Translated Abstract
Through the deep integration of the information and automation technology, such as perception, computation, communication and control, cyber-physical system (CPS) provides efficient interaction and collaboration between human, physical system and information network. CPS has become one of the revolutionary technologies in the 21st-century. An open network environment in CPS ensures a frequent interaction between information and physical components, but however, may also make the systems vulnerable to cyber attacks. Such threats have been alerted by recent cybersecurity incidents, and the security problems have strongly restricted the construction and development of CPS. Specifically, in various CPS cybersecurity incidents, the attackers invade the information space to destroy the data integrity. Through elaborately forging the data, the attacks can induce the system into unsafe region while keeping stealthy to the system operators. Due to the stealthiness of these attacks, the defenders often know little about the system anomaly until severe physical damages have already occurred. Therefore, this paper focuses on the detection of stealthy data integrity attack.
Based on the above research background, we combine the moving target defense (MTD) in information system network security with the physical system parameter variation in CPS, and proposes the idea of coordinate parameter variation defense (CPVD) in CPS. MTD is initially applied to cyberspace defense, and can increase the attack difficulty by continuously changing network environment. Domestic scholars further extend it tomimic security defense. However, by directly adopting the existing MTD approaches into CPS, the CPS security level cannot be effectively enhanced, due to the highly coupling between information and physical system. Based on the characteristics of CPS, this paper describes the application of MTD in CPS as CPVD, i.e., the physical parameters of the system will be regulated or varied in a manageable way. Then, this paper proposes a CPVD-based comprehensive security protection approach in CPS, which can detect numerous kinds of stealthy attacks. The specific contents include:
First, this paper constructs a uniform threat model for CPS feedback control loop and data integrity attack research. Through unified modelling and description of more than twenty attacks in recent literatures, we verify the valid of this threat model. In addition, this paper presents the associative analysis of the two types of anomaly detectors and attacks. Specifically, existing anomaly detectors can be classified into the spatial-correlation-based anomaly detector and the temporal-correlation-based anomaly detector, and each anomaly detector has its targeted attack. In the case of a discrete linear time-invariant system, we establish the threat model of CPS with anomaly detectors (including the general and instantiated models) in the presence of attacks. For the spatial-correlation-based attack, we summarize various attack models when the attackers own the complete or incomplete system information. For the temporal-correlation-based attack, we summarize the attack model, the attackers’ knowledge, the read/write permissions of data, and the attack’s stealthiness for the denial-of-service attack and various data deception attacks. At last, we analyze the stealthiness of the temporal(spatial)-correlation-based attack against the spatial(temporal)-correlation-based anomaly detector.
Second, for spatial-correlation-based attack, this paper studies the possibility that the attackers try to detect the activation of CPVD and bypass the anomaly detection under CPVD from the attackers’ perspective. Accordingly, we analyze the stealthiness and completeness of CPVD, and propose the enhanced hidden moving target defense approach, which can provide enhanced protection for the power systems. Recent research has proposed a CPVD approach that actively changes transmission line susceptance to preclude stealthy false data injection (FDI) attacks against the state estimation of a smart grid. However, existing studies were often conducted under a weak adversarial setting, in that they ignore the possibility that alert attackers can also try to detect the activation of CPVD before they launch the FDI attacks. We call this new threat as Parameter Confirming-First (PCF) FDI. To improve the stealthiness of CPVD, we propose a hidden CPVD approach that cannot be detected by the attackers and prove its equivalence to a CPVD that maintains the power flows of the whole grid. Moreover, we analyze the completeness of CPVD and show that any hidden CPVD is incomplete in that FDI attacks may bypass the hidden CPVD opportunistically. This result suggests that the stealthiness and completeness are two conflicting goals in CPVD design. Finally, we propose an approach to enhancing the hidden CPVD against a class of highly structured FDI attacks. We also discuss the CPVD’s operational costs under the dc and ac models. We conduct simulations to show the effectiveness of the hidden CPVD against PCF-FDI attacks under realistic settings.
Third, for temporal-correlation-based attack, this paper analyzes the Stuxnet and Irongate in real cybersecurity incidents, and derives their general characteristics. Then, we propose a CPVD-based Stuxnet-like attack quick detect approach when the control and measurement signals are simultaneously untrusted. Recent incidents, such as Stuxnet and Irongate, compromise the control signals to push the system to unsafe regions and meanwhile, inject fake sensor measurements to cover the ongoing attack. Detecting these Stuxnet-like (SL) attacks still remains an open research issue. This paper analyzes the taxonomy, construction, and implication of SL attacks in CPS control loops. We propose to apply the CPVD approach that actively changes the system configuration to detect SL attacks, since these attacks are generally constructed based on the knowledge about the system’s configuration. We analyze the basic conditions for CPVD to be successful. Finally, as a case study, we apply CPVD for the secondary voltage control of power grids and present simulation results based on the IEEE 39-bus test system under realistic settings.
In summary, this paper applies the idea of MTD in information system network security into the physical system parameter variation, and presents the idea of CPVD in CPS. Then, we propose a CPVD-based comprehensive security protection approach in CPS, which can detect numerous kinds of stealthy attacks. We envision that the CPVD can provide new ideas for CPS security defense.
Translated Keyword
[Anomaly detection, Cyber-physical system, Data integrity attack, Moving target defense, Stuxnet]
Corresponding authors email
