Revealing Ongoing Sensor Attacks in Industrial Control System Via Setpoint Modification

Zhihao Dai, Ligang He, Shuang-hua Yang, Matthew Leeke

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A variety of Intrusion Detection Systems (IDSs) for Industrial Control Systems have been proposed to detect attacks and alert operators. Passive and active detection schemes are characterised by whether or not they interact with the process under control, though both categories of approach have limitations relating to either known correlations in the process data or the use of explicit system modelling. We propose setpoint modification as a strategy to address those limitations. The approach superimposes Gaussian noises on setpoint values, which aids in revealing latent correlations between setpoints and measurements, thereby allowing machine learning-based IDSs to learn them during training and verify during inference. We show that by applying the approach to a linear system with PID control, statistical tests can be configured such that the distortion power of sensor attacks is nullified. Building on this foundation, we further adapt passive IDSs for active discovery of sensor attacks in a process-agnostic fashion. The proposed strategy is evaluated using a nonlinear and simulated industrial benchmark, affirming that the approach enhances intrusion detection performance when the specific sensor under consideration is targeted whilst incurring marginal cost. Finally, we explore changing setpoints concurrently when the attacker could manipulate an arbitrary sensor, which also boosts detection performance and motivates the exploration of setpoint selection.
Original languageEnglish
Title of host publication2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
PublisherIEEE
Number of pages9
ISBN (Electronic)9798350304602
ISBN (Print)9798350304619
DOIs
Publication statusPublished - 25 Dec 2023
Event21st IEEE International Conference on Dependable, Autonomic & Secure Computing
- Abu Dhabi, United Arab Emirates
Duration: 14 Nov 202317 Nov 2023
https://icnetlab.org/cyber-science2023/dasc/index.html

Publication series

NameIEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC)
PublisherIEEE
ISSN (Print)2837-0724
ISSN (Electronic)2837-0740

Conference

Conference21st IEEE International Conference on Dependable, Autonomic & Secure Computing
Abbreviated titleDASC 2023
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period14/11/2317/11/23
Internet address

Bibliographical note

Originally presented 14 Nov 2023, at 21st IEEE International Conference on Dependable, Autonomic & Secure Computing

Fingerprint

Dive into the research topics of 'Revealing Ongoing Sensor Attacks in Industrial Control System Via Setpoint Modification'. Together they form a unique fingerprint.

Cite this