Doctor of Philosophy
Electrical and Computer Engineering
This dissertation aims to address the security issues of insider cyber-physical attacks and provide a defense-in-depth attack-resilient control system approach for cyber-physical systems.
Firstly, security analysis for cyber-physical systems is investigated to identify potential risks and potential security enhancements. Vulnerabilities of the system and existing security solutions, including attack prevention, attack detection and attack mitigation strategies are analyzed.
Subsequently, a methodology to analyze and mathematically characterize insider attacks is developed. An attack pattern is introduced to represent key features in an insider cyber-physical attack, which includes attack goals, resources, constraints, modes, as well as probable attack paths. Patterns for such attacks are analyzed for different attack stages. Impacts and consequences of these attacks are analyzed by using an attack tree. Stealthy conditions of insider attacks are identified through temporal and spatial analysis, respectively.
On the defense side, a cross-layered detection scheme is developed to reveal stealthy insider attacks, and an attack-resilient control scheme is proposed to mitigate impacts of these attacks. The detection scheme includes a hierarchical approach by incorporating different detection methods in multiple layers to provide a defense-in-depth detection against the attacks. A model-based anomaly detection method is used to uncover the anomalies caused by temporal stealthy attacks, while a data-driven clustering detection method is used to recognized anomalies induced by spatial stealthy attacks. The attack-resilient control scheme consists of a decision logic and multiple attack-resilient controllers. The decision logic responds to the anomalies identified by the detection scheme and subsequently switches to suitable controllers. These controllers are designed to respond to these attacks and mitigate or minimize their impacts.
To validate the above methodologies, a general guideline for designing an experimental security assessment platform has been developed in this dissertation. Furthermore, a modular approach is proposed to design and implement a platform to simulate various insider attacks and to evaluate corresponding defense mechanisms on a cyber-physical system. The designed platform has been implemented on a physical component based dynamic system simulator, known as Nuclear Process Control Test Facility (NPCTF). The proposed vulnerability assessment and security enhancement techniques have been validated under different insider attacker scenarios.
Summary for Lay Audience
The objective of this dissertation is to develop a framework and associated techniques to analyze, design and demonstrate a control system against insider attacks in cyber-physical systems. The contributions of the current dissertation can be summarized into three main groups: (1) security analysis, (2) security enhancement, and (3) security evaluation.
Firstly, the work on security analysis links attack threats with system vulnerabilities. The outcome of the analysis can then be used to improve the security of CPSs against potential insider attacks.
Secondly, a security enhancement framework provides an online cross-layered detection scheme and an attack-resilient control scheme to mitigate effects of attacks. The cross-layered design fuses data from both the cyber layer and the physical layer, integrates them with model-based and data-driven methods to provide a stronger and more robust defense-in-depth detection. The attack defensive framework offers a defense-in-depth protection against insider attacks to maintain the CPS in a safe state. By using the proposed framework, system security has been enhanced as attack anomalies are detected quickly, and the system operator can be alerted promptly to take actions and to mitigate impacts of the attacks.
Thirdly, a general design methodology for developing a security assessment platform has been developed, which provides an overview on how to develop a security platform on a cyber-physical system. Modular design makes the development and implementation flexible. Security experimentation and associated performance evaluation techniques on a specific cyber-physical system have been carried out. Experimental case studies have demonstrated that the platform is capable of identifying system vulnerabilities, validating various detection and mitigation strategies, and evaluating system security conditions and providing insights for security enhancement.
Ning, Xirong, "Analysis, Design and Demonstration of Control Systems Against Insider Attacks in Cyber-Physical Systems" (2019). Electronic Thesis and Dissertation Repository. 6248.