Publication Type

Journal Article

Version

acceptedVersion

Publication Date

7-2023

Abstract

The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While data-driven invariant generation can be fully automated, design-driven invariant generation has a substantial manual intervention. In this paper, we aim to highlight the shortcomings in data-driven invariants by demonstrating a set of adversarial attacks on such invariants. We propose a solution strategy to detect such attacks by complementing them with design-driven invariants. We perform all our experiments on a real water treatment testbed. We shall demonstrate that our approach can significantly reduce false positives and achieve high accuracy in attack detection on CPSs.

Keywords

Cyber-physical systems, Data-driven invariants, Design-driven invariants, Axiomatic design, Adversarial attacks

Discipline

Databases and Information Systems | Information Security | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

20

Issue

4

First Page

3378

Last Page

3391

ISSN

1545-5971

Identifier

10.1109/tdsc.2022.3194089

Publisher

Institute of Electrical and Electronics Engineers

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1109/tdsc.2022.3194089

Download

Share

COinS