Dynamic Network Path Provisioning and Selection for the Detection and Mitigation of Data Tampering Attacks in Networked Control Systems

Kento Aida,Kenta Yamada,Ryosuke Hotchi,Ryogo Kubo

doi:10.1109/access.2021.3124024

Kento Aida, Kenta Yamada + Show 2 more

Open Access

https://doi.org/10.1109/access.2021.3124024

Copy DOI

Abstract

Networked control systems can help build cost-effective and flexible industrial systems. A system that can function while being immune to cyberattacks is necessary. A method called fixed redundant path selection (FRPS) has been proposed to detect and mitigate data tampering attacks in a networked motion control system. This system contains redundant forward network paths from the controller to the motor sides to detect the attacked path by comparing the values that are received through respective paths. Then, a path selector on the motor side chooses a value on the path that is not attacked based on the majority decision. Increasing the number of redundant paths improves the detection performance of simultaneous attacks against multiple paths. However, it also increases the amount of traffic because the same data are transmitted to all of the redundant paths. This study proposes a dynamic redundant path selection (DRPS) method to balance the detection performance and the amount of traffic. The proposed method initially applies three redundant paths and changes the number of redundant paths to five only when the path selector detects a difference among the received values for the three paths. The experiments confirm that the proposed DRPS outperforms the conventional FRPS. The former can detect and mitigate the data tampering attacks while reducing the number of network paths during tampering detection when the system is exposed to simultaneous attacks against up to two of the redundant paths.

Highlights

The Internet of Things (IoT) enables devices to connect to the Internet and communicate with each other
This study proposes a dynamic redundant path selection (DRPS) method to reduce the amount of traffic
This study proposed the DRPS as a network path provisioning and selection method to reduce the amount of traffic during the tampering detection

Summary

INTRODUCTION

The Internet of Things (IoT) enables devices to connect to the Internet and communicate with each other. For the detection and mitigation of data tampering attacks to improve the availability in networked motion control systems, in which a motor is remotely controlled over the networks, a method that applies redundant network paths has been proposed. To address the issue of TDO, Yamada et al [50] proposed a fixed redundant path selection (FRPS) method to detect and mitigate the data tampering attacks against the forward network path in networked motion control systems. This study proposes a dynamic redundant path selection (DRPS) method to reduce the amount of traffic This is achieved by changing the number of forward paths that are used in the tampering detection while addressing the simultaneous attacks against multiple redundant paths. The FRPS has no path provisioning functions, and it uses a constant number of redundant network paths in the tampering detection

SYSTEM CONFIGURATION

PATH SELECTOR ALGORITHM

EXPERIMENT

CONCLUSION