Foundations of a CPS Resilience - January 2020
PI: Xenofon Koutsoukos
HARD PROBLEM(S) ADDRESSED
The goals of this project are to develop the principles and methods for designing and analyzing resilient CPS architectures that deliver required service in the face of compromised components. A fundamental challenge is to understand the basic tenets of CPS resilience and how they can be used in developing resilient architectures. The primary hard problem addressed is resilient architectures. In addition, the work addresses scalability and composability as well as metrics and evaluation.
PUBLICATIONS
[1] Aron Laszka, Waseem Abbas, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. "Detection and mitigation of attacks on transportation networks as a multi stage security game," Computers & Security, Volume 87, Nov. 2019.
[2] Carlos Barreto and Xenofon Koutsoukos. "Design of Load Forecast Systems Resilient Against Cyber-Attacks", 2019 Conference on Decision and Game Theory for Security (GameSec 2019), Stocholm, Sweden, October 30 - November 1, 2019.
[3] Xingyu Zhou, Yi Li, Carlos Barreto, Jiani Li, Peter Volgyesi, Himanshu Neema, and Xenofon Koutsoukos. "Resilient Forecasting of Grid Loads under Stealthy Adversarial Attacks", Resilience Week 2019, San Antonio, TX, November 4-7, 2019.
KEY HIGHLIGHTS
This quarterly report presents two key highlights that demonstrate (1) a game-theoretic model of launching, detecting, and mitigating attacks that tamper with traffic-signal schedules and (2) the vulnerabilities of electricity load forecast systems based on neural networks and defense mechanisms to construct resilient forecasters.
Highlight 1: Detection and mitigation of attacks on transportation networks as a multi stage security game
In recent years, state-of-the-art traffic-control devices have evolved from standalone hardware to net- worked smart devices. Smart traffic control enables operators to decrease traffic congestion and environmental impact by acquiring real-time traffic data and changing traffic signals from fixed to adaptive schedules. However, these capabilities have inadvertently exposed traffic control to a wide range of cyber-attacks, which adversaries can easily mount through wireless networks or even through the Internet. Indeed, recent studies have found that a large number of traffic signals that are deployed in practice suffer from exploitable vulnerabilities, which adversaries may use to take control of the devices. Thanks to the hardware-based failsafes that most devices employ, adversaries cannot cause traffic accidents directly by setting compromised signals to dangerous configurations. Nonetheless, an adversary could cause disastrous traffic congestion by changing the schedule of compromised traffic signals, thereby effectively crippling the transportation network. To provide theoretical foundations for the protection of transportation networks from these attacks, we introduce a game-theoretic model of launching, detecting, and mitigating attacks that tamper with traffic-signal schedules. We show that finding optimal strategies is a computationally challenging problem, and we propose efficient heuristic algorithms for finding near optimal strategies. We also introduce a Gaussian-process based anomaly detector, which can alert operators to ongoing attacks. Finally, we evaluate our algorithms and the proposed detector using numerical experiments based on the SUMO traffic simulator. Our results are reported in [1].
[1] Aron Laszka, Waseem Abbas, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. "Detection and mitigation of attacks on transportation networks as a multi stage security game," Computers & Security, Volume 87, Nov. 2019
Highlight 2: Design of Load Forecast Systems Resilient Against Cyber-Attacks
Load forecast systems play a fundamental role the operation in power systems, because they reduce uncertainties about the system's future operation. An increasing demand for precise forecasts motivates the design of complex models that use information from different sources, such as smart appliances. However, untrusted sources can introduce vulnerabilities in the system. For example, an adversary may compromise the sensor measurements to induce errors in the forecast. In this work, we assess the vulnerabilities of load forecast systems based on neural networks and propose a defense mechanism to construct resilient forecasters. We model the strategic interaction between a defender and an attacker as a Stackelberg game, where the defender decides first the prediction scheme and the attacker chooses afterwards its attack strategy. Here, the defender selects randomly the sensor measurements to use in the forecast, while the adversary calculates a bias to inject in some sensors. We find an approximate equilibrium of the game and implement the defense mechanism using an ensemble of predictors, which introduces uncertainties that mitigate the attack's impact. We evaluate our defense approach training forecasters using data from an electric distribution system simulated in GridLAB-D. Our results are reported in [2].
[2] Carlos Barreto and Xenofon Koutsoukos. "Design of Load Forecast Systems Resilient Against Cyber-Attacks", 2019 Conference on Decision and Game Theory for Security (GameSec 2019), Stocholm, Sweden, October 30 - November 1, 2019.
COMMUNITY ENGAGEMENTS
Our research was presented in the 2019 Conference on Decision and Game Theory for Security (GameSec 2019) and also in Resilience Week 2019.