Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks
-
摘要: 信息物理系统(CPS)完整性攻击针对系统数据流发起攻击,破坏输入输出数据一致性,由于其攻击方式多变、隐蔽性强的特性,较其他CPS攻击在检测及防护上更为困难。为此,该文提出一种控制-输出双通道的数据加性-乘性联合编码检测方案,旨在检测完整性攻击并在3种典型攻击上进行验证,包括控制通道偏置攻击、输出通道重放攻击以及双通道隐蔽攻击。完整性攻击通过部分或全面系统信息的获取及掌控可使卡方检测器检测值小于阈值,从而实现对CPS系统“隐形”。为此,该文方案创新性地在通道两侧布置加性正负水印对以及乘性编码/解码矩阵对,未知信号及部件的引入为攻击者带来了信息不确定性,使残差统计特性偏离其期望数值。此外,水印对与矩阵对之间通过不同机制实现了解耦,其正负或互逆形式使得无攻击时不影响系统的控制性能,并且以时变形式防止攻击者对其重构。最后,通过计算推导出引入该文方案后3种攻击前后残差统计特性的变化,并以飞行器飞行轨迹仿真为例,说明方案的有效性和先进性。Abstract:
Objective Cyber-Physical Systems (CPS) are widely applied across infrastructure, aviation, energy, healthcare, manufacturing, and transportation, as computing, control, and sensing technologies advance. Due to the real-time interaction between information and physical processes, such systems are exposed to security risks during data exchange. Attacks on CPS can be grouped into availability, integrity, and reliability attacks based on information security properties. Integrity attacks manipulate data streams to disrupt the consistency between system inputs and outputs. Compared with the other two types, integrity attacks are more difficult to detect because of their covert and dynamic nature. Existing detection strategies generally modify control signals, sensing signals, or system models. Although these approaches can detect specific categories of attacks, they may reduce control performance and increase model complexity and response delay. Methods A joint additive and multiplicative coding detection scheme for the two-channel structure of control and output is proposed. Three representative integrity attacks are tested, including a control-channel bias attack, an output-channel replay attack, and a two-channel covert attack. These attacks remain stealthy by partially or fully obtaining system information and manipulating data so the residual-based χ2 detector output stays below the detection threshold. The proposed method introduces paired additive watermarking signals with positive and negative patterns, together with paired multiplicative coding and decoding matrices on both channels. These additional unknown signals and parameters introduce information uncertainty to the attacker and cause the residual statistics to deviate from the expected values constructed using known system information. The watermarking pairs and matrix pairs operate through different mechanisms. One uses opposite-sign injection, while the other uses a mutually inverse transformation. Therefore, normal control performance is maintained when no attack is present. The time-varying structure also prevents attackers from reconstructing or bypassing the detection mechanism. Results and Discussions Simulation experiments on an aerial vehicle trajectory model are conducted to assess both the influence of integrity attacks on flight paths and the effectiveness of the proposed detection scheme. The trajectory is modeled using Newton’s equations of motion, and attitude dynamics and rotational motion are omitted to focus on positional behavior. Detection performance with and without the proposed method is compared under the three attack scenarios ( Fig. 2 ,Fig. 3 ,Fig. 4 ). The results show that the proposed scheme enables effective identification of all attack types and maintains stable system behavior, demonstrating its practical applicability and improvement over existing approaches.Conclusions This study addresses the detection of integrity attacks in CPS. Three representative attack types (bias, replay, and covert attacks) are modeled, and the conditions required for their successful execution are analyzed. A detection approach combining additive watermarking and multiplicative encoding matrices is proposed and shown to detect all three attack types. The design uses paired positive-negative additive watermarks and paired encoding and decoding matrices to ensure accurate detection while maintaining normal control performance. A time-varying configuration is adopted to prevent attackers from reconstructing or bypassing the detection elements. Using an aerial vehicle trajectory simulation, the proposed approach is demonstrated to be effective and applicable to cyber-physical system security enhancement. -
[1] TEIXEIRA A, PÉREZ D, SANDBERG H, et al. Attack models and scenarios for networked control systems[C]. The 1st International Conference on High Confidence Networked Systems, Beijing, China, 2012: 55–64. doi: 10.1145/2185505.2185515. [2] 方崇荣. 信息物理系统中数据完整性攻击的检测与防御研究[D]. [博士论文], 浙江大学, 2021. doi: 10.27461/d.cnki.gzjdx.2021.001222.FANG Chongrong. Research on detection and defense of data integrity attacks in cyber-physical systems[D]. [Ph. D. dissertation], Zhejiang University, 2021. doi: 10.27461/d.cnki.gzjdx.2021.001222. [3] CÁRDENAS A A, AMIN S, LIN Z Y, et al. Attacks against process control systems: Risk assessment, detection, and response[C]. The 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 2011: 355–366. doi: 10.1145/1966913.1966959. [4] 叶丹, 靳凯净, 张天予. 网络攻击下的信息物理系统安全性研究综述[J]. 控制与决策, 2023, 38(8): 2243–2252. doi: 10.13195/j.kzyjc.2023.0386.YE Dan, JIN Kaijing, and ZHANG Tianyu. A survey on security of cyber-physical systems under network attacks[J]. Control and Decision, 2023, 38(8): 2243–2252. doi: 10.13195/j.kzyjc.2023.0386. [5] HUANG Xin, LI Jian, and SU Qingyu. An observer with cooperative interaction structure for biasing attack detection and secure control[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2023, 53(4): 2543–2553. doi: 10.1109/TSMC.2022.3213516. [6] 赵华. 工业控制系统异常检测算法研究[D]. [硕士论文], 冶金自动化研究设计院, 2013. doi: 10.7666/d.Y2362236.ZHAO Hua. Research on anomaly detection algorithm for industrial control systems[D]. [Master dissertation], Automation Research and Design Institute of Metallurgical Industry, 2013. doi: 10.7666/d.Y2362236. [7] MO Yilin and SINOPOLI B. Secure control against replay attacks[C]. 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, USA, 2009: 911–918. doi: 10.1109/ALLERTON.2009.5394956. [8] FERRARI R M G and TEIXEIRA A M H. Detection and isolation of replay attacks through sensor watermarking[J]. IFAC-PapersOnLine, 2017, 50(1): 7363–7368. doi: 10.1016/j.ifacol.2017.08.1502. [9] FANG Chongrong, QI Yifei, CHENG Peng, et al. Optimal periodic watermarking schedule for replay attack detection in cyber–physical systems[J]. Automatica, 2020, 112: 108698. doi: 10.1016/j.automatica.2019.108698. [10] 杜大军, 张竞帆, 张长达, 等. 动态水印攻击检测方法的鲁棒性研究[J]. 自动化学报, 2023, 49(12): 2557–2568. doi: 10.16383/j.aas.c200614.DU Dajun, ZHANG Jingfan, ZHANG Changda, et al. Robustness of dynamic-watermarking attack-detection method[J]. Acta Automatica Sinica, 2023, 49(12): 2557–2568. doi: 10.16383/j.aas.c200614. [11] MIAO Fei, ZHU Quanyan, PAJIC M, et al. Coding schemes for securing cyber-physical systems against stealthy data injection attacks[J]. IEEE Transactions on Control of Network Systems, 2017, 4(1): 106–117. doi: 10.1109/TCNS.2016.2573039. [12] YE Dan, ZHANG Tianyu, and GUO Ge. Stochastic coding detection scheme in cyber-physical systems against replay attack[J]. Information Sciences, 2019, 481: 432–444. doi: 10.1016/j.ins.2018.12.091. [13] 张正道, 杨佳佳, 谢林柏. 基于辅助信息补偿和控制信号编码的重放攻击检测方法[J]. 自动化学报, 2023, 49(7): 1508–1518. doi: 10.16383/j.aas.c210092.ZHANG Zhengdao, YANG Jiajia, and XIE Linbo. Replay attack detection method based on auxiliary information compensation and control signal coding[J]. Acta Automatica Sinica, 2023, 49(7): 1508–1518. doi: 10.16383/j.aas.c210092. [14] HOEHN A and ZHANG Ping. Detection of covert attacks and zero dynamics attacks in cyber-physical systems[C].2016 American Control Conference (ACC), Boston, USA, 2016: 302–307. doi: 10.1109/ACC.2016.7524932. [15] ATTAR M and LUCIA W. An active detection strategy based on dimensionality reduction for false data injection attacks in cyber-physical systems[J]. IEEE Transactions on Control of Network Systems, 2023, 10(4): 1844–1854. doi: 10.1109/TCNS.2023.3244103. [16] GRIFFIOEN P, WEERAKKODY S, and SINOPOLI B. An optimal design of a moving target defense for attack detection in control systems[C]. 2019 American Control Conference (ACC), Philadelphia, USA, 2019: 4527–4534. doi: 10.23919/ACC.2019.8814689. [17] XU Wangkun, JAIMOUKHA I M, and TENG Fei. Robust moving target defence against false data injection attacks in power grids[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 29–40. doi: 10.1109/TIFS.2022.3210864. [18] WANG Jiazhou, TIAN Jue, LIU Yang, et al. MMTD: Multistage moving target defense for security-enhanced D-FACTS operation[J]. IEEE Internet of Things Journal, 2023, 10(14): 12234–12247. doi: 10.1109/JIOT.2023.3245628. [19] ANDERSON B D O and MOORE J B. Optimal Filtering[M]. New York: Dover Publications, 2005: 307–341. [20] YE N, EMRAN S M, CHEN Q, et al. Multivariate statistical analysis of audit trails for host-based intrusion detection[J]. IEEE Transactions on Computers, 2002, 51(7): 810–820. doi: 10.1109/TC.2002.1017701. [21] KWON C, LIU Weiyi, and HWANG I. Security analysis for cyber-physical systems against stealthy deception attacks[C]. 2013 American Control Conference, Washington, USA, 2013: 3344–3349. doi: 10.1109/ACC.2013.6580348. -
下载:
图(4)
计量
- 文章访问数: 230
- HTML全文浏览量: 131
- PDF下载量: 36
- 被引次数: 0
下载:
