Detection of Hidden Attacks on Cyber-Physical Systems from Serial Magnitude and Sign Randomness Inconsistencies

TL;DR

This paper introduces a runtime monitoring method that detects stealthy false data injection attacks on cyber-physical systems by analyzing serial inconsistencies in chi-square test measures, validated through UGV simulations.

Contribution

It proposes a novel approach using serial magnitude and sign inconsistency detection to identify hidden attacks in CPSs, enhancing detection capabilities over existing methods.

Findings

Effective detection of stealthy attacks demonstrated in UGV simulations.

Outperforms several state-of-the-art anomaly detection techniques.

Identifies specific serial inconsistencies indicative of malicious interference.

Abstract

Stealthy false data injection attacks on cyber-physical systems (CPSs) introduce erroneous measurement information to on-board sensors with the purpose to degrade system performance. An intelligent attacker is able to leverage knowledge of the system model and noise characteristics to alter sensor measurements while remaining undetected. To achieve this objective, the stealthy attack sequence is designed such that the detector performs similarly in the attacked and attack-free cases. Consequently, an attacker that wants to remain hidden will leave behind traces of inconsistent behavior, contradicting the system model. To deal with this problem, we propose a runtime monitor to find these inconsistencies in sensor measurements by monitoring for serial inconsistencies of the detection test measure. Specifically, we employ the chi-square fault detection procedure to monitor the magnitude and signed sequence of its chi-square test measure. We validate our approach with simulations on an unmanned ground vehicle (UGV) under stealthy attacks and compare the detection performance with various state-of-the-art anomaly detectors.