liu, T., Gu, Y., Wang, D., Gui, Y., Guan, X.: A novel method to detect bad data injection attack in smart grid. In: 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 49–54. IEEE (2013)

    Google Scholar 

  17. Aström, K.J., Wittenmark, B.: Computer-Controlled Systems, 3rd edn. Prentice-Hall Inc., Upper Saddle River (1997)

    Google Scholar 

  18. Ahmed, C.M., Zhou, J., Mathur, A.P.: Noise matters: using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 566–581 (2018)

    Google Scholar 

  19. Adepu, S., Mishra, G., Mathur, A.: Access control in water distribution networks: a case study. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp. 184–191, July 2017

    Google Scholar 

  20. Palleti, V.R., Mishra, V.K., Ahmed, C.M., Mathur, A.: Can replay attacks designed to steal water from water distribution systems remain undetected? ACM Trans. Cyber Phys. Syst. (2020)

    Google Scholar 

Download references

Acknowledgements

This work was supported by the SUTD start-up research grant SRG-ISTD-2017-124. The authors thank the reviewers for their comments. The authors express their gratitude to the iTrust research centre at Singapore University of Technology and Design for their research facilities, which have been extensively used in this work.

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Surabhi Athalye, Chuadhry Mujeeb Ahmed & Jianying Zhou

Authors
  1. Surabhi Athalye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chuadhry Mujeeb Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Surabhi Athalye .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Bristol, Bristol, UK

    Awais Rashid

  2. Department of Computer Science, City, University of London, London, UK

    Peter Popov

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Athalye, S., Ahmed, C.M., Zhou, J. (2020). A Tale of Two Testbeds: A Comparative Study of Attack Detection Techniques in CPS. In: Rashid, A., Popov, P. (eds) Critical Information Infrastructures Security. CRITIS 2020. Lecture Notes in Computer Science(), vol 12332. Springer, Cham. https://doi.org/10.1007/978-3-030-58295-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58295-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58294-4

  • Online ISBN: 978-3-030-58295-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation