Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems
Abstract
This dissertation aims to address the security issues of insider cyber-physical attacks and provide a defense-in-depth attack-resilient control system approach for cyber-physical systems.
Firstly, security analysis for cyber-physical systems is investigated to identify potential risks and potential security enhancements. Vulnerabilities of the system and existing security solutions, including attack prevention, attack detection and attack mitigation strategies are analyzed.
Subsequently, a methodology to analyze and mathematically characterize insider attacks is developed. An attack pattern is introduced to represent key features in an insider cyber-physical attack, which includes attack goals, resources, constraints, modes, as well as probable attack paths. Patterns for such attacks are analyzed for different attack stages. Impacts and consequences of these attacks are analyzed by using an attack tree. Stealthy conditions of insider attacks are identified through temporal and spatial analysis, respectively.
On the defense side, a cross-layered detection scheme is developed to reveal stealthy insider attacks, and an attack-resilient control scheme is proposed to mitigate impacts of these attacks. The detection scheme includes a hierarchical approach by incorporating different detection methods in multiple layers to provide a defense-in-depth detection against the attacks. A model-based anomaly detection method is used to uncover the anomalies caused by temporal stealthy attacks, while a data-driven clustering detection method is used to recognized anomalies induced by spatial stealthy attacks. The attack-resilient control scheme consists of a decision logic and multiple attack-resilient controllers. The decision logic responds to the anomalies identified by the detection scheme and subsequently switches to suitable controllers. These controllers are designed to respond to these attacks and mitigate or minimize their impacts.
To validate the above methodologies, a general guideline for designing an experimental security assessment platform has been developed in this dissertation. Furthermore, a modular approach is proposed to design and implement a platform to simulate various insider attacks and to evaluate corresponding defense mechanisms on a cyber-physical system. The designed platform has been implemented on a physical component based dynamic system simulator, known as Nuclear Process Control Test Facility (NPCTF). The proposed vulnerability assessment and security enhancement techniques have been validated under different insider attacker scenarios.