Multistage Downstream Attack Detection in a Cyber Physical System

Qadeer, Rizwan; Murguia, Carlos; Ahmed, Chuadhry Mujeeb; Ruths, Justin

doi:10.1007/978-3-319-72817-9_12

Cited by 11 publications

(12 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, any validation must be carried out in a strictly controlled environment to avoid accidental disruption to CNI or compromise to data privacy. Validation can be economically challenging and requires funding to facilitate validations using a realistic simulation environment often involving physical infrastructure [47,51,64,109,119,131,137,142]. Almost three-quarters of the primary studies reported funding supported by research grants, defence or governmental sectors.…”

Section: Discussionmentioning

confidence: 99%

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

The world is experiencing a rapid growth of smart cities accelerated by Industry 4.0, including the Internet of Things (IoT), and enhanced by the application of emerging innovative technologies which in turn create highly fragile and complex cyber–physical–natural ecosystems. This paper systematically identifies peer-reviewed literature and explicitly investigates empirical primary studies that address cyber resilience and digital forensic incident response (DFIR) aspects of cyber–physical systems (CPSs) in smart cities. Our findings show that CPSs addressing cyber resilience and support for modern DFIR are a recent paradigm. Most of the primary studies are focused on a subset of the incident response process, the “detection and analysis” phase whilst attempts to address other parts of the DFIR process remain limited. Further analysis shows that research focused on smart healthcare and smart citizen were addressed only by a small number of primary studies. Additionally, our findings identify a lack of available real CPS-generated datasets limiting the experiments to mostly testbed type environments or in some cases authors relied on simulation software. Therefore, contributing this systematic literature review (SLR), we used a search protocol providing an evidence-based summary of the key themes and main focus domains investigating cyber resilience and DFIR addressed by CPS frameworks and systems. This SLR also provides scientific evidence of the gaps in the literature for possible future directions for research within the CPS cybersecurity realm. In total, 600 papers were surveyed from which 52 primary studies were included and analysed.

show abstract

Section: Discussionmentioning

confidence: 99%

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Also, in their subsequent work [2] they designed a distributed mechanism for detecting cyber attacks on a water treatment system by systematically deriving invariants. Recently, in [6,7,30,33] researchers report an investigation into the effectiveness of yet another detection scheme that uses the Kalman filter on an operational water treatment testbed system. Experimental investigation on operational and real testbeds provides how an attacker can perform attacks on these systems to achieve his goal.…”

Section: Related Workmentioning

confidence: 99%

Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?

Palleti

Mishra

Ahmed

et al. 2020

ACM Trans. Cyber-Phys. Syst.

Self Cite

View full text Add to dashboard Cite

Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-components in an ICS leads to ease of operations and maintenance, it renders the system under control vulnerable to cyber and physical attacks. An experimental study was conducted with replay attacks launched on an operational water distribution (WADI) plant to understand under what conditions an attacker/attack can remain undetected while stealing water. A detection method, based on an input-output Linear Time-invariant system model of the physical process, was developed and implemented in WADI to detect such attacks. The experiments reveal the strengths and limitations of the detection method and challenges faced by an attacker while attempting to steal water from a water distribution system.

show abstract

“…Stealthy Attacks(S7): An attacker modifies a sensor measurement and attempts to hide it's presence. In the literature [37], [45], [48], [49], [50] specific stealthy attacks have been designed to stay undetected for a range of statistical detectors. To achieve the stealthiness an attacker must modify sensor measurement in a way so that it can maximize the damage and remain undetected.…”

Section: Physical (Analog Domain) Attacksmentioning

confidence: 99%

NoiSense Print

Ahmed

Mathur

Ochoa

2020

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

In recent years fingerprinting of various physical and logical devices has been proposed with the goal of uniquely identifying users or devices of mainstream IT systems such as PCs, Laptops and smart phones. On the other hand, the application of such techniques in Cyber-Physical Systems (CPS) is less explored due to various reasons, such as difficulty of direct access to critical systems and the cost involved in faithfully reproducing realistic scenarios. In this work we evaluate the feasibility of using fingerprinting techniques in the context of realistic Industrial Control Systems related to water treatment and distribution. Based on experiments conducted with 44 sensors of six different types, it is shown that noise patterns due to microscopic imperfections in hardware manufacturing can be used to uniquely identify sensors in a CPS with up to 97% accuracy. The proposed technique can be used in to detect physical attacks, such as the replacement of legitimate sensors by faulty or manipulated sensors. We also show that, unexpectedly, sensor fingerprinting can effectively detect advanced physical attacks such as analog sensor spoofing due to variations in received energy at the transducer of an active sensor. Also, it can be leveraged to construct a novel challenge-response protocol that exposes cyber-attacks.

show abstract

Multistage Downstream Attack Detection in a Cyber Physical System

Cited by 11 publications

References 11 publications

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

Cyber Resilience and Incident Response in Smart Cities: A Systematic Literature Review

Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?

NoiSense Print

Contact Info

Product

Resources

About