Vulnerability Analysis of Cyber-Physical Systems

Abstract

<p>Cyber-physical systems (CPS) consist of computing and physical components, such as sensors, actuators, and processors, and these components communicate through network to control and monitor the physical processes. Although many cyber-physical systems (CPS) operate in safety critical scenarios and the heterogeneous component connectivity provides numerous possible points of attack, most of existing systems are only weakly protected by legacy components, such as intrusion detectors. On the other hand, security-aware resource allocation can significantly reduce the security-related overhead and thus system cost; where the idea is to focus on protecting the critical system components and communication links, which if compromised could significantly degrade system performance. Yet, to achieve this, we need methods to analyze system vulnerability, in terms of performance degradation under attack, for different types of attacks especially the ones that are potentially stealthy to the deployed intrusion detection mechanisms. In this dissertation, we analyze the vulnerability cyber-physical systems modeled by a control system to adversarial attacks. The contribution of the thesis is fivefold. First, the vulnerability of systems with linear time invariant (LTI) model subject to bounded noise is analyzed. For such systems, we also show how performance guarantees can be achieved when the system is equipped to intermittent data authentication. Second, for a nonlinear dynamical system equipped with extended Kalman filter and Chi-square ID, we leverage machine learning methods and develop learning-enabled attack generators capable of designing stealthy attacks that maximally degrade system operation. We show how such problem can be cast within a learning-based grey-box framework where only parts of the run-time information are known to the attacker. Third, we study performance of perception-based cyber-physical systems in the presence of attacks and provide methods for modeling and analysis of their vulnerability to stealthy attacks on both physical and perception-based sensing. Here, we define the notion stealthiness which is independent of the deployed ID and we provide the condition for which the system will be vulnerable to such stealthy yet impactful attacks. Fourth, we focus on analyzing vulnerability of general nonlinear dynamical control systems to stealthy false data injection attack on sensors. We use a similar notion of stealthiness as in the third contribution where the attack is considered to be stealthy if it undetected from any existing ID. We show that even for such strong notion of stealthiness, there are a large class of systems that are vulnerable to these stealthy effective attacks. Finally, we consider stealthy perception-based attacks on unmanned aerial vehicles. Specifically, we introduce a method to consistently attack both the sensor measurements and camera images over time, in order to cause control performance degradation (e.g., by failing the mission) while remaining stealthy (i.e., undetected by the deployed anomaly detector). We show that stealthy, yet effective attacks can be designed by changing images of the ground vehicle’s landing markers as well as suitably falsifying sensing data. We illustrate the effectiveness of our attacks in Gazebo 3D robotics simulator.</p>