# A Moving Target Defense for Securing Cyber-Physical Systems

**Authors:** Paul Griffioen, Sean Weerakkody, and Bruno Sinopoli

arXiv: 1902.01423 · 2020-08-21

## TL;DR

This paper proposes and analyzes multiple moving target defense strategies that introduce stochastic, time-varying parameters into cyber-physical systems to detect and isolate integrity attacks by limiting attacker knowledge and thwarting adaptive threats.

## Contribution

The paper introduces novel moving target defense designs for cyber-physical systems, including hybrid switching, extended dynamics, and sensor nonlinearities, with analysis and simulation validation.

## Key findings

- Moving target defenses improve attack detectability.
- Hybrid switching enables malicious node identification.
- Sensor nonlinearities further hinder attacker inference.

## Abstract

This article considers the design and analysis of multiple moving target defenses for recognizing and isolating attacks on cyber-physical systems. We consider attackers who perform integrity attacks on a set of sensors and actuators in a control system. In such cases, a model aware adversary can carefully design attack vectors to bypass bad data detection and identification filters while causing damage to the control system. To counter such an attacker, we propose the moving target defense which introduces stochastic, time-varying parameters in the control system. The underlying random dynamics of the system limit an attacker's model knowledge and inhibits his/her ability to construct stealthy attack sequences. Moreover, the time-varying nature of the dynamics thwarts adaptive adversaries. We explore three main designs. First, we consider a hybrid system where parameters within the existing plant are switched among multiple modes. We demonstrate how such an approach can enable both the detection and identification of malicious nodes. Next, we investigate the addition of an extended system with dynamics that are coupled to the original plant but do not affect system performance. An attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Lastly, we propose the use of sensor nonlinearities to enhance the effectiveness of the moving target defense. The nonlinear dynamics act to conceal normal operational behavior from an attacker who has tampered with the system state, further hindering an attacker's ability to glean information about the time-varying dynamics. In all cases mechanisms for analysis and design are proposed. Finally, we analyze attack detectability for each moving target defense by investigating expected lower bounds on the detection statistic. Our contributions are tested via simulation.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.01423/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1902.01423/full.md

## References

33 references — full list in the complete paper: https://tomesphere.com/paper/1902.01423/full.md

---
Source: https://tomesphere.com/paper/1902.01423