This paper presents a novel unsupervised approach to detect cyber attacks in Cyber-Physical Systems (CPS). We describe an learning using Recurrent Neural network which is time series predictor as our model. then use the Cumulative Sum method identify anomalies replicate of water treatment plant. The proposed not only detects CPS but also identifies sensor that was attacked. experiments were performed on complex dataset collected through Secure Water Treatment Testbed (SWaT). Through...

The rise in attempted and successful attacks on critical infrastructure, such as power grid water treatment plants, has led to an urgent need for the creation adoption of methods detecting often launched either by insiders or state actors. This paper focuses one method that aims at detection compromise more actuators sensors a plant through intrusion plant's communication network directly computers. method, labelled Distributed Attack Detection (DAD), detects real-time identifying anomalies...

With the widespread innovation of Internet Things, software-defined networking (SDN), and cloud computing, cyber-physical systems (CPSs) have been developed widely adopted to facilitate our daily life economy. In particular, modern society heavily relies on all kinds CPSs, such as smart grids, transportation systems. So shutdown critical services can lead serious consequences. Meanwhile, distributed denial-of-service (DDoS) attacks are becoming a major threat CPSs due their ease execution...

A distributed detection method is proposed to detect single stage multi-point (SSMP) attacks on a Cyber Physical System (CPS). Such aim at compromising two or more sensors actuators any one of CPS and could totally compromise controller prevent it from detecting the attack. However, as demonstrated in this work, using flow properties water other, neighboring was found effective such attacks. The based physical invariants derived for each its design. attack effectiveness evaluated...

An experimental investigation was undertaken to understand the impact of single-point cyber attacks on a Secure Water Treatment (SWaT) system. Cyber were launched SWaT through its SCADA server that connects Programmable Logic Controllers (PLCs) in turn are connected sensors and actuators. Attacks designed meet attacker objectives selected from novel model. Outcome experiments led better understanding (a) propagation an attack across system measured terms number components affected (b)...

An attacker model is proposed for Cyber Physical Systems (CPS). The attack models derived from the are used to generate parameterized procedures and functions that target a specific CPS. capture both physical cyber attacks unify number of existing into common framework useful researchers in experimental assessment detection techniques. generality shown by mapping broad variety here, as well generating not found CPS design literature. have been extensively understanding impact on water...

An approach to analyzing the security of a cyber-physical system (CPS) is proposed, where behavior physical plant and its controller are captured in approximate models, their interaction rigorously checked discover potential attacks that involve varying number compromised sensors actuators. As preliminary study, this has been applied fully functional water treatment testbed constructed at Singapore University Technology Design. The analysis revealed previously unknown were confirmed pose...

Our work considers the challenges related to education and research about security of industrial control systems (ICS). We propose address those through gamified competitions. Those competitions should target a broad range professionals (e. g., from academia industry). Furthermore, they involve both attack defense components. This could include development new techniques evaluation novel countermeasures. gamification idea resulted in design implementation SWaT Security Showdown (S3). S3 is...

A hackfest named SWaT Security Showdown (S <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">3</sup> ) has been organized consecutively for two years. S enabled researchers and practitioners to assess the effectiveness of methods products aimed at detecting cyber attacks launched in real-time on an operational water treatment plant, namely, Secure Water Treatment (SWaT). In , independent attack teams design launch while defence protect plant...

An experiment was conducted on a water treatment plant to investigate the effectiveness of using Kalman filter based attack detection schemes in Cyber Physical System (CPS). implemented with Chi-Square detector. Random, stealthy bias, and replay attacks were launched results analysed. Analysis indicates that false data injection cannot be detected by legacy failure methods.

Many self-adaptive systems benefit from human involvement and oversight, where a operator can provide expertise not available to the system detect problems that is unaware of. One way of achieving this by placing on loop - i.e., providing supervisory oversight intervening in case questionable adaptation decisions. To make such interaction effective, explanation sometimes helpful allow understand why making certain decisions calibrate confidence perspective. However, explanations come with...

Abstract Modern critical infrastructure, such as a water treatment plant, distribution system, and power grid, are representative of Cyber Physical Systems (CPSs) in which the physical processes monitored controlled real time. One source complexity systems is due to intra-system interactions inter-dependencies. Consequently, these potential target for attackers. When one or more infrastructure attacked, connected may also be affected cascading effects. In this paper, we report study...

Cyber-physical control systems, such as industrial systems (ICS), are increasingly targeted by cyberattacks. Such attacks can potentially cause tremendous damage, affect critical infrastructure or even jeopardize human life when the system does not behave intended. Cyberattacks, however, new and decades of security research have developed plenty solutions to thwart them. Unfortunately, many these cannot be easily applied safety-critical cyber-physical systems. Further, attack surface ICS is...

Security attacks present unique challenges to the design of self-adaptation mechanism for software-intensive systems due adversarial nature environment. Game-theoretical approaches have been explored in security model malicious behaviors and reliable defense system a mathematically grounded manner. However, modeling as single player, done prior works, is insufficient under partial compromise fine-grained defensive policies where rest with autonomy can cooperate mitigate impact attacks. To...

Argus, a framework for defending public utility against cyber-physical attacks, contains intelligent checkers that use invariants derived from the physical and chemical interactions among various components products of utility. An Argus implementation is independent traditional layered defense employs firewalls other network-based logic to prevent intrusions into control systems, hence referred as orthogonal defense. Portions have been implemented tested in an operational water treatment...

An approach is proposed to derive state-based invariants that, when programmed into a controller, proved be effective in detecting cyber attacks on an Industrial Control System (ICS). The begins with the ICS design and models its process dynamics using extended hybrid automata from which are derived. Each invariant inserted appropriate Programmable Logic Controller (PLC) as companion control code. active during operation serves check validity of system state accordance design. This approach,...