Skip to main content
SpringerLink
Log in

Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

From the point of view of the control theory, the literature indicates that stealthy and accurate cyber-physical attacks on Networked Control System (NCS) must be planned based on an accurate knowledge about the model of the attacked system. However, most literature about these attacks does not indicate how such knowledge is obtained by the attacker. So, to fill this hiatus, an Active System Identification attack is proposed in this paper, where the attacker injects data on the NCS to learn about its model. The attack is implemented based on two bio-inspired metaheuristics: Backtracking Search Optimization Algorithm (BSA) and Particle Swarm Optimization (PSO). To improve the accuracy of the estimated models, a statistical refinement is proposed for the outcomes of the two optimization algorithms. Additionally, a set of data injection attacks are shown in order to demonstrate the capability of the proposed attack in supporting the design of other sophisticated attacks. The results indicate a better performance of the BSA-based attacks, especially when the captured signals contain white Gaussian noise. The goal of this paper is to demonstrate the degree of accuracy that this System Identification attack may achieve, highlighting the potential impacts and encouraging the research of possible countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. A preliminary version of this work was presented in the 10th EAI International Conference on Bio-inspired Information and Communications Technologies (BICT 2017) and published in the proceedings of the event [6]. The present paper proposes a refinement for the system identification method described in [6] and simulates a data injection attack using the data obtained after this refinement.

References

  1. Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water scada systems part i: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21(5):1963–1970

    Article  Google Scholar 

  2. Bou-Harb E, Debbabi M, Assi C (2014) Cyber scanning: a comprehensive survey. IEEE Commun Surv Tutorials 16(3):1496–1519

    Article  Google Scholar 

  3. Chen X, Song Y, Yu J (2012) Network-in-the-loop simulation platform for control system. In: Asiasim 2012. Springer, pp 54–62

  4. Civicioglu P (2013) Backtracking search optimization algorithm for numerical optimization problems. Appl Math Comput 219(15):8121–8144

    MathSciNet  MATH  Google Scholar 

  5. Dasgupta S, Routh A, Banerjee S, Agilageswari K, Balasubramanian R, Bhandarkar S, Chattopadhyay S, Kumar M, Gupta A (2013) Networked control of a large pressurized heavy water reactor (phwr) with discrete proportional-integral-derivative (pid) controllers. IEEE Trans Nucl Sci 60(5):3879–3888

    Article  Google Scholar 

  6. de Sa AO, da Costa Carmo LFR, Machado RCS (2017) Bio-inspired active attack for identification of networked control systems. In: 10th EAI international conference on bio-inspired information and communications technologies (BICT). ACM, pp 1–8

  7. de Sa AO, da Costa Carmo LFR, Machado RCS (2017) Covert attacks in cyber-physical control systems. IEEE Trans Ind Inf 13(4):1641–1651. https://doi.org/10.1109/TII.2017.2676005

  8. El-Sharkawi M, Huang C (1989) Variable structure tracking of dc motor for high performance applications. IEEE Trans Energy Convers 4(4):643–650

    Article  Google Scholar 

  9. Farooqui AA, Zaidi SSH, Memon AY, Qazi S (2014) Cyber security backdrop: a scada testbed. In: Computing, communications and IT applications conference (comcomap), 2014 IEEE. IEEE, pp 98–103

  10. George NV, Panda G (2012) A particle-swarm-optimization-based decentralized nonlinear active noise control system. IEEE Trans Instrum Meas 61(12):3378–3386

    Article  Google Scholar 

  11. Guha D, Roy PK, Banerjee S (2016) Application of backtracking search algorithm in load frequency control of multi-area interconnected power system. Ain Shams Eng J

  12. Kennedy R, Eberhart JE (1995) Particle swarm optimization. In: Proceedings of 1995 IEEE international conference on neural networks, pp 1942–1948

  13. Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51

    Article  Google Scholar 

  14. Long M, Wu C-H, Hung JY (2005) Denial of service attacks on network-based control systems: impact and mitigation. IEEE Trans Ind Inf 1(2):85–96

    Article  Google Scholar 

  15. Öncü S, Ploeg J, van de Wouw N, Nijmeijer H (2014) Cooperative adaptive cruise control: network-aware analysis of string stability. IEEE Trans Intell Transp Syst 15(4):1527–1537

    Article  Google Scholar 

  16. Precup R-E, Balint A-D, Radac M-B, Petriu EM (2015) Backtracking search optimization algorithm-based approach to pid controller tuning for torque motor systems. In: 2015 9th annual IEEE international systems conference (syscon). IEEE, pp 127–132

  17. Sabău Ş, Oară C, Warnick S, Jadbabaie A (2017) Optimal distributed control for platooning via sparse coprime factorizations. IEEE Trans Autom Control 62(1):305–320

    Article  MathSciNet  Google Scholar 

  18. Shi Y, Huang J, Yu B (2013) Robust tracking control of networked control systems: application to a networked dc motor. IEEE Trans Ind Electron 60(12):5864–5874

    Article  Google Scholar 

  19. Si ML, Li HX, Chen XF, Wang GH (2010) Study on sample rate and performance of a networked control system by simulation. In: Advanced materials research, vol 139. Trans Tech Publ, pp 2225–2228

  20. Smith R (2011) A decoupled feedback structure for covertly appropriating networked control systems. In: Proceedings of the 18th IFAC world congress 2011, vol 18. IFAC-papersonline

  21. Smith RS (2015) Covert misappropriation of networked control systems: presenting a feedback structure. IEEE Control Syst 35(1):82–92

    Article  MathSciNet  Google Scholar 

  22. Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Schwartz B, Kent ST, Strayer WT (2002) Single-packet ip traceback. IEEE/ACM Trans Networking (ToN) 10(6):721–734

    Article  Google Scholar 

  23. Stallings W (2006) Cryptography and network security: principles and practices. Pearson Education India, Delhi

    Google Scholar 

  24. Teixeira A, Shames I, Sandberg H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135–148

    Article  MathSciNet  Google Scholar 

  25. Tran T, Ha QP, Nguyen HT (2007) Robust non-overshoot time responses using cascade sliding mode-pid control. Journal of Advanced Computational Intelligence and Intelligent Informatics 11(10):1224–1231

    Article  Google Scholar 

  26. Tulleken HJ (1990) Generalized binary noise test-signal concept for improved identification-experiment design. Automatica 26(1):37–49

    Article  MathSciNet  Google Scholar 

  27. Uong S, Ngamroo I (2015) Coordinated control of dfig wind turbine and svc for robust power system stabilization. In: 2015 12th international conference on electrical engineering/electronics, computer, telecommunications and information technology (ECTI-CON). IEEE, pp 1–6

Download references

Acknowledgments

We appreciate the valuable comments and suggestions of the reviewers that contributed to the great improvement of the original version of this paper.

Author information

Authors and Affiliations

  1. Admiral Wandenkolk Instruction Center, Brazilian Navy, Rio de Janeiro, Brazil

    Alan Oliveira de Sá

  2. Institute of Mathematics/NCE, Federal University of Rio de Janeiro, Rio de Janeiro, Brazil

    Alan Oliveira de Sá & Luiz F. R. da C. Carmo

  3. National Institute of Metrology, Quality and Technology, Rio de Janeiro, Brazil

    Luiz F. R. da C. Carmo & Raphael C. S. Machado

  4. Rio de Janeiro Federal Center for Technological Education, Rio de Janeiro, Brazil

    Raphael C. S. Machado

Authors
  1. Alan Oliveira de Sá
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luiz F. R. da C. Carmo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raphael C. S. Machado
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alan Oliveira de Sá.

Additional information

This research was partially supported by the Brazilian research agencies CNPq and FAPERJ.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

de Sá, A.O., Carmo, L.F.R.d.C. & Machado, R.C.S. Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems. Mobile Netw Appl 25, 1944–1957 (2020). https://doi.org/10.1007/s11036-017-0943-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-017-0943-5

Keywords

Search

Navigation