Defense of Cyber-Physical Systems Against Learning-based Attackers
Time: Fri 2023-11-10 09.00
Location: Kollegiesalen, Brinellvägen 8, Stockholm
Subject area: Electrical Engineering
Doctoral student: Rijad Alisic , Reglerteknik
Opponent: Professor Miroslav Pajic, Duke University, NC, USA.
Supervisor: Professor Henrik Sandberg, ACCESS Linnaeus Centre, Reglerteknik; Professor Karl H. Johansson, Reglerteknik, ACCESS Linnaeus Centre
Cyberattacks against critical infrastructures pose a serious threat to society, as they can have devastating consequences on the economy, security, or public health. These infrastructures rely on a large network of cyber components, such as sensors, controllers, computers, and communication devices, to monitor and control their physical processes. An adversary can exploit the vulnerabilities in these cyber components to gain access to the system and manipulate its behavior or functionality.
This thesis proposes methods that can be employed as a first line of defense against such attacks for Cyber-Physical Systems. In the first part of the thesis, we consider how uninformed attackers can learn to attack a Cyber-Physical System by eavesdropping through the cyber component. By learning to manipulate the plant, the attacker could figure out how to destroy the physical system before it is too late or completely take it over without raising any alarms. Stopping the attacker at the learning stage would force the attacker to act obliviously, increasing the chances of detecting them.
We analyze how homomorphic encryption, a technique that allows computation on encrypted data, hinders an attacker's learning process and reduces its capabilities to attack the system. Specifically, we show that an attacker must solve challenging lattice problems to find attacks that are difficult to detect. Additionally, we show how the detection probability is affected by the attacker's solution to the problems and what parameters of the encryption scheme can be tweaked to increase the detection probability. We also develop a novel method that enables anomaly detection over homomorphically encrypted data without revealing the actual signals to the detector, thereby discouraging attackers from launching attacks on the detector. The detection can be performed using a hypothesis test. However, special care must be taken to ensure that fresh samples are used to detect changes from nominal behavior. We also explore how the adversary can try to evade detection using the same test and how the system can be designed to make detection easier for the defender and more challenging for the attacker.
In the second part of the thesis, we study how information leakage about changes in the system depends on the system's dynamics. We use a mathematical tool called the Hammersley-Chapman-Robbins lower bound to measure how much information is leaked and how to minimize it. Specifically, we study how structured input sequences, which we call events, can be obtained through the output of a dynamical system and how this information can be hidden by adding noise or changing the inputs. The system’s speed and sensor locations affect how much information is leaked. We also consider balancing the system’s performance and privacy when using optimal control. Finally, we show how to estimate when the adversary’s knowledge of the event becomes accurate enough to launch an attack and how to change the system before that happens. These results are then used to aid the operator in detecting privacy vulnerabilities when designing a Cyber-Physical System, which increases the overall security when removed.