Combining switching mechanism with re-initialization and anomaly detection for resiliency of cyber–physical systems

IF 4.8 2区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

Automatica Pub Date : 2024-11-20 DOI:10.1016/j.automatica.2024.111994

Hao Fu, Prashanth Krishnamurthy, Farshad Khorrami

{"title":"Combining switching mechanism with re-initialization and anomaly detection for resiliency of cyber–physical systems","authors":"Hao Fu, Prashanth Krishnamurthy, Farshad Khorrami","doi":"10.1016/j.automatica.2024.111994","DOIUrl":null,"url":null,"abstract":"<div><div>Cyber–physical systems (CPS) play a pivotal role in numerous critical real-world applications that have stringent requirements for safety. To enhance the CPS resiliency against attacks, redundancy can be integrated in real-time controller implementations by designing strategies that switch among multiple controllers. However, existing switching strategies typically overlook remediation measures for compromised controllers, opting instead to simply exclude them. Such a solution reduces the CPS redundancy since only a subset of controllers are used. To address this gap, this work proposes a multi-controller switching strategy with periodic re-initialization to remove attacks. Controllers that finish re-initialization can be reused by the switching strategy, preserving the CPS redundancy and resiliency. The proposed switching strategy is designed to ensure that at each switching moment, a controller that has just completed re-initialization is available, minimizing the likelihood of compromise. Additionally, the controller’s working period decreases with the number of involved controllers, reducing the controller’s exposure time to attacks. An anomaly detector is used to detect CPS attacks during the controller’s working period. Upon alarm activation, the current control signal is set to a predefined value, and a switch to an alternative controller occurs at the earliest switching moment. Our switching strategy is shown to be still effective even if the anomaly detector fails to detect (stealthy) attacks. The efficacy of our strategy is analyzed through three derived conditions under a proposed integrated attack-defense model for mean-square boundedness of the CPS states. Simulation results on a third-order system and a single-machine infinite-bus (SMIB) system confirm that our approach significantly bolsters CPS resiliency by leveraging the advantages of re-initialization, anomaly detection, and switching mechanisms.</div></div>","PeriodicalId":55413,"journal":{"name":"Automatica","volume":"172 ","pages":"Article 111994"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automatica","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0005109824004886","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber–physical systems (CPS) play a pivotal role in numerous critical real-world applications that have stringent requirements for safety. To enhance the CPS resiliency against attacks, redundancy can be integrated in real-time controller implementations by designing strategies that switch among multiple controllers. However, existing switching strategies typically overlook remediation measures for compromised controllers, opting instead to simply exclude them. Such a solution reduces the CPS redundancy since only a subset of controllers are used. To address this gap, this work proposes a multi-controller switching strategy with periodic re-initialization to remove attacks. Controllers that finish re-initialization can be reused by the switching strategy, preserving the CPS redundancy and resiliency. The proposed switching strategy is designed to ensure that at each switching moment, a controller that has just completed re-initialization is available, minimizing the likelihood of compromise. Additionally, the controller’s working period decreases with the number of involved controllers, reducing the controller’s exposure time to attacks. An anomaly detector is used to detect CPS attacks during the controller’s working period. Upon alarm activation, the current control signal is set to a predefined value, and a switch to an alternative controller occurs at the earliest switching moment. Our switching strategy is shown to be still effective even if the anomaly detector fails to detect (stealthy) attacks. The efficacy of our strategy is analyzed through three derived conditions under a proposed integrated attack-defense model for mean-square boundedness of the CPS states. Simulation results on a third-order system and a single-machine infinite-bus (SMIB) system confirm that our approach significantly bolsters CPS resiliency by leveraging the advantages of re-initialization, anomaly detection, and switching mechanisms.

查看原文本刊更多论文

将切换机制与重新初始化和异常检测相结合，提高网络物理系统的复原力

网络物理系统（CPS）在现实世界众多对安全性有严格要求的关键应用中发挥着举足轻重的作用。为增强 CPS 抵御攻击的能力，可通过设计在多个控制器间切换的策略，将冗余集成到实时控制器实施中。然而，现有的切换策略通常会忽略对受攻击控制器的补救措施，而只是将其排除在外。这种解决方案降低了 CPS 的冗余度，因为只使用了控制器的子集。为弥补这一不足，本研究提出了一种多控制器切换策略，通过定期重新初始化来消除攻击。完成重新初始化的控制器可通过切换策略重新使用，从而保持 CPS 的冗余性和弹性。所提出的切换策略旨在确保在每个切换时刻，都有一个刚刚完成重新初始化的控制器可用，从而最大限度地降低受到攻击的可能性。此外，控制器的工作周期会随着参与控制器数量的增加而缩短，从而减少控制器遭受攻击的时间。异常检测器用于在控制器工作期间检测 CPS 攻击。警报激活后，当前控制信号会被设置为预定值，并在最早的切换时刻切换到替代控制器。即使异常检测器无法检测到（隐蔽的）攻击，我们的切换策略仍然有效。在针对 CPS 状态均方有界性提出的综合攻击防御模型下，我们通过三个推导条件分析了我们策略的有效性。在三阶系统和单机无限总线（SMIB）系统上的仿真结果证实，我们的方法利用了重新初始化、异常检测和切换机制的优势，大大增强了 CPS 的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Automatica 工程技术-工程：电子与电气

CiteScore

10.70

自引率

7.80%

发文量

617

审稿时长

5 months

期刊介绍： Automatica is a leading archival publication in the field of systems and control. The field encompasses today a broad set of areas and topics, and is thriving not only within itself but also in terms of its impact on other fields, such as communications, computers, biology, energy and economics. Since its inception in 1963, Automatica has kept abreast with the evolution of the field over the years, and has emerged as a leading publication driving the trends in the field. After being founded in 1963, Automatica became a journal of the International Federation of Automatic Control (IFAC) in 1969. It features a characteristic blend of theoretical and applied papers of archival, lasting value, reporting cutting edge research results by authors across the globe. It features articles in distinct categories, including regular, brief and survey papers, technical communiqués, correspondence items, as well as reviews on published books of interest to the readership. It occasionally publishes special issues on emerging new topics or established mature topics of interest to a broad audience. Automatica solicits original high-quality contributions in all the categories listed above, and in all areas of systems and control interpreted in a broad sense and evolving constantly. They may be submitted directly to a subject editor or to the Editor-in-Chief if not sure about the subject area. Editorial procedures in place assure careful, fair, and prompt handling of all submitted articles. Accepted papers appear in the journal in the shortest time feasible given production time constraints.