ICCPS: Impact discovery using causal inference for cyber attacks in CPSs

We propose a new method to quantify the impact of cyber attacks in Cyber Physical Systems (CPSs). In particular, our method allows to identify the Design Parameter (DPs) affected due to a cyber attack launched on a different set of DPs in the same CPS. To achieve this, we adopt causal graphs to causally link DPs with each other and quantify the impact of one DP on another. Using SWaT, a real world testbed of a water treatment system, we demonstrate that causal graphs can be build in two ways: i) using domain knowledge of the control logic and the physical connectivity structure of the DPs, we call these causal domain graphs and ii) learning from operational data logs, we call these causal learnt graphs. We then compare these graphs when a same set of DPs is used. Our analysis shows a common set of edges between the causal domain graphs and the causal learnt graphs exists, which helps validate the causal learnt graphs. Additionally, we show that the learnt graphs can discover new causal relations, not initially considered in the domain graphs, that help significantly characterising the impact of the attack. We use causal domain graphs to estimate the parameters of the graphs, and the causal learnt graphs for causal inference. To learn the structure of the causal learnt graphs in all the six-stages of SWaT, we experiment with three learning algorithms: Peter Clarke (PC), Hill Climb (HC) search and Chow-Lie (CH). Finally, we demonstrate how causal graphs can be used to analyse the impact of cyber attacks by analysing nine well known cyber attacks on the SWaT test bed. We find that by using causal learnt graphs the DPs impacted by the attacks are correctly discovered with a probability greater than 0.9.

[1]  C. Hankin,et al.  Optimal Security Hardening over a Probabilistic Attack Graph: A Case Study of an Industrial Control System using CySecTool , 2022, SAT-CPS@CODASPY.

[2]  Miriam Sturdee,et al.  Looking back to look forward: Lessons learnt from cyber-attacks on Industrial Control Systems , 2021, Int. J. Crit. Infrastructure Prot..

[3]  J. Hale,et al.  Strategies for Practical Hybrid Attack Graph Generation and Analysis , 2021, Digital Threats: Research and Practice.

[4]  Jianying Zhou,et al.  AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis , 2021, RAID.

[5]  Pedro Merino Laso,et al.  Model graph generation for naval cyber-physical systems , 2021, OCEANS 2021: San Diego – Porto.

[6]  Tawfik Al-Hadhrami,et al.  A case study in the use of attack graphs for predicting the security of cyber-physical systems , 2021, 2021 International Congress of Advanced Technology and Engineering (ICOTEN).

[7]  Martín Barrère,et al.  Analysing Mission-critical Cyber-physical Systems with AND/OR Graphs and MaxSAT , 2021, ACM Trans. Cyber Phys. Syst..

[8]  Cheah Huei Yoong,et al.  Deriving invariant checkers for critical infrastructure using axiomatic design principles , 2021, Cybersecurity.

[9]  N. C. Camgoz,et al.  D’ya Like DAGs? A Survey on Structure Learning and Causal Discovery , 2021, ACM Comput. Surv..

[10]  Wojciech Mazurczyk,et al.  Cyber reconnaissance techniques , 2021, Commun. ACM.

[11]  Derui Ding,et al.  Secure State Estimation and Control of Cyber-Physical Systems: A Survey , 2021, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[12]  Carlos E. Rubio-Medrano,et al.  HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems , 2020, CCS.

[13]  Mariam Ibrahim,et al.  A2G2V: Automatic Attack Graph Generation and Visualization and Its Applications to Computer and SCADA Networks , 2020, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[14]  Georgios Kavallieratos,et al.  Attack Path Analysis for Cyber Physical Systems , 2020, CyberICPS/SECPRE/ADIoT@ESORICS.

[15]  Jianying Zhou,et al.  Anomaly detection in Industrial Control Systems using Logical Analysis of Data , 2020, Comput. Secur..

[16]  Chris Hankin,et al.  Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT , 2020, 2020 50th Annual IEEE-IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S).

[17]  D. Yao,et al.  Deep Learning-Based Anomaly Detection in Cyber-Physical Systems: Progress and Opportunities , 2020, ACM Comput. Surv..

[18]  Lior Wolf,et al.  A Critical View of the Structural Causal Model , 2020, ArXiv.

[19]  Aidong Zhang,et al.  A Survey on Causal Inference , 2020, ACM Trans. Knowl. Discov. Data.

[20]  T. Cason,et al.  Behavioral and Game-Theoretic Security Investments in Interdependent Systems Modeled by Attack Graphs , 2020, IEEE Transactions on Control of Network Systems.

[21]  J. Sprenger,et al.  Causal Conditionals, Tendency Causal Claims and Statistical Relevance , 2019, Review of Philosophy and Psychology.

[22]  Sridhar Adepu,et al.  Challenges in Secure Engineering of Critical Infrastructure Systems , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW).

[23]  Ahmad Alsheikh,et al.  Automatic Hybrid Attack Graph (AHAG) Generation for Complex Engineering Systems , 2019, Processes.

[24]  Christopher M. Poskitt,et al.  Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[25]  P. Spirtes,et al.  Review of Causal Discovery Methods Based on Graphical Models , 2019, Front. Genet..

[26]  Jianying Zhou,et al.  Evaluating Cascading Effects of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach , 2019, ArXiv.

[27]  Martín Ochoa,et al.  Finding Dependencies between Cyber-Physical Domains for Security Testing of Industrial Control Systems , 2018, ACSAC.

[28]  Sridhar Adepu,et al.  Distributed Attack Detection in a Water Treatment Plant: Method and Case Study , 2018, IEEE Transactions on Dependable and Secure Computing.

[29]  Arun Viswanathan,et al.  A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities , 2018, IEEE Access.

[30]  Ercan Nurcan Yilmaz,et al.  Attack detection/prevention system against cyber attack in industrial control systems , 2018, Comput. Secur..

[31]  Eli Levine,et al.  Causal Graphs and Concept-Mapping Assumptions , 2018, Applied System Innovation.

[32]  Qin Lin,et al.  TABOR: A Graphical Model-based Approach for Anomaly Detection in Industrial Control Systems , 2018, AsiaCCS.

[33]  Peter J. Hawrylak,et al.  Verifying attack graphs through simulation , 2017, 2017 Resilience Week (RWS).

[34]  Peter J. Hawrylak,et al.  Introducing priority into hybrid attack graphs , 2017, CISRC.

[35]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[36]  Sridhar Adepu,et al.  Argus: An Orthogonal Defense Framework to Protect Public Infrastructure against Cyber-Physical Attacks , 2016, IEEE Internet Computing.

[37]  J. Pearl,et al.  Causal inference and the data-fusion problem , 2016, Proceedings of the National Academy of Sciences.

[38]  Sridhar Adepu,et al.  Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant , 2016, AsiaCCS.

[39]  Nils Ole Tippenhauer,et al.  SWaT: a water treatment testbed for research and training on ICS security , 2016, 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater).

[40]  Peter Spirtes,et al.  Causal discovery and inference: concepts and recent methodological advances , 2016, Applied Informatics.

[41]  Sridhar Adepu,et al.  An Investigation into the Response of a Water Treatment System to Cyber Attacks , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[42]  Xingshe Zhou,et al.  Study on Complex Event Processing for CPS: An Event Model Perspective , 2014, 2014 IEEE 11th Intl Conf on Ubiquitous Intelligence and Computing and 2014 IEEE 11th Intl Conf on Autonomic and Trusted Computing and 2014 IEEE 14th Intl Conf on Scalable Computing and Communications and Its Associated Workshops.

[43]  Adrian Vetta,et al.  Randomized Experimental Design for Causal Graph Discovery , 2014, NIPS.

[44]  Garimella Rama Murthy,et al.  Concurrent cyber physical systems: Tensor State Space Representation , 2013, 11th IEEE International Conference on Control & Automation (ICCA).

[45]  Gilles Dowek,et al.  Causal Graph Dynamics , 2012, ICALP.

[46]  J. Pearl,et al.  Causal Inference , 2011, Twenty-one Mental Models That Can Change Policing.

[47]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[48]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[49]  Constantin F. Aliferis,et al.  The max-min hill-climbing Bayesian network structure learning algorithm , 2006, Machine Learning.

[50]  S. Katsikas,et al.  Attack Path Analysis and Cost-Efficient Selection of Cybersecurity Controls for Complex Cyberphysical Systems , 2021, CyberICPS/SECPRE/ADIoT/SPOSE/CPS4CIP/CDT&SECOMANE@ESORICS.

[51]  Andrey Prokopev,et al.  Modeling Cyber-Physical System Object in State Space (on the Example of Paver) , 2019, Studies in Systems, Decision and Control.

[52]  Dimitrios N. Serpanos,et al.  ARMET: Behavior-Based Secure and Resilient Industrial Control Systems , 2018, Proceedings of the IEEE.

[53]  P. R. Hahn,et al.  A Survey of Learning Causality with Data: Problems and Methods , 2018, ArXiv.

[54]  R. Srivastava POLYNOMIAL REGRESSION , 2004 .