Abstract
Cyber-Physical Systems (CPS) combine computational, communication, sensory and control capabilities to monitor and regulate physical domain processes. CPSs are becoming increasingly networked with the cyber world, opening access to communication with control rooms, command and control stations, other computer based systems, or even the Internet. Examples of cyber-physical systems include transportation networks, Unmanned Aerial Vehicle Systems (UAV’s), nuclear power generation, electric power distribution networks, water and gas distribution networks, and advanced communication systems. In all cases, current technology has introduced the capability of integrating information from numerous instrumentation and control systems and transmitting needed information to operations personnel in a timely manner.
While the application of perimeter security technologies has been utilized to help manage the possibility of cyber attackers exploiting highly automated cyber physical systems, the rate of successful attacks against critical infrastructures continues to be problematic and increasing [1]. Furthermore, the trend in adversarial attacks is moving toward well-formed coordinated multi-vector attacks that compromise the system in such a way that detection and identification is challenging for perimeter security solutions and human monitoring.
This research effort constructed a methodology to defend against stealthy, low probability of detection, and high impact cyber-attacks on CPS. The goal is to increase the level of difficulty to perform a stealthy attack by improving the probability of detection, isolation and limiting the impact of an attack. The study uses the example of a UAV navigation system comprising of a redundant set of INS and GPS units solving the problem posed by Kwon et al [2] that there exist false injection attacks that evade fault detection techniques, allowing the adversary to deviate an aircraft.
The examined architecture is comprised of a diverse sensory architecture within the CPS, avoiding supply chain vulnerabilities, and provides several possible trustworthy references. Expanding from a system with multiple components, a similarity measurement between INSs and GPSs is developed leveraging their unique characteristics and relationship. Assuming that an adversary is restricted to attacking a singular navigation component, the method is able to detect and isolate persistent cyber-attack for a large enough deviation.
An analytic attack model of a UAV navigation system comprising of multiple INS/GPS is validated with a complementary simulation, using a combination of a logical decision tree and similarity measurement analyses, the method correctly detects an infected component with a low false alarm rate(0.01) The latency of the attack decreases as the rate of deviation increases. The maximum deviation an adversary can deviate an INS without being detected is about 30m of a 30min flight, on INSs with 0.05 and 0.07 m/s^2 acceleration measurement error. The maximum deviation an adversary can deviate an GPS without being detected is about 16m of a 30min flight, on GPSs with 3 and 4 m/s^2 position measurement error.
