TY - JOUR
T1 - Learning-Based Simultaneous Detection and Characterization of Time Delay Attack in Cyber-Physical Systems
AU - Ganesh, Prakhar
AU - Lou, Xin
AU - Chen, Yao
AU - Tan, Rui
AU - Yau, David K.Y.
AU - Chen, Deming
AU - Winslett, Marianne
N1 - Funding Information:
Manuscript received February 14, 2020; revised July 22, 2020 and November 20, 2020; accepted January 13, 2021. Date of publication February 11, 2021; date of current version June 21, 2021. This work was supported in part by the National Research Foundation, Prime Minister’s Office, Singapore, under its Campus for Research Excellence and Technological Enterprise (CREATE) Programme; in part by the National Research Foundation, Singapore, and the Energy Market Authority, under its Energy Programme (EP) under Award NRF2017EWT-EP003-061; and in part by National Priority Research Program (NPRP) from the Qatar National Research Fund (a member of Qatar Foundation) under Grant NPRP10-0208-170408. Paper no. TSG-00223-2020. (Corresponding author: Xin Lou.) Prakhar Ganesh, Xin Lou, and Yao Chen are with Advanced Digital Sciences Center, Illinois at Singapore, Singapore (e-mail: prakhar.g@ adsc-create.edu.sg; [email protected]; [email protected]).
Publisher Copyright:
© 2010-2012 IEEE.
PY - 2021/7
Y1 - 2021/7
N2 - Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.
AB - Control and communication technologies are key building blocks of cyber-physical systems (CPSes) that can improve the efficiency of the physical processes. However, they also make a CPS vulnerable to cyberattacks that can cause disruptions or even severe damage. This article focuses on one particular type of CPS cyberattack, namely the time delay attack (TDA), which exploits vulnerabilities in the communication channels to cause potentially serious harm to the system. Much work proposed for TDA detection is tested offline only and under strong assumptions. In order to construct a practical solution to deal with real-world scenarios, we propose a deep learning-based method to detect and characterize TDA. Specifically, we design a hierarchical long short-term memory model to process raw data streams from relevant CPS sensors online and continually monitor embedded signals in the data to detect and characterize the attack. Moreover, various strategies of interpreting the outputs of the model are proposed, which allow the user to tune the performance based on different objectives. We evaluate our model on two representative types of CPS, namely power plant control system (PPCS) and automatic generation control (AGC).Code and dataset can be found at: https://github.com/prakharg24/tda For TDA detection, our solution achieves an accuracy of 92% in PPCS, compared with 81% by random forests (RFs) and 72% by k-nearest neighbours (kNNs). For AGC, our solution achieves 98% accuracy, compared with 74% by RFs and 71% by kNNs. It also reduces the mean absolute error in the delay value characterization from about six to two seconds in the PPCS, and from about three seconds to half a second in the AGC, with about 3x to 4x shorter reaction latency in both systems.
KW - Smart grid
KW - attack characterization
KW - attack detection
KW - cyber-physical system
KW - deep learning
KW - time delay attack
UR - http://www.scopus.com/inward/record.url?scp=85101442093&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101442093&partnerID=8YFLogxK
U2 - 10.1109/TSG.2021.3058682
DO - 10.1109/TSG.2021.3058682
M3 - Article
AN - SCOPUS:85101442093
SN - 1949-3053
VL - 12
SP - 3581
EP - 3593
JO - IEEE Transactions on Smart Grid
JF - IEEE Transactions on Smart Grid
IS - 4
M1 - 9352977
ER -