Periodic Reporting for period 1 - CSP-CPS-A-ICA (Cybersecurity Protection for Cyber-Physical Systems Against Integrity Cyberattacks)
Période du rapport: 2022-08-01 au 2024-07-31
Modern control systems integrate information and communication in cyber world and computation in the physical world, which are called cyber-physical systems (CPS), and are currently at a high risk to cyberattacks. Developing cybersecurity protection technologies for CPSs against cyberattacks satisfies the increasing security and safety requirements. Stealthiness is a critical challenge to handle cyber attacks. Unfortunately, associated research is currently not sufficiently since no nonlinearities and interconnections are considered. Complex nonlinearities and interconnections exist in most modern complex industrial control. Traditional anomaly detectors (TADs) concerned more on unintelligent faults of physical components such as actuators and sensors. Cyber attacks are endowed with intelligence and intents by hackers using rational attack models. This allows them to bypass TADs without being detected. Due to the integration of physical components and cyber communication networks in a CPS loop, a novel safety and security problem has arisen, i.e. distinguishing cyberattacks and physical failures. This project contributes towards a knowledge-based economy by applying highly technical information tools and methodologies to protect the cybersecurity of the future industrial CPSs.
This project develops cybersecurity protection schemes that provide cybersecurity protecting services to industrial CPSs. This improves the security level of the industrial CPSs against malicious cyberattacks. Such an achievement is among the goals of Internet Governance Forum (IGF) convened annually by the UN Secretary-General and established by the support of UN Sustainable Development Goals. Furthermore, such research is in line with the aims of “Threat and Risk Management” of ENISA, and also belongs to the target “A Europe fit for the digital age” that is one of the 6 European Commission priorities for 2019-2024.
The overall scope of this project is to provide effective, efficient and reliable cybersecurity protections for industrial control systems. It includes proposing novel attack strategies and attack models to reveal the stealthiness of IC attacks in complex CPSs, proposing advanced cyberattack detecting methodologies and designing RD schemes to identify the occurring risk types. A further objective of the project is to enhance my career prospects.
This project develops cybersecurity protection schemes that provide cybersecurity protecting services to industrial CPSs. This improves the security level of the industrial CPSs against malicious cyberattacks. Such an achievement is among the goals of Internet Governance Forum (IGF) convened annually by the UN Secretary-General and established by the support of UN Sustainable Development Goals. Furthermore, such research is in line with the aims of “Threat and Risk Management” of ENISA, and also belongs to the target “A Europe fit for the digital age” that is one of the 6 European Commission priorities for 2019-2024.
The overall scope of this project is to provide effective, efficient and reliable cybersecurity protections for industrial control systems. It includes proposing novel attack strategies and attack models to reveal the stealthiness of IC attacks in complex CPSs, proposing advanced cyberattack detecting methodologies and designing RD schemes to identify the occurring risk types. A further objective of the project is to enhance my career prospects.
The CSP-CPS-A-ICA project has so far delivered several publications in top-tier journals and conference proceedings. Two journal papers have been published in IEEE/CAA Journal of Automatica Sinica and IEEE Transactions on Intelligent Transportation Systems. Moreover, six more papers have appeared, or have been accepted to appear, in conference proceedings, four of which at the IEEE Conference on Decision and Control that is widely regarded as the most prominent conference in systems and control theory. Moreover, one paper is in revision for publication at IEEE Transactions on Automatic Control, the top tier journal in system and control theory. Finally, three more papers are in preparation for submission, with a plan to be submitted to IEEE Transactions on Automatic Control within the next six months.
The main results of the project are given as follows:
(i) Reveal strategies to generate practically stealthy integrity attacks for nonlinear CPSs. We propose a stealthy integrity attack generation methodology for a class of nonlinear cyber-physical systems. The stealthiness of the attack model is rigorously investigated and a sufficient condition on the initial condition of the attack model is derived to guarantee stealthiness.
(ii) Propose attack detection methodologies for nonlinear CPSs to enhance TADs against stealthy integrity attacks. We propose a backward-in-time methodology for detecting stealthy integrity attacks of nonlinear cyber– physical systems subject to disturbances. The detectability analysis is conducted to rigorously characterize the class of detectable attacks.
(iii) Propose RD schemes for complex CPSs to identify the occurring risk types. A set of continuous unitary basis functions are used to characterize the discriminability of the attacks and faults. For each threat, its Tchebycheff approximation using the basis functions of the other threat, is leveraged to deduce its discrimination sensitivity. In addition, an analytic approach to calculate the metric under the generalized Haar condition is developed by solving a minimax optimization problem.
The main results of the project are given as follows:
(i) Reveal strategies to generate practically stealthy integrity attacks for nonlinear CPSs. We propose a stealthy integrity attack generation methodology for a class of nonlinear cyber-physical systems. The stealthiness of the attack model is rigorously investigated and a sufficient condition on the initial condition of the attack model is derived to guarantee stealthiness.
(ii) Propose attack detection methodologies for nonlinear CPSs to enhance TADs against stealthy integrity attacks. We propose a backward-in-time methodology for detecting stealthy integrity attacks of nonlinear cyber– physical systems subject to disturbances. The detectability analysis is conducted to rigorously characterize the class of detectable attacks.
(iii) Propose RD schemes for complex CPSs to identify the occurring risk types. A set of continuous unitary basis functions are used to characterize the discriminability of the attacks and faults. For each threat, its Tchebycheff approximation using the basis functions of the other threat, is leveraged to deduce its discrimination sensitivity. In addition, an analytic approach to calculate the metric under the generalized Haar condition is developed by solving a minimax optimization problem.
1: Reveal strategies and attack models to generate practically stealthy integrity attacks for nonlinear CPSs
(1) The attack generation model is proposed as a closed-loop system with an arbitrary input signal. The stealthiness of the generated attack is rigorously investigated. A sufficient condition on the initial value of the attack model is derived, allowing the generated attacks to remain undetected by typical anomaly detectors.
(3) We consider: (a) the attacker has full knowledge of the system linear terms but only the structure of the uncertain term, and (b) the attacker only knows the structures of the linear terms and the uncertain non-linear term. For scenario (a), the obtained existence condition of stealthy integrity attacks is that the uncertainty is decoupled with the maximal output-zeroing controlled-invariant subspace. In scenario (b), the existence of stealthy attacks is only possible if the uncertainty is decoupled with the fixed maximal output-zeroing controlled-invariant subspace.
(4) For each disclosure scenario, we deduce the minimum actuator communication channels to protect for guaranteeing the absence of stealthy integrity attacks.
2: Propose attack detection methodologies for nonlinear CPSs to enhance TADs against stealthy integrity attacks
(1) An equivalent increment of the system at a time prior to the attack occurrence time is found to be effective in detecting stealthy integrity attacks.
(2) A backward-in-time detector based on an H_∞ fixed-point smoother is proposed as the tool to estimate the unknown equivalent increment.
(3) A sensor watermarking scheme is proposed, which is composed of a watermark generator and a remover, both switching between a set of two larger (outer) and two smaller (inner) values. These values and the time instants are properly set.
(4) We provide suitable design requirements for the time seeds and demonstrate how these are satisfied by a chaotic Lorenz system.
3: Propose RD schemes for complex CPSs to identify the occurring risk types
(1) The continuous function spaces formed by the bases of the threats are utilized to characterize the threat discriminability.
(2) A sensitivity metric is proposed as the ratio of the Tchebycheff norm of the approximation error to the threat magnitude, to characterize its discrimination sensitivity.
(3) The proposed sensitivity metric is calculated for the scalar-valued and vector-valued basis functions, respectively, by analytically solving a minimax optimization problem under the Haar condition.
(4) A novel methodology consisting of a two-layered decision strategy and a sensor switching watermark scheme is designed for threat detection and discrimination. Such a methodology can rigorously guarantee the detection and discrimination between physical faults and a broad range of MITM cyber attacks such as DoS, replay, and integrity attacks.
(1) The attack generation model is proposed as a closed-loop system with an arbitrary input signal. The stealthiness of the generated attack is rigorously investigated. A sufficient condition on the initial value of the attack model is derived, allowing the generated attacks to remain undetected by typical anomaly detectors.
(3) We consider: (a) the attacker has full knowledge of the system linear terms but only the structure of the uncertain term, and (b) the attacker only knows the structures of the linear terms and the uncertain non-linear term. For scenario (a), the obtained existence condition of stealthy integrity attacks is that the uncertainty is decoupled with the maximal output-zeroing controlled-invariant subspace. In scenario (b), the existence of stealthy attacks is only possible if the uncertainty is decoupled with the fixed maximal output-zeroing controlled-invariant subspace.
(4) For each disclosure scenario, we deduce the minimum actuator communication channels to protect for guaranteeing the absence of stealthy integrity attacks.
2: Propose attack detection methodologies for nonlinear CPSs to enhance TADs against stealthy integrity attacks
(1) An equivalent increment of the system at a time prior to the attack occurrence time is found to be effective in detecting stealthy integrity attacks.
(2) A backward-in-time detector based on an H_∞ fixed-point smoother is proposed as the tool to estimate the unknown equivalent increment.
(3) A sensor watermarking scheme is proposed, which is composed of a watermark generator and a remover, both switching between a set of two larger (outer) and two smaller (inner) values. These values and the time instants are properly set.
(4) We provide suitable design requirements for the time seeds and demonstrate how these are satisfied by a chaotic Lorenz system.
3: Propose RD schemes for complex CPSs to identify the occurring risk types
(1) The continuous function spaces formed by the bases of the threats are utilized to characterize the threat discriminability.
(2) A sensitivity metric is proposed as the ratio of the Tchebycheff norm of the approximation error to the threat magnitude, to characterize its discrimination sensitivity.
(3) The proposed sensitivity metric is calculated for the scalar-valued and vector-valued basis functions, respectively, by analytically solving a minimax optimization problem under the Haar condition.
(4) A novel methodology consisting of a two-layered decision strategy and a sensor switching watermark scheme is designed for threat detection and discrimination. Such a methodology can rigorously guarantee the detection and discrimination between physical faults and a broad range of MITM cyber attacks such as DoS, replay, and integrity attacks.