research-article

Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant

Authors:

Aditya MathurAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 449 - 460

https://doi.org/10.1145/2897845.2897855

Published: 30 May 2016 Publication History

Abstract

A distributed detection method is proposed to detect single stage multi-point (SSMP) attacks on a Cyber Physical System (CPS). Such attacks aim at compromising two or more sensors or actuators at any one stage of a CPS and could totally compromise a controller and prevent it from detecting the attack. However, as demonstrated in this work, using the flow properties of water from one stage to the other, a neighboring controller was found effective in detecting such attacks. The method is based on physical invariants derived for each stage of the CPS from its design. The attack detection effectiveness of the method was evaluated experimentally against an operational water treatment testbed containing 42 sensors and actuators. Results from the experiments point to high effectiveness of the method in detecting a variety of SSMP attacks but also point to its limitations. Distributing the attack detection code among various controllers adds to the scalability of the proposed method.

References

[1]

S. Adepu and A. Mathur. Introducing cyber security at the design stage of public infrastructures: A procedure and case study. In Proceedings of the 2nd Asia-Pacific Conference on Complex Systems Design & Management in Advances in Intelligent Systems and Computing. Springer, February 2016.

[2]

S. Adepu and A. Mathur. Using process invariants to detect cyber attacks on a water treatment system. In Proceedings of the 31st International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2016 (IFIP AICT series). Springer, 2016.

[3]

S. Amin, A. Caárdenas, and S. S. Sastry. Safe and secure networked control systems under denial-of-service attacks. In Hybrid Systems: Computation and Control. Proc. 12th Intl. Conf. (HSCC), LNCS, Vol. 5469, Springer-Verlag, pages 31--45, 2009.

Digital Library

[4]

S. Amin, X. Litrico, S. Sastry, and A. Bayen. Cyber security of water SCADA systems; Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology, 21(5):1963--1970, 2013.

[5]

F. Blanchini. Set invariance in control. Automatica, 35(11):1747--1767, 1999.

Digital Library

[6]

A. A. Cárdenas, S. Amin, Z.-S. Lin, Y.-L. Huang, C.-Y. Huang, and S. Sastry. Attacks against process control systems: Risk assessment, detection, and response. In ACM Symp. Inf. Comput. Commun. Security, 2011.

Digital Library

[7]

Check Point: Critical Infrastructure & ICS/SCADA. http://www.checkpoint.com/products-solutions/critical-infrastructure/index.html.

[8]

A. Fagiolini, M. Housh, A. Ostfeld, and A. Bicchi. Distributed estimation and control of water distribution networks by logical consensus. In Communications, Control and Signal Processing (ISCCSP), 2014 6th International Symposium on, pages 239--242, May 2014.

[9]

S. Han, M. Xie, H.-H. Chen, and Y. Ling. Intrusion detection in cyber-physical systems: Techniques and challenges. IEEE Systems Journal, 8(4):1049--1059, Dec 2014.

[10]

S.-W. Hsiao, Y. Sun, M. C. Chen, and H. Zhang. Cross-level behavioral analysis for robust early intrusion detection. In IEEE International Conference on Intelligence and Security Informatics (ISI), pages 95--100, May 2010.

[11]

ICS2 On Guard. http://ics2.com/products/ics2-on-guard-2/.

[12]

E. Kang, S. Adepu, D. Jackson, and A. P. Mathur. Model-based security analysis of a water treatment system. In In Proceedings of 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (in press; SEsCPS'16), May 2016.

Digital Library

[13]

C. Kwon, W. Liu, and I. Hwang. Security analysis for cyber-physical systems against stealthy deception attacks. In American Control Conference (ACC), 2013, pages 3344--3349, 2013.

[14]

F. Pasqualetti, R. Carli, and F. Bullo. A distributed method for state estimation and false data detection in power networks. In IEEE International Conference on Smart Grid Communications (SmartGridComm), pages 469--474, Oct 2011.

[15]

F. Pasqualetti, F. Dörfler, and F. Bullo. Attack detection and identification in cyber-physical systems--Part II: Centralized and distributed monitor design. arXiv preprint arXiv:1202.6049, 2012.

[16]

L. Perelman, J. Arad, N. Oliker, A. Ostfeld, and M. Housh. Water distribution systems event detection. In Complexity in Engineering (COMPENG), 2012, pages 1--3, June 2012.

[17]

A. Rosich, H. Voos, and M. Darouach. Cyber-attack detection based on controlled invariant sets. In European Control Conference (ECC), pages 2176--2181, June 2014.

[18]

K. Stouffer and J. F. K. Scarfone. Guide to Industrial Control Systems (ICS) Security; NIST Special Publication 800--82; pages 1--155., June 2011.

[19]

SWaT: Secure Water Treatment Testbed, 2015. https://itrust.sutd.edu.sg/wp-content/uploads/sites/3/2015/11/Brief-Introduction-to-SWaT_181115.pdf.

[20]

A. Wasicek, P. Derler, and E. Lee. Aspect-oriented modeling of attacks in automotive cyber-physical systems. In Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE, pages 1--6, June 2014.

Digital Library

[21]

Q. Zhu and T. Basar. Robust and resilient control design for cyber-physical systems with an application to power systems. In 50th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC), pages 4066--4071, 2011.

Cited By

Zhu QDing YJiang JYang S(2025)Anomaly detection using invariant rules in Industrial Control SystemsControl Engineering Practice10.1016/j.conengprac.2024.106164154(106164)Online publication date: Jan-2025
https://doi.org/10.1016/j.conengprac.2024.106164
Mehmood MBaig ZSyed N(2024)Securing Industrial Control Systems (ICS) Through Attack Modelling and Rule-Based Learning2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10426882(598-602)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10426882
Zhang FWu QXuan BChen YLin WPoskitt CSun JChen B(2023)Constructing Cyber-Physical System Testing Suites Using Active Sensor FuzzingIEEE Transactions on Software Engineering10.1109/TSE.2023.330933049:11(4829-4845)Online publication date: Nov-2023
https://doi.org/10.1109/TSE.2023.3309330
Show More Cited By

Index Terms

Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Security in hardware
    1. Embedded systems security

Recommendations

Investigation of Cyber Attacks on a Water Distribution System
Applied Cryptography and Network Security Workshops
Abstract
A Cyber Physical System (CPS) consists of cyber components for computation and communication, and physical components such as sensors and actuators for process control. These components are networked and interact in a feedback loop. CPS are found ...
A Taxonomy of Cyber Attacks on SCADA Systems
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing

Supervisory Control and Data Acquisition(SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized real-time process control systems, over geographically dispersed continuous distribution operations, are ...
Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation (NRF), Prime Minister's Office, Singapore

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

63
Total Citations
View Citations
906
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)10

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhu QDing YJiang JYang S(2025)Anomaly detection using invariant rules in Industrial Control SystemsControl Engineering Practice10.1016/j.conengprac.2024.106164154(106164)Online publication date: Jan-2025
https://doi.org/10.1016/j.conengprac.2024.106164
Mehmood MBaig ZSyed N(2024)Securing Industrial Control Systems (ICS) Through Attack Modelling and Rule-Based Learning2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10426882(598-602)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10426882
Zhang FWu QXuan BChen YLin WPoskitt CSun JChen B(2023)Constructing Cyber-Physical System Testing Suites Using Active Sensor FuzzingIEEE Transactions on Software Engineering10.1109/TSE.2023.330933049:11(4829-4845)Online publication date: Nov-2023
https://doi.org/10.1109/TSE.2023.3309330
Maiti RYoong CPalleti VSilva APoskitt C(2023)Mitigating Adversarial Attacks on Data-Driven Invariant Checkers for Cyber-Physical SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.319408920:4(3378-3391)Online publication date: 1-Jul-2023
https://doi.org/10.1109/TDSC.2022.3194089
Geng YChen YMa RWei QPan JWang JCheng PWang Q(2023)Defending Cyber–Physical Systems Through Reverse-Engineering-Based Memory Sanity CheckIEEE Internet of Things Journal10.1109/JIOT.2022.320012710:10(8331-8347)Online publication date: 15-May-2023
https://doi.org/10.1109/JIOT.2022.3200127
Castellanos JMaghenem MCárdenas ASanfelice RZhou J(2023)Provable Adversarial Safety in Cyber-Physical Systems2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00062(979-1012)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00062
Erba ATippenhauer N(2023)White-Box Concealment Attacks Against Anomaly Detectors for Cyber-Physical SystemsDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-35504-2_6(111-131)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-35504-2_6
Sobien DYardimci MNguyen MMao WFordham VRahman ADuncan SBatarseh F(2023)AI for Cyberbiosecurity in Water Systems—A SurveyCyberbiosecurity10.1007/978-3-031-26034-6_13(217-263)Online publication date: 11-Jan-2023
https://doi.org/10.1007/978-3-031-26034-6_13
Wolsing KWagner ESaillard AHenze M(2022)IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection SystemsProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545968(510-525)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545968
Hudani DHaseeb MTaufiq MUmer MKandasamy NGupta MKhorsandroo SAbdelsalam M(2022)A Data-Centric Approach to Generate Invariants for a Smart Grid Using Machine LearningProceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3510547.3517927(31-36)Online publication date: 18-Apr-2022
https://dl.acm.org/doi/10.1145/3510547.3517927
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents