Defense-in-depth against insider attacks in cyber-physical systems

Abstract

In a cyber-physical system (CPS) built on Internet-of-things (IoT) technologies, whenever measurement and control signals are transferred over communication networks across cyber and physical systems, it potentially becomes a target for adversaries. The problem becomes especially serious if the adversaries are insiders. A single layer of defense may not be strong enough in such a case, as it is difficult to assess the extent of knowledge that the inside attackers may have known about the physical and cyber system configurations, communication networks/protocols, and their respective vulnerabilities. Hence, it is paramount to have a reliable and fail-safe defense-in-depth architecture to fence off would-be-attackers. In this paper, a multi-layer defense-in-depth approach has been developed. For an inside attacker with legitimate access, the first line of defense, such as access control, may have already been compromised. Given this fact, the focus of the current paper has been on detection and mitigation. Both data-driven and model-based techniques are considered to catch stealthy attacks and stop them in their tracks. Effective mitigation techniques can then be deployed to minimize the adverse effects. To demonstrate this design philosophy and validate the effectiveness of the developed methodologies, a lab-scale cyber-physical system platform based on industry-grade communication networks and physical sensors has been used for validation.