2018
DOI: 10.1145/3203245
|View full text |Cite
|
Sign up to set email alerts
|

A Survey of Physics-Based Attack Detection in Cyber-Physical Systems

Abstract: Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements in order to identify potentially false control commands or false sensor readings. In this paper, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges, an… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
207
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 344 publications
(208 citation statements)
references
References 105 publications
1
207
0
Order By: Relevance
“…A schematic of ICS architecture and possible attack locations on an ICS system. 3 5) The sensors, by leveraging physical effects interfering with the measurement or replacing the sensor with a malicious one as shown in [16], or, 6) The actuators, by altering the signal sent by the actuators to the controlled process, as described in [17]. The attack can also combine a number of vectors, for example issuing malicious commands to the actuator and replaying a valid system state to the SCADA, as done by the Stuxnet malware.…”
Section: B Attacks On Icss and Threat Modelmentioning
confidence: 99%
“…A schematic of ICS architecture and possible attack locations on an ICS system. 3 5) The sensors, by leveraging physical effects interfering with the measurement or replacing the sensor with a malicious one as shown in [16], or, 6) The actuators, by altering the signal sent by the actuators to the controlled process, as described in [17]. The attack can also combine a number of vectors, for example issuing malicious commands to the actuator and replaying a valid system state to the SCADA, as done by the Stuxnet malware.…”
Section: B Attacks On Icss and Threat Modelmentioning
confidence: 99%
“…For the cyber component of the CPS Sys, we define two parallel processes: Ctrl and IDS . The former models the controller activity, consisting in reading the temperature sensor and in governing the cooling system via its actuator, whereas the latter models a simple intrusion detection system that attempts to detect and signal anomalies in the behaviour of the system [23]. Intuitively, Ctrl senses the temperature of the engine at each time slot.…”
Section: The Cps Sysmentioning
confidence: 99%
“…Almost all papers discussed in the surveys mentioned above [63,23,2] investigate attacks on CPSs and their protection by relying on simulation test systems to validate the results, rather than formal methodologies.…”
Section: Related Workmentioning
confidence: 99%
“…For instance, in the case of security protocols, Basin and Cremers define attackers in [6] as combinations of compromise rules that span over three dimensions: whose data is compromised, which kind of data it is, and when the compromise occurs. In the case of Cyber-physical Systems (CPS), works like [19,29] model attackers as sets of components (e.g., some sensors or actuators), while other works like [31,17,30] model attackers that can arbitrarily manipulate any control inputs and any sensor measurements at will, as long as they avoid detection. In the same context of CPS, Rocchetto and Tippenhauer [28] model attackers more abstractly as combinations of quantifiable traits (e.g., insider knowledge, access to tools, and financial support), which, when provided a compatible system model, ideally fully define how the attacker can interact with the system.…”
Section: Related Workmentioning
confidence: 99%