Abstract
From the point of view of the control theory, the literature indicates that stealthy and accurate cyber-physical attacks on Networked Control System (NCS) must be planned based on an accurate knowledge about the model of the attacked system. However, most literature about these attacks does not indicate how such knowledge is obtained by the attacker. So, to fill this hiatus, an Active System Identification attack is proposed in this paper, where the attacker injects data on the NCS to learn about its model. The attack is implemented based on two bio-inspired metaheuristics: Backtracking Search Optimization Algorithm (BSA) and Particle Swarm Optimization (PSO). To improve the accuracy of the estimated models, a statistical refinement is proposed for the outcomes of the two optimization algorithms. Additionally, a set of data injection attacks are shown in order to demonstrate the capability of the proposed attack in supporting the design of other sophisticated attacks. The results indicate a better performance of the BSA-based attacks, especially when the captured signals contain white Gaussian noise. The goal of this paper is to demonstrate the degree of accuracy that this System Identification attack may achieve, highlighting the potential impacts and encouraging the research of possible countermeasures.
Similar content being viewed by others
Notes
A preliminary version of this work was presented in the 10th EAI International Conference on Bio-inspired Information and Communications Technologies (BICT 2017) and published in the proceedings of the event [6]. The present paper proposes a refinement for the system identification method described in [6] and simulates a data injection attack using the data obtained after this refinement.
References
Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water scada systems part i: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21(5):1963–1970
Bou-Harb E, Debbabi M, Assi C (2014) Cyber scanning: a comprehensive survey. IEEE Commun Surv Tutorials 16(3):1496–1519
Chen X, Song Y, Yu J (2012) Network-in-the-loop simulation platform for control system. In: Asiasim 2012. Springer, pp 54–62
Civicioglu P (2013) Backtracking search optimization algorithm for numerical optimization problems. Appl Math Comput 219(15):8121–8144
Dasgupta S, Routh A, Banerjee S, Agilageswari K, Balasubramanian R, Bhandarkar S, Chattopadhyay S, Kumar M, Gupta A (2013) Networked control of a large pressurized heavy water reactor (phwr) with discrete proportional-integral-derivative (pid) controllers. IEEE Trans Nucl Sci 60(5):3879–3888
de Sa AO, da Costa Carmo LFR, Machado RCS (2017) Bio-inspired active attack for identification of networked control systems. In: 10th EAI international conference on bio-inspired information and communications technologies (BICT). ACM, pp 1–8
de Sa AO, da Costa Carmo LFR, Machado RCS (2017) Covert attacks in cyber-physical control systems. IEEE Trans Ind Inf 13(4):1641–1651. https://doi.org/10.1109/TII.2017.2676005
El-Sharkawi M, Huang C (1989) Variable structure tracking of dc motor for high performance applications. IEEE Trans Energy Convers 4(4):643–650
Farooqui AA, Zaidi SSH, Memon AY, Qazi S (2014) Cyber security backdrop: a scada testbed. In: Computing, communications and IT applications conference (comcomap), 2014 IEEE. IEEE, pp 98–103
George NV, Panda G (2012) A particle-swarm-optimization-based decentralized nonlinear active noise control system. IEEE Trans Instrum Meas 61(12):3378–3386
Guha D, Roy PK, Banerjee S (2016) Application of backtracking search algorithm in load frequency control of multi-area interconnected power system. Ain Shams Eng J
Kennedy R, Eberhart JE (1995) Particle swarm optimization. In: Proceedings of 1995 IEEE international conference on neural networks, pp 1942–1948
Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51
Long M, Wu C-H, Hung JY (2005) Denial of service attacks on network-based control systems: impact and mitigation. IEEE Trans Ind Inf 1(2):85–96
Öncü S, Ploeg J, van de Wouw N, Nijmeijer H (2014) Cooperative adaptive cruise control: network-aware analysis of string stability. IEEE Trans Intell Transp Syst 15(4):1527–1537
Precup R-E, Balint A-D, Radac M-B, Petriu EM (2015) Backtracking search optimization algorithm-based approach to pid controller tuning for torque motor systems. In: 2015 9th annual IEEE international systems conference (syscon). IEEE, pp 127–132
Sabău Ş, Oară C, Warnick S, Jadbabaie A (2017) Optimal distributed control for platooning via sparse coprime factorizations. IEEE Trans Autom Control 62(1):305–320
Shi Y, Huang J, Yu B (2013) Robust tracking control of networked control systems: application to a networked dc motor. IEEE Trans Ind Electron 60(12):5864–5874
Si ML, Li HX, Chen XF, Wang GH (2010) Study on sample rate and performance of a networked control system by simulation. In: Advanced materials research, vol 139. Trans Tech Publ, pp 2225–2228
Smith R (2011) A decoupled feedback structure for covertly appropriating networked control systems. In: Proceedings of the 18th IFAC world congress 2011, vol 18. IFAC-papersonline
Smith RS (2015) Covert misappropriation of networked control systems: presenting a feedback structure. IEEE Control Syst 35(1):82–92
Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Schwartz B, Kent ST, Strayer WT (2002) Single-packet ip traceback. IEEE/ACM Trans Networking (ToN) 10(6):721–734
Stallings W (2006) Cryptography and network security: principles and practices. Pearson Education India, Delhi
Teixeira A, Shames I, Sandberg H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135–148
Tran T, Ha QP, Nguyen HT (2007) Robust non-overshoot time responses using cascade sliding mode-pid control. Journal of Advanced Computational Intelligence and Intelligent Informatics 11(10):1224–1231
Tulleken HJ (1990) Generalized binary noise test-signal concept for improved identification-experiment design. Automatica 26(1):37–49
Uong S, Ngamroo I (2015) Coordinated control of dfig wind turbine and svc for robust power system stabilization. In: 2015 12th international conference on electrical engineering/electronics, computer, telecommunications and information technology (ECTI-CON). IEEE, pp 1–6
Acknowledgments
We appreciate the valuable comments and suggestions of the reviewers that contributed to the great improvement of the original version of this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
This research was partially supported by the Brazilian research agencies CNPq and FAPERJ.
Rights and permissions
About this article
Cite this article
de Sá, A.O., Carmo, L.F.R.d.C. & Machado, R.C.S. Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems. Mobile Netw Appl 25, 1944–1957 (2020). https://doi.org/10.1007/s11036-017-0943-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-017-0943-5