NoisePrint: attack detection using sensor and process noise fingerprint in cyber physical systems

Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, Rizwan Qadeer, C.G. Murguia Rendon, Justin Ruths

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

64 Citations (Scopus)

Abstract

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint.
Original languageEnglish
Title of host publicationASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc.
Pages483–497
Number of pages15
ISBN (Electronic)9781450355766
DOIs
Publication statusPublished - 29 May 2018
Externally publishedYes
EventASIACCS '18: Asia Conference on Computer and Communications Security - Songdo, Korea, Republic of
Duration: 4 Jun 20188 Jun 2018

Conference

ConferenceASIACCS '18: Asia Conference on Computer and Communications Security
Country/TerritoryKorea, Republic of
CitySongdo
Period4/06/188/06/18

Keywords

  • Actuators
  • CPS/ICS Security
  • Cyber Physical Systems
  • Device Fingerprinting
  • Physical Attacks
  • Security
  • Sensors

Fingerprint

Dive into the research topics of 'NoisePrint: attack detection using sensor and process noise fingerprint in cyber physical systems'. Together they form a unique fingerprint.

Cite this