Publication Type
Journal Article
Version
acceptedVersion
Publication Date
7-2023
Abstract
The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While data-driven invariant generation can be fully automated, design-driven invariant generation has a substantial manual intervention. In this paper, we aim to highlight the shortcomings in data-driven invariants by demonstrating a set of adversarial attacks on such invariants. We propose a solution strategy to detect such attacks by complementing them with design-driven invariants. We perform all our experiments on a real water treatment testbed. We shall demonstrate that our approach can significantly reduce false positives and achieve high accuracy in attack detection on CPSs.
Keywords
Cyber-physical systems, Data-driven invariants, Design-driven invariants, Axiomatic design, Adversarial attacks
Discipline
Databases and Information Systems | Information Security | Software Engineering
Research Areas
Software and Cyber-Physical Systems
Publication
IEEE Transactions on Dependable and Secure Computing
Volume
20
Issue
4
First Page
3378
Last Page
3391
ISSN
1545-5971
Identifier
10.1109/tdsc.2022.3194089
Publisher
Institute of Electrical and Electronics Engineers
Citation
MAITI, Rajib Ranjan; YOONG, Cheah Huei; PALLETI, Venkata Reddy; SILVA, Arlindo; and POSKITT, Christopher M..
Mitigating adversarial attacks on data-driven invariant checkers for cyber-physical systems. (2023). IEEE Transactions on Dependable and Secure Computing. 20, (4), 3378-3391.
Available at: https://ink.library.smu.edu.sg/sis_research/7198
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/tdsc.2022.3194089
Included in
Databases and Information Systems Commons, Information Security Commons, Software Engineering Commons