Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems

Dawei Shi; Ziyang Guo; Karl Henrik Johansson; Ling Shi

doi:10.1109/TAC.2017.2714646

Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems

Dawei Shi^*, Ziyang Guo, Karl Henrik Johansson, Ling Shi

^*此作品的通讯作者

自动化学院

科研成果: 期刊稿件 › 文章 › 同行评审

62 引用（Scopus）

摘要

The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.

源语言	英语
文章编号	7946131
页（从-至）	386-401
页数	16
期刊	IEEE Transactions on Automatic Control
卷	63
期	2
DOI	https://doi.org/10.1109/TAC.2017.2714646
出版状态	已出版 - 2月 2018

访问文件

10.1109/TAC.2017.2714646

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{cccd9a4fe43a4a6f949e2986b2405e0c,

title = "Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems",

abstract = "The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.",

keywords = "Anomaly detection, causality countermeasures, cyber-physical systems, transfer entropy",

author = "Dawei Shi and Ziyang Guo and Johansson, {Karl Henrik} and Ling Shi",

note = "Publisher Copyright: {\textcopyright} 1963-2012 IEEE.",

year = "2018",

month = feb,

doi = "10.1109/TAC.2017.2714646",

language = "English",

volume = "63",

pages = "386--401",

journal = "IEEE Transactions on Automatic Control",

issn = "0018-9286",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems

AU - Shi, Dawei

AU - Guo, Ziyang

AU - Johansson, Karl Henrik

AU - Shi, Ling

PY - 2018/2

Y1 - 2018/2

N2 - The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.

AB - The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.

KW - Anomaly detection

KW - causality countermeasures

KW - cyber-physical systems

KW - transfer entropy

UR - http://www.scopus.com/inward/record.url?scp=85021740831&partnerID=8YFLogxK

U2 - 10.1109/TAC.2017.2714646

DO - 10.1109/TAC.2017.2714646

M3 - Article

AN - SCOPUS:85021740831

SN - 0018-9286

VL - 63

SP - 386

EP - 401

JO - IEEE Transactions on Automatic Control

JF - IEEE Transactions on Automatic Control

IS - 2

M1 - 7946131

ER -

Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems

摘要

访问文件

其它文件与链接

指纹

引用此