Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

1-2020

Abstract

The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding 'test suites' of CPS network attacks, without requiring any knowledge of the system's control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. We demonstrate the efficacy of smart fuzzing by implementing it for two real-world CPS testbeds---a water purification plant and a water distribution system---finding attacks that drive them into 27 different unsafe states involving water flow, pressure, and tank levels, including six that were not covered by an established attack benchmark. Finally, we use our approach to test the effectiveness of an invariant-based defence system for the water treatment plant, finding two attacks that were not detected by its physical invariant checks, highlighting a potential weakness that could be exploited in certain conditions.

Keywords

cyber-physical systems, fuzzing, testing, benchmark generation, machine learning, metaheuristic optimisation

Discipline

Software Engineering

Research Areas

Cybersecurity; Software and Cyber-Physical Systems

Publication

Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE 2019)

First Page

962

Last Page

973

Identifier

10.1109/ASE.2019.00093

Publisher

IEEE

City or Country

San Diego, CA, USA

Additional URL

https://doi.org/10.1109/ASE.2019.00093

Share

COinS