Detection of replay attacks in cyber-physical systems using a frequency-based signature

Abstract This paper proposes a frequency-based approach for the detection of replay attacks affecting cyber-physical systems (CPS). In particular, the method employs a sinusoidal signal with a time-varying frequency (authentication signal) into the closed-loop system and checks whether the time profile of the frequency components in the output signal are compatible with the authentication signal or not. In order to carry out this target, the couplings between inputs and outputs are eliminated using a dynamic decoupling technique based on vector fitting. In this way, a signature introduced on a specific input channel will affect only the output that is selected to be associated with that input, which is a property that can be exploited to determine which channels are being affected. A bank of band-pass filters is used to generate signals whose energies can be compared to reconstruct an estimation of the time-varying frequency profile. By matching the known frequency profile with its estimation, the detector can provide the information about whether a replay attack is being carried out or not. The design of the signal generator and the detector are thoroughly discussed, and an example based on a quadruple-tank process is used to show the application and effectiveness of the proposed method.

[1]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[2]  Ramon Costa Castelló,et al.  An educational approach to the internal model principle for periodic signals , 2012 .

[3]  Michel Kinnaert,et al.  Diagnosis and Fault-Tolerant Control , 2006 .

[4]  Peng Zhou,et al.  Detecting Replay Attacks in Power Systems: A Data-Driven Approach , 2017, LSMS/ICSEE.

[5]  Luiz Velho,et al.  Windowed Fourier Transform , 2015 .

[6]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[7]  Guang-Hong Yang,et al.  Adaptive sliding mode fault tolerant control for nonlinearly chaotic systems against DoS attack and network faults , 2017, J. Frankl. Inst..

[8]  Karl Henrik Johansson,et al.  The quadruple-tank process: a multivariable laboratory process with an adjustable zero , 2000, IEEE Trans. Control. Syst. Technol..

[9]  Didier Theilliol,et al.  Observer-based fault tolerant control design for a class of LPV descriptor systems , 2014, J. Frankl. Inst..

[10]  K. Villez,et al.  Resilient control system execution agent (ReCoSEA) , 2012, 2012 5th International Symposium on Resilient Control Systems.

[11]  Engang Tian,et al.  Hybrid-driven-based H∞ filter design for neural networks subject to deception attacks , 2018, Appl. Math. Comput..

[12]  M. Fikar DECOUPLING CONTROL , 2011 .

[13]  Damiano Rotondo,et al.  Actuator multiplicative fault estimation in discrete-time LPV systems using switched observers , 2016, J. Frankl. Inst..

[14]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[15]  Ian Postlethwaite,et al.  Multivariable Feedback Control: Analysis and Design , 1996 .

[16]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[17]  T. Dhaene,et al.  Macromodeling of Multiport Systems Using a Fast Implementation of the Vector Fitting Method , 2008, IEEE Microwave and Wireless Components Letters.

[18]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[19]  F. Harris On the use of windows for harmonic analysis with the discrete Fourier transform , 1978, Proceedings of the IEEE.

[20]  Sonia Martínez,et al.  On the Performance Analysis of Resilient Networked Control Systems Under Replay Attacks , 2013, IEEE Transactions on Automatic Control.

[22]  A. Le Bot,et al.  Foundation of Statistical Energy Analysis in Vibroacoustics , 2015 .

[23]  Damiano Rotondo Advances in Gain-Scheduling and Fault Tolerant Control Techniques , 2017 .

[24]  Cai Jianhong Windowed Fourier Transform with Normalized Weight , 2009 .

[25]  Dong Wei,et al.  PROGNOSTICS ENABLED RESILIENT CONTROL FOR MODEL-BASED BUILDING AUTOMATION SYSTEMS , 2011 .

[26]  A. Semlyen,et al.  Rational approximation of frequency domain responses by vector fitting , 1999 .

[27]  Ruochi Zhang,et al.  Stealthy Control Signal Attacks in Linear Quadratic Gaussian Control Systems: Detectability Reward Tradeoff , 2017, IEEE Transactions on Information Forensics and Security.

[28]  Adam Semlyen,et al.  Vector fitting by pole relocation for the state equation approximation of nonrational transfer matrices , 2000 .

[29]  Shaikshavali Chitraganti,et al.  Medium access scheduling for input reconstruction under deception attacks , 2017, J. Frankl. Inst..

[30]  Guoxiang Gu,et al.  Secure networked control systems against replay attacks without injecting authentication noise , 2015, 2015 American Control Conference (ACC).

[31]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[32]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2011, IEEE Transactions on Parallel and Distributed Systems.

[33]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[34]  K. W. Cattermole The Fourier Transform and its Applications , 1965 .

[35]  Katsuhiko Ogata,et al.  Modern Control Engineering , 1970 .

[36]  R. K. Mehra,et al.  Correspondence item: An innovations approach to fault detection and diagnosis in dynamic systems , 1971 .

[37]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[38]  Gene F. Franklin,et al.  Digital control of dynamic systems , 1980 .

[39]  Hank Zumbahlen Linear Circuit Design Handbook , 2008 .

[40]  Inseok Hwang,et al.  A Survey of Fault Detection, Isolation, and Reconfiguration Methods , 2010, IEEE Transactions on Control Systems Technology.

[41]  Puneet Singla,et al.  Desired Order Continuous Polynomial Time Window Functions for Harmonic Analysis , 2010, IEEE Transactions on Instrumentation and Measurement.

[42]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[43]  Kris Villez,et al.  Experimental validation of a resilient monitoring and control system , 2014 .

[44]  Kenji Kashima,et al.  Replay attack detection in control systems with quantized signals , 2015, 2015 European Control Conference (ECC).

[45]  Damiano Rotondo,et al.  A Fault-Hiding Approach for the Switching Quasi-LPV Fault-Tolerant Control of a Four-Wheeled Omnidirectional Mobile Robot , 2015, IEEE Transactions on Industrial Electronics.

[46]  Karl Henrik Johansson,et al.  A secure control framework for resource-limited adversaries , 2012, Autom..

[47]  George J. Pappas,et al.  Stochastic game approach for replay attack detection , 2013, 52nd IEEE Conference on Decision and Control.

[48]  O. Gasparyan Linear and Nonlinear Multivariable Feedback Control: A Classical Approach , 2008 .

[49]  Juan Pablo Conti,et al.  The day the samba stopped , 2010 .

[50]  B. Gustavsen,et al.  Improving the pole relocating properties of vector fitting , 2006, 2006 IEEE Power Engineering Society General Meeting.

[51]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[52]  Beibei Li,et al.  DDOA: A Dirichlet-Based Detection Scheme for Opportunistic Attacks in Smart Grid Cyber-Physical System , 2016, IEEE Transactions on Information Forensics and Security.

[53]  Tamer Basar,et al.  Optimal control in the presence of an intelligent jammer with limited actions , 2010, 49th IEEE Conference on Decision and Control (CDC).

[54]  A. Semlyen,et al.  Simulation of transmission line transients using vector fitting and modal decomposition , 1998 .

[55]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[56]  D. Yavuz,et al.  Some novel windows and a concise tutorial comparison of window families , 1978 .