Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
5-2018
Abstract
Cyber-physical systems (CPS) consist of sensors, actuators, and controllers all communicating over a network; if any subset becomes compromised, an attacker could cause significant damage. With access to data logs and a model of the CPS, the physical effects of an attack could potentially be detected before any damage is done. Manually building a model that is accurate enough in practice, however, is extremely difficult. In this paper, we propose a novel approach for constructing models of CPS automatically, by applying supervised machine learning to data traces obtained after systematically seeding their software components with faults ("mutants"). We demonstrate the efficacy of this approach on the simulator of a real-world water purification plant, presenting a framework that automatically generates mutants, collects data traces, and learns an SVM-based model. Using cross-validation and statistical model checking, we show that the learnt model characterises an invariant physical property of the system. Furthermore, we demonstrate the usefulness of the invariant by subjecting the system to 55 network and code-modification attacks, and showing that it can detect 85% of them from the data logs generated at runtime.
Keywords
anomaly detection, attacks, attestation, cyber physical systems, invariants, machine learning, mutation testing, system modelling, water treatment systems
Discipline
Information Security | Software Engineering
Research Areas
Cybersecurity; Software and Cyber-Physical Systems
Publication
2018 39th IEEE Symposium on Security and Privacy (S&P 2018): San Francisco, May 21-23: Proceedings
First Page
648
Last Page
660
ISBN
9781538643525
Identifier
10.1109/SP.2018.00016
Publisher
IEEE
City or Country
Piscataway, NJ
Citation
CHEN, Yuqi; POSKITT, Christopher M.; and SUN, Jun.
Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. (2018). 2018 39th IEEE Symposium on Security and Privacy (S&P 2018): San Francisco, May 21-23: Proceedings. 648-660.
Available at: https://ink.library.smu.edu.sg/sis_research/4906
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/SP.2018.00016