Learning-Based Simultaneous Detection and Characterization of Time Delay Attack in Cyber-Physical Systems

Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.

[1]  Naeem Iqbal,et al.  Load frequency resilient control of power system against delayed input cyber attack , 2015, 2015 Symposium on Recent Advances in Electrical Engineering (RAEE).

[2]  Arman Sargolzaei,et al.  A Neural Network-based Approach for Detection of Time Delay Switch Attack on Networked Control Systems , 2020 .

[3]  H. Farhangi,et al.  The path of the smart grid , 2010, IEEE Power and Energy Magazine.

[4]  Haibo He,et al.  Cyber-physical attacks and defences in the smart grid: a survey , 2016, IET Cyper-Phys. Syst.: Theory & Appl..

[5]  Yang Xiang,et al.  A survey on security control and attack detection for industrial cyber-physical systems , 2018, Neurocomputing.

[6]  Joachim Fabini,et al.  Encryption is Futile: Delay Attacks on High-Precision Clock Synchronization , 2018, ArXiv.

[7]  Anis Messaoud,et al.  An online identification algorithm of unknown time-varying delay and internal multimodel control for discrete non-linear systems , 2018 .

[8]  Linear Time-Invariant Systems , 2004 .

[9]  Rob J. De Boer Which of Our Modeling Predictions Are Robust? , 2012, PLoS Comput. Biol..

[10]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[11]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[12]  Kang Yen,et al.  Delayed inputs attack on load frequency control in smart grid , 2014, ISGT 2014.

[13]  Jun Sun,et al.  Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning , 2017, 2017 IEEE International Conference on Data Mining Workshops (ICDMW).

[14]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[15]  Xin Lou Assessing and Mitigating Impact of Time Delay Attack : A Case Study for Power Grid Frequency Control , .

[16]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[17]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[18]  Francesco Casella,et al.  Modelling of thermo-hydraulic power generation processes using Modelica , 2006 .

[19]  Victor A. Skormin,et al.  Detection and Mitigation of Time Delay Injection Attacks on Industrial Control Systems with PLCs , 2017, MMM-ACNS.

[20]  David K. Y. Yau,et al.  Assessing and Mitigating Impact of Time Delay Attack: Case Studies for Power Grid Controls , 2020, IEEE Journal on Selected Areas in Communications.

[21]  Tingting Li,et al.  Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[22]  Arman Sargolzaei,et al.  Resilient Design of Networked Control Systems Under Time Delay Switch Attacks, Application in Smart Grid , 2017, IEEE Access.

[23]  Pierdomenico Pepe,et al.  Stability, Control, and Computation for Time-Delay Systems, An Eigenvalue-Based Approach, Michiels Wim, Niculescu Silviu-Iulian, in: Advances in Design and Control. SIAM (2014) , 2021, Autom..

[24]  Arman Sargolzaei,et al.  Preventing Time-Delay Switch Attack on Load Frequency Control in Distributed Power Systems , 2016, IEEE Transactions on Smart Grid.

[25]  David K. Y. Yau,et al.  Optimal False Data Injection Attack against Automatic Generation Control in Power Grids , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[26]  Peter Xiaoping Liu,et al.  Denial-of-Service (dos) attacks on load frequency control in smart grids , 2013, 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT).

[27]  See-Kiong Ng,et al.  Anomaly Detection with Generative Adversarial Networks for Multivariate Time Series , 2018, ArXiv.

[28]  Arman Sargolzaei,et al.  Time-Delay Switch Attack on Load Frequency Control in Smart Grid , 2013 .

[29]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[30]  Marianne Winslett,et al.  Learning-Based Time Delay Attack Characterization for Cyber-Physical Systems , 2019, 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[31]  Franck Plestan,et al.  Super-Twisting Algorithm-Based Time-Varying Delay Estimation With External Signal , 2020, IEEE Transactions on Industrial Electronics.

[32]  Daniel L. Marino,et al.  Generalization of Deep Learning for Cyber-Physical System Security: A Survey , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[33]  Adrian Pop,et al.  OpenModelica - A free open-source environment for system modeling, simulation, and teaching , 2006, 2006 IEEE Conference on Computer Aided Control System Design, 2006 IEEE International Conference on Control Applications, 2006 IEEE International Symposium on Intelligent Control.

[34]  Yoshua Bengio,et al.  Gradient Flow in Recurrent Nets: the Difficulty of Learning Long-Term Dependencies , 2001 .

[35]  Dipankar Dasgupta,et al.  Effects of Time Delays in the Electric Power Grid , 2012, Critical Infrastructure Protection.

[36]  Babu Narayanan,et al.  POWER SYSTEM STABILITY AND CONTROL , 2015 .

[37]  Razvan Pascanu,et al.  Understanding the exploding gradient problem , 2012, ArXiv.

[38]  David K. Y. Yau,et al.  Exploiting Power Grid for Accurate and Secure Clock Synchronization in Industrial IoT , 2016, 2016 IEEE Real-Time Systems Symposium (RTSS).

[39]  Nicholas J. Higham,et al.  INVERSE PROBLEMS NEWSLETTER , 1991 .

[40]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[41]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[42]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[43]  Zachary Chase Lipton A Critical Review of Recurrent Neural Networks for Sequence Learning , 2015, ArXiv.