Cyber-Physical Systems (CPS) have been increasingly subject to cyber-attacks including code injection attacks. Zero day attacks further exasperate the threat landscape by requiring a shift to defense in depth approaches. With the tightly coupled nature of cyber components with the physical domain, these attacks have the potential to cause significant damage if safety-critical applications such as automobiles are compromised. Moving target defense techniques such as instruction set randomization (ISR) have been commonly proposed to address these types of attacks. However, under current implementations an attack can result in system crashing which is unacceptable in CPS. As such, CPS necessitate proper control reconfiguration mechanisms to prevent a loss of availability in system operation. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating ISR, detection, and recovery capabilities that ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection attacks and reconfiguring the controller in real-time. The developed framework is demonstrated with an autonomous vehicle case study.
more »
« less
Real-time Attack-recovery for Cyber-physical Systems Using Linear-quadratic Regulator
The increasing autonomy and connectivity in cyber-physical systems (CPS) come with new security vulnerabilities that are easily exploitable by malicious attackers to spoof a system to perform dangerous actions. While the vast majority of existing works focus on attack prevention and detection, the key question is “what to do after detecting an attack?”. This problem attracts fairly rare attention though its significance is emphasized by the need to mitigate or even eliminate attack impacts on a system. In this article, we study this attack response problem and propose novel real-time recovery for securing CPS. First, this work’s core component is a recovery control calculator using a Linear-Quadratic Regulator (LQR) with timing and safety constraints. This component can smoothly steer back a physical system under control to a target state set before a safe deadline and maintain the system state in the set once it is driven to it. We further propose an Alternating Direction Method of Multipliers (ADMM) based algorithm that can fast solve the LQR-based recovery problem. Second, supporting components for the attack recovery computation include a checkpointer, a state reconstructor, and a deadline estimator. To realize these components respectively, we propose (i) a sliding-window-based checkpointing protocol that governs sufficient trustworthy data, (ii) a state reconstruction approach that uses the checkpointed data to estimate the current system state, and (iii) a reachability-based approach to conservatively estimate a safe deadline. Finally, we implement our approach and demonstrate its effectiveness in dealing with totally 15 experimental scenarios which are designed based on 5 CPS simulators and 3 types of sensor attacks.
more »
« less
- Award ID(s):
- 2028740
- NSF-PAR ID:
- 10390784
- Date Published:
- Journal Name:
- ACM Transactions on Embedded Computing Systems
- Volume:
- 20
- Issue:
- 5s
- ISSN:
- 1539-9087
- Page Range / eLocation ID:
- 1 to 24
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
While many research efforts on Cyber-Physical System (CPS) security are devoted to attack detection, how to respond to the detected attacks receives little attention. Attack response is essential since serious consequences can be caused if CPS continues to act on the compromised data by the attacks. In this work, we aim at the response to sensor attacks and adapt machine learning techniques to recover CPSs from such attacks. There are, however, several major challenges. i) Cumulative error. Recovery needs to estimate the current state of a physical system (e.g., the speed of a vehicle) in order to know if the system has been driven to a certain state. However, the estimation error accumulates over time in presence of compromised sensors. ii) Timely response. A fast response is needed since slow recovery not only comes with large estimation errors but also may be too late to avoid irreparable consequences. To address these challenges, we propose a novel learning-based solution, named sequence-predictive recovery (or SeqRec). To reduce the estimation error, SeqRec designs the first sequence-to-sequence (Seq2Seq) model to uncover the temporal and spatial dependencies among sensors and control demands, and then uses the model to estimate system states using the trustworthy data logged in history. To achieve an adequate and fast recovery, SeqRec designs the second Seq2Seq model that considers both the current time step using the remaining intact sensors and the future time steps based on a given target state, and embeds the model into a novel recovery control algorithm to drive a physical system back to that state. Experimental results demonstrate that SeqRec can effectively and efficiently recover CPSs from sensor attacks.more » « less
-
We present ResilienC, a framework for resilient control of Cyber- Physical Systems subject to STL-based requirements. ResilienC uti- lizes a recently developed formalism for specifying CPS resiliency in terms of sets of (rec,dur) real-valued pairs, where rec repre- sents the system’s capability to rapidly recover from a property violation (recoverability), and dur is reflective of its ability to avoid violations post-recovery (durability). We define the resilient STL control problem as one of multi-objective optimization, where the recoverability and durability of the desired STL specification are maximized. When neither objective is prioritized over the other, the solution to the problem is a set of Pareto-optimal system trajectories. We present a precise solution method to the resilient STL control problem using a mixed-integer linear programming encoding and an a posteriori n-constraint approach for efficiently retrieving the complete set of optimally resilient solutions. In ResilienC, at each time-step, the optimal control action selected from the set of Pareto- optimal solutions by a Decision Maker strategy realizes a form of Model Predictive Control. We demonstrate the practical utility of the ResilienC framework on two significant case studies: autonomous vehicle lane keeping and deadline-driven, multi-region package delivery.more » « less
-
Cyber-physical systems (CPS) are susceptible to physical attacks, and researchers are exploring ways to detect them. One method involves monitoring the system for a set duration, known as the time-window, and identifying residual errors that exceed a predetermined threshold. However, this approach means that any sensor attack alert can only be triggered after the time-window has elapsed. The length of the time-window affects the detection delay and the likelihood of false alarms, with a shorter time-window leading to quicker detection but a higher false positive rate, and a longer time-window resulting in slower detection but a lower false positive rate. While researchers aim to choose a fixed time-window that balances a low false positive rate and short detection delay, this goal is difficult to attain due to a trade-off between the two. An alternative solution proposed in this paper is to have a variable time-window that can adapt based on the current state of the CPS. For instance, if the CPS is heading towards an unsafe state, it is more crucial to reduce the detection delay (by decreasing the time-window) rather than reducing the false alarm rate, and vice versa. The paper presents a sensor attack detection framework that dynamically adjusts the time-window, enabling attack alerts to be triggered before the system enters dangerous regions, ensuring timely detection. This framework consists of three components: attack detector, state predictor, and window adaptor. We have evaluated our work using real-world data, and the results demonstrate that our solution improves the usability and timeliness of time-window-based attack detectors.more » « less
-
Cyber-physical systems (CPSs) leverage computations to operate physical objects in real-world environments, and increasingly more CPS-based applications have been designed for life-critical applications. Therefore, any vulnerability in such a system can lead to severe consequences if exploited by adversaries. In this paper, we present a data predictive recovery system to safeguard the CPS from sensor attacks, assuming that we can identify compromised sensors from data. Our recovery system guarantees that the CPS will never encounter unsafe states and will smoothly recover to a target set within a conservative deadline. It also guarantees that the CPS will remain within the target set for a specified period. Major highlights of our paper include (i) the recovery procedure works on nonlinear systems, (ii) the method leverages uncorrupted sensors to relieve uncertainty accumulation, and (iii) an extensive set of experiments on various nonlinear benchmarks that demonstrate our framework's performance and efficiency.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.1145/3477010
