Effectiveness of Association Rules Mining for Invariants Generation in Cyber-Physical Systems

Cyber-Physical Systems (CPS), which integrate controls, computing and physical processes are critical infrastructures of any country. They are becoming more vulnerable to cyber attacks due to an increase in computing and network facilities. The increase of monitoring network protocols increases the chances of being attacked. Once an attacker is able to cross the network intrusion detection mechanisms, he can affect the physical operations of the system which may lead to physical damages of components and/or a disaster. Some researchers used constraints of physical processes known as invariants to monitor the system in order to detect cyber attacks or failures. However, invariants generation is lacking in automation. This paper presents a novel method to identify invariants automatically using association rules mining. Through this technique, we show that it is possible to generate a number of invariants that are sometimes hidden from the design layout. Our preliminary study on a secure water treatment plant suggests that this approach is promising.

[1]  Wei Gao On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems , 2019 .

[2]  Sridhar Adepu,et al.  An Investigation into the Response of a Water Treatment System to Cyber Attacks , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[3]  Daniel Jackson,et al.  Model-Based Security Analysis of a Water Treatment System , 2016, 2016 IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[4]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[5]  Sridhar Adepu,et al.  Argus: An Orthogonal Defense Framework to Protect Public Infrastructure against Cyber-Physical Attacks , 2016, IEEE Internet Computing.

[6]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[7]  Sharon Weinberger,et al.  Computer security: Is this the start of cyberwarfare? , 2011, Nature.

[8]  Sridhar Adepu,et al.  Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant , 2016, AsiaCCS.

[9]  Sridhar Adepu,et al.  Generalized Attacker and Attack Models for Cyber Physical Systems , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[10]  Khurum Nazir Junejo,et al.  Behaviour-Based Attack Detection and Classification in Cyber Physical Systems Using Machine Learning , 2016, CPSS@AsiaCCS.

[11]  Ramakrishnan Srikant,et al.  Fast algorithms for mining association rules , 1998, VLDB 1998.

[12]  Sridhar Adepu,et al.  A Dataset to Support Research in the Design of Secure Water Treatment Systems , 2016, CRITIS.

[13]  Srinivasan Parthasarathy,et al.  Evaluation of sampling for data mining of association rules , 1997, Proceedings Seventh International Workshop on Research Issues in Data Engineering. High Performance Database Management for Large-Scale Applications.