poster

Poster: Physics-Based Attack Detection for an Insider Threat Model in a Cyber-Physical System

Authors:

Chuadhry Mujeeb Ahmed,

Ee-Chien ChangAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 821 - 823

https://doi.org/10.1145/3196494.3201587

Published: 29 May 2018 Publication History

Abstract

To ensure the proper functioning of critical systems, it is important to design secure Cyber Physical Systems (CPS). Since CPS are connected systems, most studies consider external adversaries as a threat model, which might not be able to cater for an insider threat with the physical access to the system. In this article, we proposed an attack detection mechanism for an insider who has physical access to a CPS. The proposed method exploits the dynamics of the system and detects an attack based on the laws of Physics. Based on the mass flow equations, we analyze the rate of change in the plant's process and create a feature vector based on the process dynamics. The model has been trained by passing rate of change in system's state as input to Support Vector Machine (SVM), to detect the abnormal behavior in the system. Based on the proposed framework, experiments are performed on a real water treatment testbed, to validate our model and to measure the efficiency of the plant in normal and under attack scenarios. The detection result shows that proposed scheme can detect attacks with accuracy as high as $96%$.

References

[1]

2010. http://news.oreilly.com/2008/07/coverage-of-terry-childs.html. (2010).

[2]

2012. http://www.computerworld.com/article/2489761/technology-lawregulation/it-pro-gets-4-years-in-prison-for-sabotaging-ex-employer-ssystem.html. (2012).

[3]

2013. https://www.theguardian.com/world/2013/aug/21/bradley-manning-35- years-prison-wikileaks-sentence. (2013).

[4]

2013. https://www.theguardian.com/world/2013/jun/09/edward-snowden-nsawhistleblower-surveillance. (2013).

[5]

Marshall Abrams. 2008. Malicious control system cyber security attack case study--Maroochy Water Services, Australia. (2008).

[6]

C. M. Ahmed, S. Adepu, and A. Mathur. 2016. Limitations of state estimation based cyber attack detection schemes in industrial control systems. In 2016 Smart City Security and Privacy Workshop (SCSP-W). 1--5.

[7]

C. M. Ahmed and A. P. Mathur. 2017. Hardware Identification via Sensor Fingerprinting in a Cyber Physical System. In 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). 517--524.

[8]

Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 101--113.

Digital Library

[9]

Sharon Gaudin. 2000. Case study of insider sabotage: the Tim Lloyd/Omega case. (2000).

[10]

Naman Govil, Anand Agrawal, and Nils Ole Tippenhauer. 2018. On Ladder Logic Bombs in Industrial Control Systems. In Computer Security, Sokratis K. Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Christos Kalloniatis, John Mylopoulos, Annie Antón, and Stefanos Gritzalis (Eds.). Springer International Publishing, Cham, 110--126.

[11]

A. P. Mathur and N. O. Tippenhauer. 2016. SWaT: a water treatment testbed for research and training on ICS security. In 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater). 31--36.

[12]

Qadeer R., Murguia C.and Ahmed C.M., and Ruths J. 2017. Multistage Downstream Attack Detection in a Cyber Physical System. In CyberICPS Workshop 2017, in conjunction with ESORICS 2017.

[13]

M. Rocchetto and N. O. Tippenhauer. 2016. CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions. ArXiv e-prints (2016).

[14]

André Teixeira, Daniel Pérez, Henrik Sandberg, and Karl Henrik Johansson. 2012. Attack Models and Scenarios for Networked Control Systems. In Proceedings of the 1st International Conference on High Confidence Networked Systems (HiCoNS '12). ACM, New York, NY, USA, 55--64.

Digital Library

[15]

David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1092--1105.

Digital Library

Cited By

Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109489
Fei CShen J(2023)Machine learning for securing Cyber–Physical Systems under cyber attacks: A surveyFranklin Open10.1016/j.fraope.2023.1000414(100041)Online publication date: Sep-2023
https://doi.org/10.1016/j.fraope.2023.100041
Sharma DShandilya S(2023)Attack Detection Based on Machine Learning Techniques to Safe and Secure for CPS—A ReviewInternational Conference on IoT, Intelligent Computing and Security10.1007/978-981-19-8136-4_23(273-286)Online publication date: 2-Apr-2023
https://doi.org/10.1007/978-981-19-8136-4_23
Show More Cited By

Recommendations

POSTER: Defense against False Data Injection Attack in a Cyber-Physical System
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Cyber-physical systems (CPSs) are closed-loop feedback systems that efficiently control the physical processes through cyber-systems. Security threats like false data injection (FDI) attacks are increasing in CPSs. FDI attacks disrupt the system's ...
A security architecture to protect against the insider threat from damage, fraud and theft
CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies

The insider threat poses a significant and increasing problem for organizations. This is shown by the regular stories of fraud and data loss reported daily in the media in the US and elsewhere. There is a need to provide systematic protection from ...
Curiosity Killed the Organization: A Psychological Comparison between Malicious and Non-Malicious Insiders and the Insider Threat
RIIT '16: Proceedings of the 5th Annual Conference on Research in Information Technology

Insider threats remain a significant problem within organizations, especially as industries that rely on technology continue to grow. Traditionally, research has been focused on the malicious insider; someone that intentionally seeks to perform a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Check for updates

Author Tags

Qualifiers

Poster

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
525
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)2

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Al-Mhiqani MAlsboui TAl-Shehari TAbdulkareem KAhmad RMohammed M(2024)Insider threat detection in cyber-physical systemsComputers and Electrical Engineering10.1016/j.compeleceng.2024.109489119:PAOnline publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1016/j.compeleceng.2024.109489
Fei CShen J(2023)Machine learning for securing Cyber–Physical Systems under cyber attacks: A surveyFranklin Open10.1016/j.fraope.2023.1000414(100041)Online publication date: Sep-2023
https://doi.org/10.1016/j.fraope.2023.100041
Sharma DShandilya S(2023)Attack Detection Based on Machine Learning Techniques to Safe and Secure for CPS—A ReviewInternational Conference on IoT, Intelligent Computing and Security10.1007/978-981-19-8136-4_23(273-286)Online publication date: 2-Apr-2023
https://doi.org/10.1007/978-981-19-8136-4_23
Sobien DYardimci MNguyen MMao WFordham VRahman ADuncan SBatarseh F(2023)AI for Cyberbiosecurity in Water Systems—A SurveyCyberbiosecurity10.1007/978-3-031-26034-6_13(217-263)Online publication date: 11-Jan-2023
https://doi.org/10.1007/978-3-031-26034-6_13
Pordelkhaki MFouad SJosephs M(2021)Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information2021 IEEE International Conference on Intelligence and Security Informatics (ISI)10.1109/ISI53945.2021.9624757(1-6)Online publication date: 2-Nov-2021
https://doi.org/10.1109/ISI53945.2021.9624757
Athalye SMujeeb Ahmed CZhou J(2021)Model-Based CPS Attack Detection Techniques: Strengths and LimitationsSecurity in Cyber-Physical Systems10.1007/978-3-030-67361-1_6(155-187)Online publication date: 6-Mar-2021
https://doi.org/10.1007/978-3-030-67361-1_6
Hao JHan G(2020)On the Modeling of Automotive Security: A Survey of Methods and PerspectivesFuture Internet10.3390/fi1211019812:11(198)Online publication date: 16-Nov-2020
https://doi.org/10.3390/fi12110198
Khaled AOuchani STari ZDrira K(2020)Assessing the Severity of Smart Attacks in Industrial Cyber-Physical SystemsACM Transactions on Cyber-Physical Systems10.1145/34223695:1(1-28)Online publication date: 30-Dec-2020
https://dl.acm.org/doi/10.1145/3422369
Agrawal ASazos MAl Durra AManiatakos MManiatakos MZhang Y(2020)Towards Robust Power Grid Attack Protection using LightGBM with Concept Drift Detection and RetrainingProceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy10.1145/3411498.3419964(31-36)Online publication date: 9-Nov-2020
https://dl.acm.org/doi/10.1145/3411498.3419964
Palleti VMishra VAhmed CMathur A(2020)Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?ACM Transactions on Cyber-Physical Systems10.1145/34067645:1(1-19)Online publication date: 30-Dec-2020
https://dl.acm.org/doi/10.1145/3406764
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents