Anomaly Detection in Cyber-physical Systems: Resilience by Degree of Awareness, Cyber

Abstract

Control systems embedded in industrial plants and naval platforms regulate a large number of activities at any given time. Higher-level supervision requirements for these activities has necessi- tated the building of wired as well as wireless networks of embedded controllers. Common examples are industrial-size Supervisory Control and Data Acquisition (SCADA) systems and the Controller Area Network (CAN) that integrates Electronic Control Units (ECUs) in automobiles. As a result of increasing interface with cyberspace, the engineering of Controller Networks (CNs) has lead to further development in the field of Cyber-Physical Systems (CPS) [2]. The same interaction that avails Controller Networks also makes them vulnerable to cyber-attacks. Unfortunately established methods for mitigating the impact of or for rejecting exogenous inputs in these networks are limited to natural environmental disturbances. They cannot address unconventional disturbances which originate in cyberspace. To date, machines in these networks lack sophistication to detect and isolate exogenous inputs meant to misrepresent data and to mislead autonomic decision-making. What exacerbates the problem is that an attack may manifest itself at different points and levels in the complex CPS — cyber attacks exploit vulnerabilities at the network layer (e.g., insertion of exogenous misleading information), systems (e.g., malicious software), and even the physical layer (e.g., counterfeit and malicious hardware). This proposal will develop a network of controllers and sensors with Degrees of Self and En- vironmental Awareness (DSEA) that provide multi-vantage monitoring and anomaly detection for generalized “side channel” attacks. In the same vein as a bio-inspired system, we will explore “fast” and “slow” methods for detecting and eventually isolating a malicious attack. A network with DSEA will be resilient against cyber-attacks masked as typical signals regularly exchanged among its nodes. Our techniques will assure resilience, that is, ability to maintain state awareness and an accepted level of operational normalcy in response to disturbances, including threats of an unexpected and malicious nature [5]. We will demonstrate the efficacy of the approach by perform- ing anomaly detection at two scales: (1) Anomaly detection in macro-scale Controller Networks and (2) Trojan detection in Integrated Circuits (ICs) and embedded systems using execution and side-channel monitors. Cohesion of this multidisciplinary research is facilitated through the creation and use of a self-monitoring network of sensor nodes that will allow us to engage both graduate and undergraduate students in theory and implementation as well as hands-on experimentation.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 12, 2016

Source ID

N000141512179

Entities

Tags