Adaptive Commensurate Response to Protect Cyber-Physical Systems

A team of researchers from Texas A&M University had worked on security issues in cyber-physical systems (such as smart grid, water treatment, building automation networks), and IoT.

As a result of their studies, they looked at cyber-physical systems, and found that current CPS protocols and applications “allow significant changes to a system to take place within a short time or small network footprint which may not be identified by the Intrusion Detection Systems or Anomaly Detectors.” This allows exploit by attacks, and can cause a “great impact” on the physical systems.

One of the researchers, Zhiyuan Zheng, said: “For example, a single message from a controller may reset the temperature control of entire buildings. Similarly, a small burst of malicious actuation messages over a CAN bus in an automotive cruise control setting can cause the vehicle to operate at dangerous speed.”

In this case, an adversary can leverage the inherent asymmetry between small effort and costly consequence to launch attacks that are either difficult to detect or difficult to counter in real time.

“The adversary can mount a small-footprint attack (i.e., with a very small number of commands so that it cannot be discerned from nominal network traffic) that gives rise to difficult-to-detect anomalous behavior that in turn can cause a significant impact.”

This led Zheng and his PhD advisors to determine Commensurate Response (CR) as the proposed technique to narrow down the asymmetry between the cost of attacks and their impact, by enforcing command footprints to be commensurate with their impact on the system.

“Such impact is measured by the change of the setpoint (change-driven CR) or the distance between the system operating state and the critical state (criticality-driven CR),” he said. 

So what exactly is change-driven CR? The researchers explained that risk exposure is measured in terms of the degree at which an issued command changes the plant operating setpoint, and for commands with a drastic change in setpoint, change-driven CR requires a longer response time for the plant to reach the setpoint, or the sender needs to issue multiple requests with smaller setpoint change.

“Given that an attacker may be masquerading as operator, large changes to the operating setpoint must be treated with suspicion, and thus the system response latency has to be temporarily increased to allow for defensive measures to react.”

In an example that the researchers gave of change-driven CR, they said that instead of a single message to increase the room temperature by 20 Celsius degree within one minute, attackers would now need to send 20 consistent messages or wait several minutes before reaching the setpoint. “The additional footprints would greatly help the IDS to identify suspicious activities.”

Another solution is ‘criticality-driven CR’, which monitors the system state and measures risk exposure as the distance of the real-time operating point to the critical point. “As the plant approaches a critical point, the CR module gradually tunes the system dynamics to prevent the plant from reaching the critical point.”

The researchers said that in both cases, CR improves the system resilience and survivability while guaranteeing the QoS (quality-of-service) and without affecting normal operations. 

Counter Two Type of attacks
In their research paper published at the IEEE Conference on Communications and Network Security, they analyzed how CR can be used to counter both “setpoint attacks” and “actuation attacks”. A detailed case study was also provided on an automobile cruise control system to demonstrate the effectiveness of CR. "CR can effectively improve the system resilience and attack survivability and facilitate other defense mechanisms such as firewalls and IDS to better protect CPS."

Zhiyuan Zheng is a Software Engineer at Pinterest. He holds a Ph.D. in Computer Engineering from Texas A&M University. His areas of expertise include Network Security, Machine Learning and Ads. He has published a number of top research papers to protect Cyber-Physical Systems (CPSs) against cyber-attacks. Recently he joined Pinterest to apply his Machine Learning knowledge to Pinterest Ads. He works on developing new ML pCTR models, relevance models, and conducts high impact projects in ads retrieval and targeting.

What’s Hot on Infosecurity Magazine?