Subscribe to the gold package and get unlimited access to Shamra Academy
Register a new userIntrusion Detection and Localization for Networked Embedded Control Systems
70
0
0.0
(
0
)
Ask ChatGPT about the research
No Arabic abstract
Closed-loop control systems employ continuous sensing and actuation to maintain controlled variables within preset bounds and achieve the desired system output. Intentional disturbances in the system, such as in the case of cyberattacks, can compromise reachability of control goals, and in several cases jeopardize safety. The increasing connectivity and exposure of networked control to external networks has enabled attackers to compromise these systems by exploiting security vulnerabilities. Attacks against safety-critical control loops can not only drive the system over a trajectory different from the desired, but also cause fatal consequences to humans. In this paper we present a physics-based Intrusion Detection System (IDS) aimed at increasing the security in control systems. In addition to conventional process state estimation for intrusion detection, since the controller cannot be trusted, we introduce a controller state estimator. Additionally, we make our detector context-aware by utilizing sensor measurements from other control loops, which allows to distinguish and characterize disturbances from attacks. We introduce adaptive thresholding and adaptive filtering as means to achieve context-awareness. Together, these methodologies allow detection and localization of attacks in closed-loop controls. Finally, we demonstrate feasibility of the approach by mounting a series of attacks against a networked Direct Current (DC) motor closed-loop speed control deployed on an ECU testbed, as well as on a simulated automated lane keeping system. Among other application domains, this set of approaches is key to support security in automotive systems, and ultimately increase road and passenger safety.
rate research
Read More
We here investigate secure control of networked control systems developing a new dynamic watermarking (DW) scheme. Firstly, the weaknesses of the conventional DW scheme are revealed, and the tradeoff between the effectiveness of false data injection attack (FDIA) detection and system performance loss is analysed. Secondly, we propose a new DW scheme, and its attack detection capability is interrogated using the additive distortion power of a closed-loop system. Furthermore, the FDIA detection effectiveness of the closed-loop system is analysed using auto/cross covariance of the signals, where the positive correlation between the FDIA detection effectiveness and the watermarking intensity is measured. Thirdly, the tolerance capacity of FDIA against the closed-loop system is investigated, and theoretical analysis shows that the system performance can be recovered from FDIA using our new DW scheme. Finally, experimental results from a networked inverted pendulum system demonstrate the validity of our proposed scheme.
This paper aims to create a secure environment for networked control systems composed of multiple dynamic entities and computational control units via networking, in the presence of disclosure attacks. In particular, we consider the situation where some dynamic entities or control units are vulnerable to attacks and can become malicious. Our objective is to ensure that the input and output data of the benign entities are protected from the malicious entities as well as protected when they are transferred over the networks in a distributed environment. Both these security requirements are achieved using cryptographic techniques. However, the use of cryptographic mechanisms brings additional challenges to the design of controllers in the encrypted state space; the closed-loop system gains and states are required to match the specified cryptographic algorithms. In this paper, we propose a methodology for the design of secure networked control systems integrating the cryptographic mechanisms with the control algorithms. The approach is based on the separation principle, with the cryptographic techniques addressing the security requirements and the control algorithms satisfying their performance requirements.
Estimating the occurrence of packet losses in a networked control systems (NCS) can be used to improve the control performance and to detect failures or cyber-attacks. This study considers simultaneous estimation of the plant state and the packet loss occurrences at each time step. After formulation of the problem, two solutions are proposed. In the first one, an input-output representation of the NCS model is used to design a recursive filter for estimation of the packet loss occurrences. This estimation is then used for state estimation through Kalman filtering. In the second solution, a state space model of NCS is used to design an estimator for both the plant state and the packet loss occurrences which employs a Kalman filter. The effectiveness of the solutions is shown during an example and comparisons are made between the proposed solutions and another solution based on the interacting multiple model estimation method.
We analyze the closed-loop control performance of a networked control system that consists of $N$ independent linear feedback control loops, sharing a communication network with $M$ channels ($M<N$). A centralized scheduler, employing a scheduling protocol that produces periodic communication sequences, dictates which feedback loops should utilize all these channels. Under the periodic scheduling protocol, we derive analytical expressions for quantifying the overall control performance of the networked control system in terms of a quadratic function. We also formulate the offline combinatorial optimization of communication sequences for a given collection of linear feedback control subsystems. Then, we apply Monte Carlo Tree Search to determine the period of these communication sequences that attain near-optimal control performance. Via numerical studies, we show the effectiveness of the proposed framework.
Unmanned Aerial Vehicles (UAV)-based civilian or military applications become more critical to serving civilian and/or military missions. The significantly increased attention on UAV applications also has led to security concerns particularly in the context of networked UAVs. Networked UAVs are vulnerable to malicious attacks over open-air radio space and accordingly, intrusion detection systems (IDSs) have been naturally derived to deal with the vulnerabilities and/or attacks. In this paper, we briefly survey the state-of-the-art IDS mechanisms that deal with vulnerabilities and attacks under networked UAV environments. In particular, we classify the existing IDS mechanisms according to information gathering sources, deployment strategies, detection methods, detection states, IDS acknowledgment, and intrusion types. We conclude this paper with research challenges, insights, and future research directions to propose a networked UAV-IDS system which meets required standards of effectiveness and efficiency in terms of the goals of both security and performance.
Log in to be able to interact and post comments
comments
Fetching comments
Sign in to be able to follow your search criteria
