https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
Gualandi, Gabriele
Publications (2 of 2) Show all publications
Gualandi, G. & Papadopoulos, A. (2023). Worst-Case Impact Assessment of Multi-Alarm Stealth Attacks Against Control Systems with CUSUM-Based Anomaly Detection. In: 2023 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING AND SELF-ORGANIZING SYSTEMS, ACSOS: . Paper presented at 4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Toronto, Canada, 25-29 September, 2023 (pp. 117-126). (4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS))
Open this publication in new window or tab >>Worst-Case Impact Assessment of Multi-Alarm Stealth Attacks Against Control Systems with CUSUM-Based Anomaly Detection
2023 (English)In: 2023 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING AND SELF-ORGANIZING SYSTEMS, ACSOS, 2023, no 4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), p. 117-126Conference paper, Published paper (Other academic)
Abstract [en]

Manipulating sensor data can deceive cyber-physical systems (CPSs), leading to hazardous conditions in physical plants. An Anomaly Detection System (ADS) like CUSUM detects ongoing attacks by comparing sensor signals with those generated by a model. However, physics-based methods are threshold-based, which can result in both false positives and undetectable attacks. This can lead to undetected attacks impacting the system state and potentially causing large deviations from the desired behavior. In this paper, we introduce a metric called transparency that uniquely quantifies the effectiveness of an ADS in terms of its ability to prevent state deviation. While existing research focuses on designing optimal zero-alarm stealth attacks, we address the challenge of detecting more sophisticated multi-alarm attacks that generate alarms at a rate comparable to the system noise. Through our analysis, we identify the conditions that require the inclusion of multi-alarm scenarios in worst-case impact assessments. We also propose an optimization problem designed to identify multi-alarm attacks by relaxing the constraints of a zero-alarm attack problem. Our findings reveal that multi-alarm attacks can cause a more significant state deviation than zero-alarm attacks, emphasizing their critical importance in the security analysis of control systems.

Keywords
security, control systems, optimization
National Category
Control Engineering
Identifiers
urn:nbn:se:mdh:diva-65354 (URN)10.1109/ACSOS58161.2023.00029 (DOI)001122711700013 ()2-s2.0-85181772989 (Scopus ID)979-8-3503-3744-0 (ISBN)
Conference
4th IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Toronto, Canada, 25-29 September, 2023
Available from: 2024-01-17 Created: 2024-01-17 Last updated: 2024-01-17Bibliographically approved
Gualandi, G., Maggio, M. & Papadopoulos, A. (2022). Optimization-based attack against control systems with CUSUM-based anomaly detection. In: 2022 30th Mediterranean Conference on Control and Automation, MED 2022: . Paper presented at 30th Mediterranean Conference on Control and Automation, MED 2022, Athens, Greece, 28/6-1/7, 2022 (pp. 896-901). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Optimization-based attack against control systems with CUSUM-based anomaly detection
2022 (English)In: 2022 30th Mediterranean Conference on Control and Automation, MED 2022, Institute of Electrical and Electronics Engineers Inc. , 2022, p. 896-901Conference paper, Published paper (Refereed)
Abstract [en]

Security attacks on sensor data can deceive a control system and force the physical plant to reach an unwanted and potentially dangerous state. Therefore, attack detection mechanisms are employed in cyber-physical control systems to detect ongoing attacks, the most prominent one being a threshold-based anomaly detection method called CUSUM. Literature defines the maximum impact of stealth attacks as the maximum deviation in the plant's state that an undetectable attack can introduce, and formulates it as an optimization problem. This paper proposes an optimization-based attack with different saturation models, and it investigates how the attack duration significantly affects the impact of the attack on the state of the plant. We show that more dangerous attacks can be discovered when allowing saturation of the control system actuators. The proposed approach is compared with the geometric attack, showing how longer attack durations can lead to a greater impact of the attack while keeping the attack stealthy. © 2022 IEEE.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2022
Series
Mediterranean Conference on Control and Automation
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-59852 (URN)10.1109/MED54222.2022.9837192 (DOI)000854013700146 ()2-s2.0-85136286305 (Scopus ID)9781665406734 (ISBN)
Conference
30th Mediterranean Conference on Control and Automation, MED 2022, Athens, Greece, 28/6-1/7, 2022
Available from: 2022-08-31 Created: 2022-08-31 Last updated: 2022-11-17Bibliographically approved
Organisations

Search in DiVA

Show all publications