Biblio

The proliferation of artificial intelligence based systems in all walks of life raises concerns about their safety and robustness, especially for cyber-physical systems including multiple machine learning components. In this paper, we introduce robustness contracts as a framework for compositional specification and reasoning about the robustness of cyber-physical systems based on neural network (NN) components. Robustness contracts can encompass and generalize a variety of notions of robustness which were previously proposed in the literature. They can seamlessly apply to NN-based perception as well as deep reinforcement learning (RL)-enabled control applications. We present a sound and complete algorithm that can efficiently verify the satisfaction of a class of robustness contracts on NNs by leveraging notions from Lagrangian duality to identify system configurations that violate the contracts. We illustrate the effectiveness of our approach on the verification of NN-based perception systems and deep RL-based control systems.

Sybils are users created for carrying out nefarious actions in online social networks (OSNs) and threaten the security of OSNs. Therefore, Sybil detection is an urgent security task, and various detection methods have been proposed. Existing Sybil detection methods are based on the relationship (i.e., graph structure) of users in OSNs. Structure-based methods can be classified into two categories: Random Walk (RW)-based and Belief Propagation (BP)-based. However, although almost all methods have been experimentally evaluated in terms of their performance and robustness to noise, the theoretical understanding of them is insufficient. In this paper, we interpret the Sybil detection problem from the viewpoint of graph signal processing and provide a framework to formulate RW- and BPbased methods as low-pass filtering. This framework enables us to theoretically compare RW- and BP-based methods and explain why BP-based methods perform well for scale-free graphs, unlike RW-based methods. Furthermore, by this framework, we relate RW- and BP-based methods and Graph Neural Networks (GNNs) and discuss the difference among these methods. Finally, we evaluate the validity of this framework through numerical experiments.

The Controller Area Network (CAN), a broadcasting bus for intra-vehicle communication, does not provide any security mechanisms, although it is implemented in almost every vehicle. Attackers can exploit this issue, transmit malicious messages unnoticeably and cause severe harm. As the utilization of Message Authentication Codes (MACs) is only possible to a limited extent in resource-constrained systems, the focus is put on the development of Intrusion Detection Systems (IDSs). Due to their simple idea of operation, current developments are increasingly utilizing physical signal properties like voltages to realize these systems. Although the feasibility for CAN-based networks could be demonstrated, the least approaches consider the constrained resource-availability of vehicular hardware. To close this gap, we present Voltage-Based Lightweight Intrusion Detection (VALID), which provides physics-based intrusion detection with low resource requirements. By utilizing solely the individual voltage levels on the network during communication, the system detects unauthorized message transmissions without any sophisticated sampling approaches and feature calculations. Having performed evaluations on data from two real vehicles, we show that VALID is not only able to detect intrusions with an accuracy of 99.54 %, but additionally is capable of identifying the attack source reliably. These properties make VALID one of the most lightweight intrusion detection approaches that is ready-to-use, as it can be easily implemented on hardware already installed in vehicles and does not require any further components. Additionally, this allows existing platforms to be retrofitted and vehicular security systems to be improved and extended.

The coupling of safety-relevant embedded- and cyber-space components to build Cyber-Physical Systems (CPS) extends the functionality and quality in many business domains, while also creating new ones. Prime examples like Internet of Things and Industry 4.0 enable new technologies and extend the service capabilities of physical entities by building a universe of connected devices. In addition to higher complexity, the coupling of these heterogeneous systems results in many new challenges, which should be addressed by engineers and administrators. Here, security represents a major challenge, which may be well addressed in cyber-space engineering, but less in embedded system or CPS design. Although model-based engineering provides significant benefits for system architects, like reducing complexity and automated analysis, as well as being considered as standard methodology in embedded systems design, the aspect of security may not have had a major role in traditional engineering concepts. Especially the characteristics of CPS, as well as the coupling of safety-relevant (physical) components with high-scalable entities of the cyber-space domain have an enormous impact on the overall level of security, based on the introduced side effects and uncertainties. Therefore, we aim to define a model-based security-engineering framework, which is tailored to the needs of CPS engineers. Hereby, we focus on the actual modeling process, the evaluation of security, as well as quantitatively expressing security of a deployed CPS. Overall and in contrast to other approaches, we shift the engineering concepts on a semantic level, which allows to address the proposed challenges in CPS in the most efficient way.

We focus on resilience towards covert attacks on Cyber-Physical Systems (CPS). We define the new k-steerability and l-monitorability control-theoretic concepts. k-steerability reflects the ability to act on every individual plant state variable with at least k different groups of functionally diverse input signals. l-monitorability indicates the ability to monitor every individual plant state variable with £ different groups of functionally diverse output signals. A CPS with k-steerability and l-monitorability is said to be (k, l)-resilient. k and l, when both greater than one, provide the capability to mitigate the impact of covert attacks when some signals, but not all, are compromised. We analyze the influence of k and l on the resilience of a system and the ability to recover its state when attacks are perpetrated. We argue that the values of k and l can be augmented by combining redundancy and diversity in hardware and software techniques that apply the moving target paradigm.

Malicious login, especially lateral movement, has been a primary and costly threat for enterprises. However, there exist two critical challenges in the existing methods. Specifically, they heavily rely on a limited number of predefined rules and features. When the attack patterns change, security experts must manually design new ones. Besides, they cannot explore the attributes' mutual effect specific to login operations. We propose MLTracer, a graph neural network (GNN) based system for detecting such attacks. It has two core components to tackle the previous challenges. First, MLTracer adopts a novel method to differentiate crucial attributes of login operations from the rest without experts' designated features. Second, MLTracer leverages a GNN model to detect malicious logins. The model involves a convolutional neural network (CNN) to explore attributes of login operations, and a co-attention mechanism to mutually improve the representations (vectors) of login attributes through learning their login-specific relation. We implement an evaluation of such an approach. The results demonstrate that MLTracer significantly outperforms state-of-the-art methods. Moreover, MLTracer effectively detects various attack scenarios with a remarkably low false positive rate (FPR).

The importance of Cyber-Physical Systems (CPS) gains more and more weight in our daily business and private life. Although CPS build the backbone for major trends, like Industry 4.0 and connected vehicles, they also propose many new challenges. One major challenge can be found in achieving a high level of security within such highly connected environments, in which an unpredictable number of heterogeneous systems with often-distinctive characteristics interact with each other. In order to develop high-level security solutions, system designers must eventually know the current level of security of their specification. To this end, security metrics and scoring frameworks are essential, as they quantitatively express security of a given design or system. However, existing solutions may not be able to handle the proposed challenges of CPS, as they mainly focus on one particular system and one specific attack. Therefore, we aim to elaborate a security scoring mechanism, which can efficiently be used in CPS, while considering all essential information. We break down each system within the CPS into its core functional blocks and analyze a variety of attacks in terms of exploitability, scalability of attacks, as well as potential harm to targeted assets. With this approach, we get an overall assessment of security for the whole CPS, as it integrates the security-state of all interacting systems. This allows handling the presented complexity in CPS in a more efficient way, than existing solutions.

This paper studies the data-driven stealthy actuator attack against cyber-physical systems. The objective of the attacker is to add a certain bias to the output while keeping the detection rate of the χ2 detector less than a certain value. With the historical input and output data, the parameters of the system are estimated and the attack signal is the solution of a convex optimization problem constructed with the estimated parameters. The extension to the case of arbitrary detectors is also discussed. A numerical example is given to verify the effectiveness of the attack.

In this article, the security problem in cyber-physical systems (CPSs) against denial-of-service (DoS) attacks is studied from the perspectives of the designs of communication topology and distributed controller. To resist the DoS attacks, a new construction algorithm of the k-connected communication topology is developed based on the proposed necessary and sufficient criteria of the k-connected graph. Furthermore, combined with the k-connected topology, a distributed event-triggered controller is designed to guarantee the consensus of CPSs under mode-switching DoS (MSDoS) attacks. Different from the existing distributed control schemes, a new technology, that is, the extended Laplacian matrix method, is combined to design the distributed controller independent on the knowledge and the dwell time of DoS attack modes. Finally, the simulation example illustrates the superiority and effectiveness of the proposed construction algorithm and a distributed control scheme.

For hours-ahead assessment of power systems with a high penetration level of renewable generation, a large number of uncertain scenarios should be checked to ensure the frequency security of the system after the severe power disturbance following HVDC blocking. In this situation, the full time-domain simulation is unsuitable as a result of the heavy calculation burden. To fulfill the quick assessment of the frequency security, the online frequency security assessment framework based on deep learning is proposed in this paper. The Deep Belief Network (DBN) method is used to establish the framework. The sample generation method is researched to generate representative samples for the purposed of higher assessment accuracy. A large-scale AC-DC interconnected power grid is adopted to verify the validity of the proposed assessment method.

The Controller Area Network (CAN) bus system works inside connected cars as a central system for communication between electronic control units (ECUs). Despite its central importance, the CAN does not support an authentication mechanism, i.e., CAN messages are broadcast without basic security features. As a result, it is easy for attackers to launch attacks at the CAN bus network system. Attackers can compromise the CAN bus system in several ways: denial of service, fuzzing, spoofing, etc. It is imperative to devise methodologies to protect modern cars against the aforementioned attacks. In this paper, we propose a Long Short-Term Memory (LSTM)-based Intrusion Detection System (IDS) to detect and mitigate the CAN bus network attacks. We first inject attacks at the CAN bus system in a car that we have at our disposal to generate the attack dataset, which we use to test and train our model. Our results demonstrate that our classifier is efficient in detecting the CAN attacks. We achieved a detection accuracy of 99.9949%.

Cyber-physical systems (CPS) maintain operation, reliability, and safety performance using state estimation and control methods. Internet connectivity and Internet of Things (IoT) devices are integrated with CPS, such as in smart grids. This integration of Operational Technology (OT) and Information Technology (IT) brings with it challenges for state estimation and exposure to cyber-threats. This research establishes a state estimation baseline, details the integration of IT, evaluates the vulnerabilities, and develops an approach for detecting and responding to cyber-attack data injections. Where other approaches focus on integration of IT cyber-controls, this research focuses on development of classification tools using data currently available in state estimation methods to quantitatively determine the presence of cyber-attack data. The tools may increase computational requirements but provide methods which can be integrated with existing state estimation methods and provide for future research in state estimation based cyber-attack incident response. A robust cyber-resilient CPS includes the ability to detect and classify a cyber-attack, determine the true system state, and respond to the cyber-attack. The purpose of this paper is to establish a means for a cyber aware state estimator given the existence of sub-erroneous outlier detection, cyber-attack data weighting, cyber-attack data classification, and state estimation cyber detection.

This paper is related to dissemination and exploitation of the InFoCPS PhD research project: Failure of Cyber-Physical Systems (CPS) may cause extensive damage. Safety standards emphasize the use of formal analysis in CPS development processes. Performance degradation assessment and estimation of lifetime of energy storage (electric batteries) are vital in supporting maintenance decisions and guaranteeing CPS reliability. Existing formal analysis techniques mainly focus on specifying energy constraints in simplified manners and checking whether systems operate within given energy bounds. Leading to overlooked energy features that impede development of trustworthy CPS. Prognostics and health management (PHM) estimate energy uncertainty and predict remaining life of systems. We aim to utilize PHM techniques to rigorously model dynamic energy behaviors; resulting models are amenable to formal analysis. This project will increase the degree of maintenance of CPS while (non)-functional requirements are preserved correctly.

This paper examines the influence of quantization on the compressive sensing theory applied to the nonuniformly sampled nonsparse signals with reduced set of randomly positioned measurements. The error of the reconstruction will be generalized to exact expected squared error expression. The aim is to connect the generalized random sampling strategy with the quantization effect, finding the resulting error of the reconstruction. Small sampling deviations correspond to the imprecisions of the sampling strategy, while completely random sampling schemes causes large sampling deviations. Numerical examples provide an agreement between the statistical results and theoretical values.

The automotive Controller Area Network (CAN) allows Electronic Control Units (ECUs) to communicate with each other and control various vehicular functions such as engine and braking control. Consequently CAN and ECUs are high priority targets for hackers. As CAN implementation details are held as proprietary information by vehicle manufacturers, it can be challenging to decode and correlate CAN messages to specific vehicle operations. To understand the precise meanings of CAN messages, reverse engineering techniques that are time-consuming, manually intensive, and require a physical vehicle are typically used. This work aims to address the process of reverse engineering CAN messages for their functionality by creating a machine learning classifier that analyzes messages and determines their relationship to other messages and vehicular functions. Our work examines CAN traffic of different vehicles and standards to show that it can be applied to a wide arrangement of vehicles. The results show that the function of CAN messages can be determined without the need to manually reverse engineer a physical vehicle.

The usage of connected devices and their role within our daily- and business life gains more and more impact. In addition, various derivations of Cyber-Physical Systems (CPS) reach new business fields, like smart healthcare or Industry 4.0. Although these systems do bring many advantages for users by extending the overall functionality of existing systems, they come with several challenges, especially for system engineers and architects. One key challenge consists in achieving a sufficiently high level of security within the CPS environment, as sensitive data or safety-critical functions are often integral parts of CPS. Being system of systems (SoS), CPS complexity, unpredictability and heterogeneity complicate analyzing the overall level of security, as well as providing a way to detect ongoing attacks. Usually, security metrics and frameworks provide an effective tool to measure the level of security of a given component or system. Although several comprehensive surveys exist, an assessment of the effectiveness of the existing solutions for CPS environments is insufficiently investigated in literature. In this work, we address this gap by benchmarking a carefully selected variety of existing security metrics in terms of their usability for CPS. Accordingly, we pinpoint critical CPS challenges and qualitatively assess the effectiveness of the existing metrics for CPS systems.

The emergence of Industrial Cyber-Physical Systems (ICPS) in today's business world is still steadily progressing to new dimensions. Although they bring many new advantages to business processes and enable automation and a wider range of service capability, they also propose a variety of new challenges. One major challenge, which is introduced by such System-of-Systems (SoS), lies in the security aspect. As security may not have had that significant role in traditional embedded system engineering, a generic way to measure the level of security within an ICPS would provide a significant benefit for system engineers and involved stakeholders. Even though many security metrics and frameworks exist, most of them insufficiently consider an SoS context and the challenges of such environments. Therefore, we aim to define a security metric for ICPS, which measures the level of security during the system design, tests, and integration as well as at runtime. For this, we try to focus on a semantic point of view, which on one hand has not been considered in security metric definitions yet, and on the other hand allows us to handle the complexity of SoS architectures. Furthermore, our approach allows combining the critical characteristics of an ICPS, like uncertainty, required reliability, multi-criticality and safety aspects.

The papers in this special section focus on network science for high confidence cyber-physical systems (CPS) Here CPS refers to the engineered systems that can seamlessly integrate the physical world with the cyber world via advanced computation and communication capabilities. To enable high-confidence CPS for achieving better benefits as well as supporting emerging applications, network science-based theories and methodologies are needed to cope with the ever-growing complexity of smart CPS, to predict the system behaviors, and to model the deep inter-dependencies among CPS and the natural world. The major objective of this special section is to exploit various network science techniques such as modeling, analysis, mining, visualization, and optimization to advance the science of supporting high-confidence CPS for greater assurances of security, safety, scalability, efficiency, and reliability. These papers bring a timely and important research topic. The challenges and opportunities of applying network science approaches to high-confidence CPS are profound and far-reaching.

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of smart and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are attractive targets for security attackers. Hence, with their integration into both the industry and consumer devices, they added a new surface for cybersecurity attacks. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. The design of secure systems is a complex task, especially if they must adhere to other constraints, such as performance, power consumption, and others. A range of design space exploration tools have been proposed in academics, which aim to support system designers in their task of finding the optimal selection of hardware components and task mappings. Said tools offer a limited way of modeling attack scenarios as constraints for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early design phase. It offers designers to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and security risk. The framework's feasibility and performance is demonstrated by revisiting a potential system design of an industry partner.

For cyber-physical systems (CPS), ensuring process and data security is critically important since the corresponding infrastructure needs to have high operational efficiency with no downtime. There are many techniques available that make communications in CPS environments secure - such as enabling traffic encryption between sensors and the computers processing the sensor's data, incorporating message authentication codes to achieve integrity, etc. However, most of these techniques are dependent on some form of symmetric or asymmetric cryptographic algorithms like AES and RSA. These algorithms are under threat because of the emerging quantum computing paradigm: with quantum computing, these encryption algorithms can be potentially broken. It is therefore desirable to explore the use of quantum cryptography - which cannot be broken by quantum computing - for securing the classical communications infrastructure deployed in CPS. In this paper, we discuss possible consequences of this option. We also explain how quantum computers can help even more: namely, they can be used to maximize the system's security where scalability is never a constraint, and to ensure we are not wasting time cycles on communicating and processing irrelevant information.

Compressive sensing (CS) is regarded as one of the promising solutions for IoT data encryption as it achieves simultaneous sampling, compression, and encryption. Theoretical work in the literature has proved that CS provides computational secrecy. It also provides asymptotic perfect secrecy for Gaussian sensing matrix with constraints on input signal. In this paper, we design an attack decoding algorithm based on block compressed sensing decoding algorithm to perform ciphertext-only attack on real-life time series IoT data. It shows that it is possible to retrieve vital information in the plaintext under some conditions. Furthermore, it is also applied to a State-of-the Art CS-based encryption scheme for smart grid, and the power profile is reconstructed using ciphertext-only attack. Additionally, the statistical analysis of Gaussian and Binomial measurements is conducted to investigate the randomness provided by them.

This paper proposes a Time Difference of Arrival (TDoA) based method for the localization of Radio Frequency (RF) emitters working at different carriers, by using wideband spectrum sensors exploiting compressive sampling. The proposed measurement method is based on four or more RF receivers, with known Cartesian positions, performing non uniform sampling on the received signal. By means of simulations, the method has been compared against a localization method adopting RF receivers performing uniform sampling at Nyquist rate. The obtained preliminary results demonstrate that the method is capable of localizing two RF emitters achieving the same results obtained with uniform sampling, with a compression ratio up to CR = 20.

In recent years, attacks against cyber-physical systems have become increasingly frequent and widespread. The inventiveness of such attacks increases significantly. In particular, zero-day attacks are widely used. The rapid development of the industrial Internet of things, the expansion of the application areas of service robots, the advent of the Internet of vehicles and the Internet of military things have led to a significant increase of attention to deceptive attacks. Especially great threat is posed by deceptive attacks that do not use hiding malicious components. Such attacks can naturally be used against robotic systems. In this paper, we consider an approach to the development of an intrusion detection system for closed-loop robotic systems. The system is based on an abnormal behavioral pattern detection technique. The system can be used for detection of zero-day deceptive attacks. We provide an experimental comparison of our approach and other behavior-based intrusion detection systems.

The autonomy of intelligent systems and their safety rely on their ability for local decision making based on collected environmental information. This is even more for cyber-physical systems running safety critical activities. While this intelligence is partial and fragmented, and cognitive techniques are of limited maturity, the decision function must produce results whose validity and scope must be weighted in light of the underlying assumptions, unavoidable uncertainty and hypothetical safety limitation. Besides the cognitive techniques dependability, it is about the assurance level of the decision self-making. Beyond the pure decision-making capabilities of the autonomous intelligent system, we need techniques that guarantee the system assurance required for the intended use. Security mechanisms for cognitive systems may be consequently tightly intricated. We propose a trustworthiness module which is part of the system and its resulting safety. In this paper, we briefly review the state of the art regarding the dependability of cognitive techniques, the assurance level definition in this context, and related engineering practices. We elaborate regarding the design of autonomous intelligent systems safety, then we discuss its security design and approaches for the mitigation of safety violations by the cognitive functions.

Cyber-physical systems (CPS) can benefit by the use of learning enabled components (LECs) such as deep neural networks (DNNs) for perception and decision making tasks. However, DNNs are typically non-transparent making reasoning about their predictions very difficult, and hence their application to safety-critical systems is very challenging. LECs could be integrated easier into CPS if their predictions could be complemented with a confidence measure that quantifies how much we trust their output. The paper presents an approach for computing confidence bounds based on Inductive Conformal Prediction (ICP). We train a Triplet Network architecture to learn representations of the input data that can be used to estimate the similarity between test examples and examples in the training data set. Then, these representations are used to estimate the confidence of set predictions from a classifier that is based on the neural network architecture used in the triplet. The approach is evaluated using a robotic navigation benchmark and the results show that we can computed trusted confidence bounds efficiently in real-time.