(419e) Switching-Enabled Active Detection of False-Data Injection Cyberattacks on Process Control Systems

In the past decade, cyberattacks targeting industrial control systems such as process control systems (PCSs) have increased in frequency and sophistication [1]. To bolster the cybersecurity protections provided by information technology infrastructure, a variety of controller-based approaches for cybersecurity have been proposed [2]-[5]. Cyberattack-resilient control approaches [2], attack detection schemes (e.g., [3]-[5]), and attack identification and mitigation strategies (e.g., [6], [7]) are a few examples of areas being explored.

Several classes of cyberattacks targeting PCSs have been considered [8]. False data injection (FDI) attacks are a class of attacks that are designed to alter the data communicated over the communication links of a PCS. Two types of FDI attacks that have been considered are additive attacks that alter data by adding a factor to the data being communicated [3] and multiplicative attacks that alter data by multiplying a factor to the data [4], [5]. Compared to additive FDI attacks, multiplicative FDI attacks may require minimal process knowledge to alter process operations, while evading detection [10].

Cyberattack detection schemes may be broadly classified as either passive or active detection schemes. Passive detection schemes monitor a PCS for attacks based on regular operational data [3]. Residual-based detection schemes are commonly used anomaly detection schemes for process monitoring [9] that have been employed for detecting cyberattacks [3], [10]. Residual-based detection schemes detect an attack if an anomaly is observed in residual values (defined as the difference between the measured output and its expected value). Because they monitor processes based on regular operational data, residual-based detection schemes are considered passive schemes. Active detection schemes, on the other hand, actively probe the process for cyberattacks by applying external interventions or perturbations. For example, an active detection method may utilize the addition of a secret watermarking signal to the sensor data or to the actuator data to detect an attack (e.g., [4], [5]).

In this work, a control parameter switching-based active detection methodology that enhances the detection capabilities of a residual-based detection scheme is proposed. The proposed switching-based active detection methodology is motivated by the intrinsic connection between the control parameter selection, the closed-loop stability, and the detectability of an attack with respect to a residual-based detection scheme. To this end, this relationship is rigorously analyzed to identify the set of control parameters (called “attack-sensitive” parameters) under which an attack renders the closed-loop system unstable and can therefore be detected. Extended operation under attack-sensitive parameters, however, may result in undesired performance degradation of the attack-free closed-loop system. To manage the trade-off between attack detection enhancement and closed-loop performance degradation, the proposed active detection methodology utilizes occasional control parameter switching from nominal parameters (chosen based on standard control design criteria) to the attack-sensitive parameters. Control parameter switching may excite the process dynamics, resulting in false alarms. Therefore, a switching condition is developed to minimize false alarms. The proposed active detection methodology is applied to a chemical process example and shown to enhance attack detection capabilities, beyond those achieved by passive detection schemes, while also minimizing false alarms.

References:

[1] T. Miller, A. Staves, S. Maesschalck, M. Sturdee, and B. Green, “Looking back to look forward: Lessons learnt from cyber-attacks on industrial control systems,” International Journal of Critical Infrastructure Protection, 35:100464, 2021.

[2] H. Oyama and H. Durand, “Integrated cyberattack detection and resilient control strategies using Lyapunov-based economic model predictive control,” AIChE Journal, 66(12):e17084, 2020.

[3] C. Murguia and J. Ruths, “Characterization of a CUSUM model-based sensor attack detector,” In Proceedings of the IEEE 55th Conference on Decision and Control, pp. 1303–1309, Las Vegas, NV, USA, 12-14 December 2016.

[4] T. Huang, B. Satchidanandan, P. R. Kumar, and L. Xie, “An online detection framework for cyber attacks on automatic generation control,” IEEE Transactions on Power Systems, 33:6816–6827, 2018.

[5] G. Na and Y. Eun, “A multiplicative coordinated stealthy attack and its detection for cyber physical systems”, In Proceedings of the IEEE Conference on Control Technology and Applications, pp. 1698–1703, Copenhagen, Denmark, 21-24 August 2018.

[6] M. Kordestani and M. Saif, “Observer-based attack detection and mitigation for cyberphysical systems: A review,” IEEE Systems, Man, and Cybernetics Magazine, 7(2):35–60, 2021.

[7] Zedan, A. and N. H. El-Farra, “A machine-learning approach for identification and mitigation of cyberattacks in networked process control systems,” Chemical Engineering Research and Design, 176: 102-115, 2021.

[8] C. Xenofontos, I. Zografopoulos, C. Konstantinou, A. Jolfaei, Muhammad K. Khan, and K. K. R. Choo, “Consumer, commercial, and industrial IoT (In)security: Attack taxonomy and case studies,” IEEE Internet of Things Journal, 9:199–221, 2022.

[9] M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki, “Diagnosis and Fault-Tolerant Control,” Springer-Verlag Berlin Heidelberg, 2003.

[10] S. Narasimhan, N. H. El-Farra, and M. J. Ellis, “Detectability-based controller design screening for processes under multiplicative cyberattacks,” AIChE Journal, 68:e17430, 2022.