Learning-Based Time Delay Attack Characterization for Cyber-Physical Systems

The cyber-physical systems (CPSes) rely on computing and control techniques to achieve system safety and reliability. However, recent attacks show that these techniques are vulnerable once the cyber-attackers have bypassed air gaps. The attacks may cause service disruptions or even physical damages. This paper designs the built-in attack characterization scheme for one general type of cyber-attacks in CPS, which we call time delay attack, that delays the transmission of the system control commands. We use the recurrent neural networks in deep learning to estimate the delay values from the input trace. Specifically, to deal with the long time-sequence data, we design the deep learning model using stacked bidirectional long short-term memory (LSTM) units. The proposed approach is tested by using the data generated from a power plant control system. The results show that the LSTM-based deep learning approach can work well based on data traces from three sensor measurements, i.e., temperature, pressure, and power generation, in the power plant control system. Moreover, we show that the proposed approach outperforms the base approach based on k-nearest neighbors.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Jun Sun,et al.  Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[3]  David K. Y. Yau,et al.  Optimal False Data Injection Attack against Automatic Generation Control in Power Grids , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[4]  Wim Michiels,et al.  Stability, Control, and Computation for Time-Delay Systems - An Eigenvalue-Based Approach (2. ed.) , 2014, Advances in design and control.

[5]  Deepa Kundur,et al.  Impact of cyber attacks on transient stability of smart grids with voltage support devices , 2013, 2013 IEEE Power & Energy Society General Meeting.

[6]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[7]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[8]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[9]  Zhiyong Cui,et al.  Deep Bidirectional and Unidirectional LSTM Recurrent Neural Network for Network-wide Traffic Speed Prediction , 2018, ArXiv.

[10]  Quoc V. Le,et al.  Sequence to Sequence Learning with Neural Networks , 2014, NIPS.

[11]  Deepa Kundur,et al.  A Cyber-Physical Control Framework for Transient Stability in Smart Grids , 2018, IEEE Transactions on Smart Grid.

[12]  Yoshua Bengio,et al.  The problem of learning long-term dependencies in recurrent networks , 1993, IEEE International Conference on Neural Networks.

[13]  Kuldip K. Paliwal,et al.  Bidirectional recurrent neural networks , 1997, IEEE Trans. Signal Process..

[14]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[15]  David K. Y. Yau,et al.  Exploiting Power Grid for Accurate and Secure Clock Synchronization in Industrial IoT , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[16]  Geoffrey E. Hinton,et al.  Speech recognition with deep recurrent neural networks , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[17]  Shuzhi Sam Ge,et al.  Cognitive Radio Based State Estimation in Cyber-Physical Systems , 2014, IEEE Journal on Selected Areas in Communications.

[18]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[19]  Arman Sargolzaei,et al.  Preventing Time-Delay Switch Attack on Load Frequency Control in Distributed Power Systems , 2016, IEEE Transactions on Smart Grid.

[20]  David K. Y. Yau,et al.  Assessing and mitigating impact of time delay attack: a case study for power grid frequency control , 2019, ICCPS.

[21]  Victor A. Skormin,et al.  Detection and Mitigation of Time Delay Injection Attacks on Industrial Control Systems with PLCs , 2017, MMM-ACNS.