research-article

NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems

Authors:

Chuadhry Mujeeb Ahmed,

Aditya P. Mathur,

Carlos Murguia,

Justin RuthsAuthors Info & Claims

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 483 - 497

https://doi.org/10.1145/3196494.3196532

Published: 29 May 2018 Publication History

Abstract

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint.

References

[1]

B.M. Adams, W.H. Woodall, and C.A. Lowry . 1992. The use (and misuse) of false alarm probabilities in control chart design. Frontiers in Statistical Quality Control 4 (1992), 155--168.

[2]

Sridhar Adepu and Aditya Mathur . 2016. Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS '16). ACM, New York, NY, USA, 449--460.

Digital Library

[3]

C. M. Ahmed, A.Sridhar, and M. Aditya . 2016. Limitations of state estimation based cyber attack detection schemes in industrial control systems. In IEEE Smart City Security and Privacy Workshop, CPSWeek.

[4]

C. M. Ahmed and A. P. Mathur . 2017. Hardware Identification via Sensor Fingerprinting in a Cyber Physical System 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). 517--524.

[5]

Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths . 2017 a. Model-based Attack Detection Scheme for Smart Water Distribution Networks Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 101--113.

Digital Library

[6]

Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, and Aditya P. Mathur . 2017 b. WADI: A Water Distribution Testbed for Research in the Design of Secure Cyber Physical Systems. In Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWATER '17). ACM, New York, NY, USA, 25--28.

Digital Library

[7]

Z. Akata, F. Perronnin, Z. Harchaoui, and C. Schmid . 2014. Good Practice in Large-Scale Learning for Image Classification. IEEE Transactions on Pattern Analysis and Machine Intelligence Vol. 36, 3 (March . 2014), 507--520. p://dl.acm.org/citation.cfm?id=2831143.2831199 tempurl

Digital Library

[8]

A. Sridhar and M. Aditya . 2016. Generalized Attacker and Attack Models for Cyber Physical Systems 40th IEEE COMPSAC.

[9]

S. Sridhar, A. Hahn, and M. Govindarasu . 2012. Cyber Physical System Security for the Electric Power Grid. Proc. IEEE Vol. 100, 1 (Jan . 2012), 210--224. showISSN0018--9219

[10]

David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg . 2016. Limiting the impact of stealthy attacks on industrial control systems Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1092--1105.

Digital Library

[11]

C.S. van Dobben de Bruyn . 1968. Cumulative sum tests : theory and practice. London : Griffin.

[12]

Xiukun Wei, Michel Verhaegen, and Tim van Engelen . 2010. Sensor fault detection and isolation for wind turbines based on subspace identification and Kalman filter techniques. International Journal of Adaptive Control and Signal Processing Vol. 24, 8 (2010), 687--707. showISSN1099--1115

[13]

Peter Welch . 1967. The use of fast Fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms. IEEE Transactions on audio and electroacoustics Vol. 15, 2 (1967), 70--73.

[14]

Wired . 2015. A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever. https://www.wired.com/2015/01/german-steel-mill-hack-destruction/. (2015).

[15]

S. Yasser, M. Paul, T. Paulo, and S. Mani . 2013. Non-invasive Spoofing Attacks for Anti-lock Braking Systems CHES, Springer Link, Vol. Vol. 8086. 55--72.

Digital Library

Cited By

Ahmed CZhou J(2025)Authentication for Cyber-Physical SystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1721(159-163)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1721
Tippenhauer N(2025)Attack Detection for Cyber-Physical SystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1720(115-118)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1720
Erba AMurillo ATaormina RGalelli STippenhauer NSun RZhang M(2024)On Practical Realization of Evasion Attacks for Industrial Control SystemsProceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security10.1145/3689930.3695213(9-25)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689930.3695213
Show More Cited By

Index Terms

NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems
1. Security and privacy

Recommendations

Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

A novel scheme is proposed to authenticate sensors and detect data integrity attacks in a Cyber Physical System (CPS). The proposed technique uses the hardware characteristics of a sensor and physics of a process to create unique patterns (herein termed ...
NoiSense Print: Detecting Data Integrity Attacks on Sensor Measurements Using Hardware-based Fingerprints

Fingerprinting of various physical and logical devices has been proposed for uniquely identifying users or devices of mainstream IT systems such as PCs, laptops, and smart phones. However, the application of such techniques in Industrial Control Systems (...
Process skew: fingerprinting the process for anomaly detection in industrial control systems
WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

In an Industrial Control System (ICS), its complex network of sensors, actuators and controllers have raised security concerns. In this paper, we proposed a technique called Process Skew that uses the small deviations in the ICS process (herein called as ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

May 2018

866 pages

ISBN:9781450355766

DOI:10.1145/3196494

General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '18

Sponsor:

SIGSAC

ASIA CCS '18: ACM Asia Conference on Computer and Communications Security

June 4, 2018

Incheon, Republic of Korea

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
1,062
Total Downloads

Downloads (Last 12 months)71
Downloads (Last 6 weeks)6

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ahmed CZhou J(2025)Authentication for Cyber-Physical SystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1721(159-163)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1721
Tippenhauer N(2025)Attack Detection for Cyber-Physical SystemsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1720(115-118)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1720
Erba AMurillo ATaormina RGalelli STippenhauer NSun RZhang M(2024)On Practical Realization of Evasion Attacks for Industrial Control SystemsProceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security10.1145/3689930.3695213(9-25)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689930.3695213
Sourav SChen B(2024)Exposing Hidden Attackers in Industrial Control Systems Using Micro-DistortionsIEEE Transactions on Smart Grid10.1109/TSG.2023.330071015:2(2089-2101)Online publication date: Mar-2024
https://doi.org/10.1109/TSG.2023.3300710
Rahimpour HTusek JMusleh ALiu BAbuadbba APhung TSeneviratne A(2024)A Review of Cybersecurity Challenges in Smart Power TransformersIEEE Access10.1109/ACCESS.2024.351849412(193972-193996)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3518494
Yang LWen C(2024)Multilevel identity fine authentication method based on time-frequency domain feature extraction in industrial internet of things systemJournal of Control and Decision10.1080/23307706.2024.2408308(1-14)Online publication date: 22-Oct-2024
https://doi.org/10.1080/23307706.2024.2408308
Wang RAhmed C(2024)Differential Privacy with Selected Privacy Budget $$\epsilon $$ in a Cyber Physical System Using Machine LearningApplied Cryptography and Network Security Workshops10.1007/978-3-031-61489-7_7(101-116)Online publication date: 29-Jun-2024
https://doi.org/10.1007/978-3-031-61489-7_7
Saraiva GApolinário FPardal M(2024)IM-DISCO: Invariant Mining for Detecting IntrusionS in Critical OperationsComputer Security. ESORICS 2023 International Workshops10.1007/978-3-031-54129-2_3(42-58)Online publication date: 12-Mar-2024
https://doi.org/10.1007/978-3-031-54129-2_3
Kumar VPaul K(2023)Device Fingerprinting for Cyber-Physical Systems: A SurveyACM Computing Surveys10.1145/358494455:14s(1-41)Online publication date: 21-Feb-2023
https://dl.acm.org/doi/10.1145/3584944
Zhang FWu QXuan BChen YLin WPoskitt CSun JChen B(2023)Constructing Cyber-Physical System Testing Suites Using Active Sensor FuzzingIEEE Transactions on Software Engineering10.1109/TSE.2023.330933049:11(4829-4845)Online publication date: Nov-2023
https://doi.org/10.1109/TSE.2023.3309330
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten