Identification of Data Injection Attacks in Networked Control Systems Using Noise Impulse Integration †

The benefits of using Networked Control Systems (NCS) in the growing Industry 4.0 are numerous, including better management and operational capabilities, as well as costs reduction. However, despite these benefits, the use of NCSs can also expose physical plants to new threats originated in the cyber domain—such as data injection attacks in NCS links through which sensors and controllers transmit signals. In this sense, this work proposes a link monitoring strategy to identify linear time-invariant (LTI) functions executed during controlled data injection attacks by a Man-in-the-Middle hosted in an NCS link. The countermeasure is based on a bioinspired metaheuristic, called Backtracking Search Optimization Algorithm (BSA), and uses white Gaussian noise to excite the attack function. To increase the accuracy of this countermeasure, it is proposed the Noise Impulse Integration (NII) technique, which is developed using the radar pulse integration technique as inspiration. The results demonstrate that the proposed countermeasure is able to accurately identify LTI attack functions, here executed to impair measurements transmitted by the plant sensor, without interfering with the NCS behavior when the system is in its normal operation. Moreover, the results indicate that the NII technique can increase the accuracy of the attack identification.

[1]  Steffen Pfrang,et al.  On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO , 2017, ICISSP.

[2]  Mohamed Darouach,et al.  Cyber Security and Vulnerability Analysis of Networked Control System subject to False-Data injection , 2018, 2018 Annual American Control Conference (ACC).

[3]  Chedia Latrech,et al.  Integrated Longitudinal and Lateral Networked Control System Design for Vehicle Platooning , 2018, Sensors.

[4]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[5]  John Y. Hung,et al.  Denial of service attacks on network-based control systems: impact and mitigation , 2005, IEEE Transactions on Industrial Informatics.

[6]  Irfan Al-Anbagi,et al.  A Low Power WSNs Attack Detection and Isolation Mechanism for Critical Smart Grid Applications , 2019, IEEE Sensors Journal.

[7]  Sohail Ahmed,et al.  Novel noncoherent radar pulse integration to combat noise jamming , 2015, IEEE Transactions on Aerospace and Electronic Systems.

[8]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[9]  Heng Wang,et al.  Reliable Finite Frequency Filter Design for Networked Control Systems with Sensor Faults , 2012, Sensors.

[10]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[11]  Herbert J. A. F. Tulleken,et al.  Generalized binary noise test-signal concept for improved identification-experiment design , 1990, Autom..

[12]  Mats Björkman,et al.  Exploring Security in PROFINET IO , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[13]  Riccardo M. G. Ferrari,et al.  Detection and Isolation of Replay Attacks through Sensor Watermarking , 2017 .

[14]  Mischa Schwartz Effects of signal fluctuation on the detection of pulse signals in noise , 1956, IRE Trans. Inf. Theory.

[15]  Karl Henrik Johansson,et al.  A secure control framework for resource-limited adversaries , 2012, Autom..

[16]  Alfredo Gardel Vicente,et al.  Event-Based Sensing and Control for Remote Robot Guidance: An Experimental Case , 2017, Sensors.

[17]  Quanyan Zhu,et al.  Coding sensor outputs for injection attacks detection , 2014, 53rd IEEE Conference on Decision and Control.

[18]  Dieter Gollmann Security for Cyber-Physical Systems , 2012, MEMICS.

[19]  Raphael Machado,et al.  Covert Attacks in Cyber-Physical Control Systems , 2016, IEEE Transactions on Industrial Informatics.

[20]  Carlos Eduardo Pereira,et al.  WirelessHART field devices , 2011, IEEE Instrumentation & Measurement Magazine.

[21]  David K. Y. Yau,et al.  On applying fault detectors against false data injection attacks in cyber-physical control systems , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[22]  J. Radon,et al.  Austrian Academy of Sciences , 2018, The Grants Register 2019.

[23]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[24]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[25]  Raphael Machado,et al.  A controller design for mitigation of passive system identification attacks in networked control systems , 2017, Journal of Internet Services and Applications.

[26]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[27]  Yang Song,et al.  Network-in-the-Loop Simulation Platform for Control System , 2012, AsiaSim.

[28]  Manoj Kumar,et al.  Networked Control of a Large Pressurized Heavy Water Reactor (PHWR) With Discrete Proportional-Integral-Derivative (PID) Controllers , 2013, IEEE Transactions on Nuclear Science.

[29]  Emiliano Sisinni,et al.  Improving simulation of wireless networked control systems based on WirelessHART , 2013, Comput. Stand. Interfaces.

[30]  Quang Phuc Ha,et al.  Robust Non-Overshoot Time Responses Using Cascade Sliding Mode-PID Control , 2007, J. Adv. Comput. Intell. Intell. Informatics.

[31]  Kim Zetter,et al.  Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon , 2014 .

[32]  Hervé Debar,et al.  Security Issues and Mitigation in Ethernet POWERLINK , 2016, CyberICPS@ESORICS.

[33]  Hans-Georg Kemper,et al.  Application-Pull and Technology-Push as Driving Forces for the Fourth Industrial Revolution , 2014 .

[34]  Pinar Çivicioglu,et al.  Backtracking Search Optimization Algorithm for numerical optimization problems , 2013, Appl. Math. Comput..

[35]  N. Jazdi,et al.  Cyber physical systems in the context of Industry 4.0 , 2014, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics.

[36]  Alan Oliveira de Sá,et al.  Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems , 2020, Mob. Networks Appl..

[37]  Kevser Ovaz Akpinar,et al.  Development of the ECAT Preprocessor with the Trust Communication Approach , 2018, Secur. Commun. Networks.

[38]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[39]  Guang Hui Wang,et al.  Study on Sample Rate and Performance of a Networked Control System by Simulation , 2010 .

[40]  Roy S. Smith,et al.  A Decoupled Feedback Structure for Covertly Appropriating Networked Control Systems , 2011 .

[41]  Marko Schuba,et al.  Intrusion Detection of the ICS Protocol EtherCAT , 2017 .

[42]  Raphael Machado,et al.  Countermeasure for Identification of Controlled Data Injection Attacks in Networked Control Systems , 2019, 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0&IoT).

[43]  Gerasimos Rigatos,et al.  Detection of Attacks Against Power Grid Sensors Using Kalman Filter and Statistical Decision Making , 2017, IEEE Sensors Journal.

[44]  B. Goswami,et al.  Network Control System Applied to a Large Pressurized Heavy Water Reactor , 2006, IEEE Transactions on Nuclear Science.

[45]  Roy S. Smith,et al.  Covert Misappropriation of Networked Control Systems: Presenting a Feedback Structure , 2015, IEEE Control Systems.

[46]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[47]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[48]  Guo-Ping Liu,et al.  Design and Implementation of Secure Networked Predictive Control Systems Under Deception Attacks , 2012, IEEE Transactions on Control Systems Technology.

[49]  Ji Huang,et al.  Robust Tracking Control of Networked Control Systems: Application to a Networked DC Motor , 2013, IEEE Transactions on Industrial Electronics.

[50]  S. Carlsen,et al.  WirelessHART Versus ISA100.11a: The Format War Hits the Factory Floor , 2011, IEEE Industrial Electronics Magazine.

[51]  Amitava Gupta,et al.  Stability of Networked Control System (NCS) with discrete time-driven PID controllers , 2015 .