Security Analysis for Cyber-Physical Systems

Problem Discription

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Deception attacks (or false data injection attacks), which are performed by tampering with system components or data, are not of particular concern if they can be easily detected by the system's monitoring system. However, intelligent cyber attackers can avoid being detected by the monitoring system by carefully design cyber attacks. Our main objective is to investigate the performance of such stealthy deception attacks from the system's perspective. We investigate three kinds of stealthy deception attacks according to the attacker's ability to compromise the system. Based on the information about the dynamics of the system and existing hypothesis testing algorithms, we derive the necessary and sufficient conditions under which the attacker could perform each kind of attack without being detected. In the end, we illustrate the threat of these cyber attacks using an Unmanned Aerial Vehicle (UAV) navigation example.

Deception Attack Detecting Mechanism.

Application to UAV Navigation System

Nowadays, fusing data from different sensors to improve the performance of the overall sensing system becomes necessary in various applications. For UAV navigation, two major sensing systems are used: Inertial Navigation Systems (INS) and Global Positioning Systems (GPS). Although the INS is the commonly used navigation sensor in UAVs, it has cumulative errors which are continuously increasing with time. Hence, reliable and effective additional information to reduce these errors, such as GPS measurement, is required.

A general architecture of the INS-GPS integrated UAV navigation system

The effects of three different stealthy deception attacks on the 3-D tracking of the UAV

Here, the estimated UAV trajectories under the three different attacks significantly deviate from the actual UAV trajectory without being detected, i.e., the UAV can be hijacked to any place that the attacker wants.

Estimation Error under Three Different Attacks Test Statistics under Three Different Attacks