Cyber-physical Attacks Research Articles

We Are Not Equipped to Identify the First Signs of Cyber–Physical Attacks: Emotional Reactions to Cybersecurity Breaches on Domestic Internet of Things Devices

The increasing number of domestic Internet of Things (IoT) devices in our lives leads to numerous benefits, but also comes with an increased risk of cybersecurity breaches. These breaches have psychological consequences for the users. We examined the nature of the psychological impact of cybersecurity breaches on domestic IoT by investigating emotional experiences in a scenario study (Study 1) and a field experiment (Study 2) using the five emotion components of the Component Process Model (CPM) and emotion regulation as a framework. We replicated a three-dimensional structure for emotional experiences found in a previous study, with an addition of an ancillary fourth dimension in the second study. The first dimension represents emotional intensity. The second bipolar dimension describes constructive vs. unconstructive action tendencies. On the third dimension, also bipolar, cognitive and motivational emotion features are opposed to affective emotion features. The fourth dimension, labeled distress symptoms, mainly reflects negative emotions. In Study 2, most of the introduced frequent irregularities on IoT devices were not noticed, and the intensity of emotional reactions and tendencies to react in a constructive way decreased throughout the phases of the experiment. These findings reveal that we are not emotionally equipped to identify potential threats in the cyber world.

Cloud-Cyber Physical Systems: Enhanced Metaheuristics with Hierarchical Deep Learning-based Cyberattack Detection

Cyber-Physical Systems (CPS) integrate several interconnected physical processes, networking units, and computing resources, along with monitoring the processes of the computing system. The connection between the cyber and physical world creates threatening security problems, particularly with the growing complexities of transmission networks. Despite efforts to overcome this challenge, it remains challenging to analyze and detect cyber-physical attacks in CPS. This study mainly focuses on the development of Enhanced Metaheuristics with Hierarchical Deep Learning-based Attack Detection (EMHDL-AD) method in a cloud-based CPS environment. The proposed EMHDL-AD method identifies various types of attacks to protect CPS. In the initial stage, data preprocessing is implemented to convert the input dataset into a useful format. Then, the Quantum Harris Hawks Optimization (QHHO) algorithm is used for feature selection. An Improved Salp Swarm Algorithm (ISSA) is used to optimize the hyperparameters of the HDL technique to recognize several attacks. The performance of the EMHDL-AD algorithm was examined using two benchmark intrusion datasets, and the experimental results indicated improvements over other existing approaches.

A Comprehensive Survey on Cyber-Physical System Security in the Internet of Things (IoT): Addressing and Solutions

Background: Cyber-Physical Systems (CPSs) integrate computing, control, and communication technologies, bridging cyberspace and the physical world to enhance critical infrastructure and safety-critical systems. Existing surveys often address CPS security from a single perspective, necessitating a more comprehensive approach. Methods: This paper presents a thorough review of CPS security from three perspectives: the physical domain, the cyber domain, and the cyber-physical domain. We examine attacks on physical components like sensors, cyber-attacks targeting CPSs, and integrated cyber-physical attacks. For each domain, we analyse corresponding detection and defence mechanisms. Results: Our review reveals that CPSs face significant security threats across all domains. In the physical domain, attacks on sensors can disrupt system operations, but various defences are available. In the cyber domain, CPSs are vulnerable to malware, hacking, and denial-of-service attacks, with several detection and defence strategies in place. The cyber-physical domain highlights complex threats where cyber-attacks cause physical damage, requiring comprehensive security approaches. Conclusion: By examining CPS security from multiple perspectives, this review provides a holistic understanding of current threats and defence mechanisms. It identifies future research directions to enhance CPS security, aiming to better protect critical infrastructure against evolving cyber threats.

Detection of Cyber-Physical Attacks in Additive Manufacturing: An LSTM-Based Autoencoder Method Utilizing Reconstruction Error Analysis from Side-Channel Monitoring

To identify cyber-physical threats in additive manufacturing systems, this study proposes an advanced technique utilizing data from side-channel monitoring. The method combines several key approaches for preprocessing, analyzing, and classifying time-series data, ensuring robust attack detection capabilities. A predefined Window Sliding (FWS) preprocessing method segments continuous time-series data into manageable windows of specified size, making analysis more efficient. Next, we employ Discrete Wavelet Transform (DWT) to extract features from each window, capturing essential information across various frequency bands. Particle Swarm Optimization (PSO) is then used to refine the DWT coefficients, isolating the most valuable features to enhance classification performance by focusing on the most informative characteristics. The optimal feature set is used to train a deep learning (DL) model capable of identifying anomalies through reconstruction errors, specifically an LSTM-A autoencoder. Our results demonstrate that this approach can distinguish between normal and attack scenarios with an accuracy rate of 99% when applied to side-channel attack detection in additive manufacturing. This method provides a scalable and adaptable solution to safeguard cyber-physical systems against sophisticated cyberattacks while improving detection accuracy.

Real-Time Control of Thermal Synchronous Generators for Cyber-Physical Security: Addressing Oscillations with ANFIS

This paper introduces a novel real-time ANFIS controller, specifically designed for thermal synchronous generators, to mitigate the risks associated with cyber-physical attacks on power systems. The controller integrates the dynamic model of the turbine’s thermomechanical components, such as the boiler and heat transfer processes, within the synchronous generator. In contrast to previous studies, this model is designed for practical implementation and addresses often-overlooked areas, including the interaction between electrical and thermomechanical components, real-time control responses to cyber-physical attacks, and the incorporation of economic considerations alongside technical performance. This study takes a comprehensive approach to filling these gaps. Under normal conditions, the proposed controller significantly improves the management of industrial turbines and governors, optimizing existing control systems with a particular focus on minimizing generation costs. However, its primary innovation is its ability to respond dynamically to local and inter-area power oscillations triggered by cyber-physical attacks. In such events, the controller efficiently manages the turbines and governors of synchronous generators, ensuring the stability and reliability of power systems. This approach introduces a cutting-edge thermo-electrical control strategy that integrates both electrical and thermomechanical dynamics of thermal synchronous generators. The novelty lies in its real-time control capability to counteract the effects of cyber-physical attacks, as well as its simultaneous consideration of economic optimization and technical performance for power system stability. Unlike traditional methods, this work offers an adaptive control system using ANFIS (Adaptive NeuroFuzzy Inference System), ensuring robust performance under dynamic conditions, including interarea oscillations and voltage deviations. To validate its effectiveness, the controller undergoes extensive simulation testing in MATLAB/Simulink, with performance comparisons against previous state-of-the-art methods. Benchmarking is also conducted using IEEE standard test systems, including the IEEE 9-bus and IEEE 39-bus networks, to highlight its superiority in protecting power systems.

Secured Fog-Body-Torrent : A Hybrid Symmetric Cryptography with Multi-layer Feed Forward Networks Tuned Chaotic Maps for Physiological Data Transmission in Fog-BAN Environment

Recently, the Wireless Body Area Networks (WBAN) have become a promising and practical option in the tele-care medicine information system that aids for the better clinical monitoring and diagnosis. The trend of using Internet of Things (IoT) has propelled the WBAN technology to new dimension in terms of its network characteristics and efficient data transmission. However, these networks demand the strong authentication protocol to enhance the confidentiality, integrity, recoverability and dependability against the emerging cyber-physical attacks owing to the exposure of the IoT ecosystem and the confidentiality of biometric data. Hence this study proposes the Fog based WBAN infrastructure which incorporates the hybrid symmetric cryptography schemes with the chaotic maps and feed forward networks to achieve the physiological data info security without consuming the characteristics of power hungry WBAN devices. In the proposed model, scroll chaotic maps are iterated to produce the high dynamic keys streams for the real time applications and feed-forward layers are leveraged to align the complex input-output associations of cipher data for subsequent mathematical tasks. The feed forward layers are constructed which relies on the principle of Adaptive Extreme Learning Machines (AELM) thereby increasing randomness in the cipher keys thereby increasing its defensive nature against the different cyber-physical attacks and ensuring the high secured encrypted-decrypted data communication between the users and fog nodes. The real time analysis is conducted during live scenarios. BAN-IoT test beds interfaced with the heterogeneous healthcare sensors and various security metrics are analysed and compared with the various residing cryptographic algorithms. Results demonstrates that the recommended methodology has exhibited the high randomness characteristics and low computational overhead compared with the other traditional BAN oriented cryptography protocol schemes

Report on the 5th International Workshop on Engineering and Cybersecurity of Critical Systems and 2nd International Workshop on Software Vulnerability Management (EnCyCriS/SVM - 2024)

Increasing system interconnectivity, decentralization, and introduction of new, more intelligent technologies, result in critical infrastructures becoming exposed to increased risk of cyber, physical, and combine cyber-physical attacks. Cyber-attacks on critical systems can inflict severe consequences on to people, society, economy, and national security, and can have adverse effects on safety and reliability of critical infrastructures. The joint EnCyCriS-SVM workshop facilitates discourse and discussion among researchers, practitioner, and students who are working on challenges and solutions related to the industrial revolution. Focus is given on sharing industry experience and project results pertaining to cyber threats on critical systems; secure software engineering; and attack detection and response mechanisms.

A Digital Twin-Based Approach for Detecting Cyber–Physical Attacks in ICS Using Knowledge Discovery

The integration and automation of industrial processes has brought significant gains in efficiency and productivity but also elevated cybersecurity risks, especially in the process industry. This paper introduces a methodology utilizing process mining and digital twins to enhance anomaly detection in Industrial Control Systems (ICS). By converting raw device logs into event logs, we uncover patterns and anomalies indicative of cyberattacks even when such attacks are masked by normal operational data. We present a detailed case study replicating an industrial process to demonstrate the practical application of our approach. Experimental results confirm the effectiveness of our method in identifying cyber–physical attacks within a realistic industrial setting.

Resilient cooperative platoon control for leader-following uncertain vehicular systems subject to cyber-physical attacks

This paper develops a resilient cooperative platoon control protocol for vehicle following systems under unreliable switching communication networks with cyber composite attacks, which includes actuator and sensors attacks, as well as denial of service (DoS) attacks. In this framework, to achieve leader-following platoon task, a novel resilient distributed adaptive control algorithm is designed by exploiting relative neighborhood information. First, a switching resilient turning mechanism with controller parameter updating laws is introduced into platoon controller architecture, which can compensate sensor and actuator attacks. Second, a topology-dependent analysis shows that cooperative leader-following platoon objective is achieved under some sufficient conditions, then the robust stability of the closed-loop coordination tracking error system is built. Finally, the simulation studies on a platoon of autonomous vehicles are provided to testify the design.

Obfuscation strategies for industrial control systems

Recently released scan data on Shodan reveals that thousands of Industrial Control Systems (ICSs) worldwide are directly accessible via the Internet and, thus, exposed to cyber-attacks aiming at financial gain, espionage, or disruption and/or sabotage. Executing sophisticated cyber–physical attacks aiming to manipulate industrial functionalities requires a deep understanding of the underlying physical process at the core of the target ICS, for instance, through unauthorized access to memory registers of Programmable Logic Controllers (PLCs). However, to date, countermeasures aiming at hindering the comprehension of physical processes remain largely unexplored.In this work, we investigate the use of obfuscation strategies to complicate process comprehension of ICSs while preserving their runtime evolution. To this end, we propose a framework to design and evaluate obfuscation strategies for PLCs, involving PLC memory registers, PLC code (user program), and the introduction of extra (spurious) physical processes. Our framework categorizes obfuscation strategies based on two dimensions: the type of (spurious) registers employed in the obfuscation strategy and the dependence on the (genuine) physical process. To evaluate the efficacy of proposed obfuscation strategies, we introduce evaluation metrics to assess their potency and resilience, in terms of system invariants the attacker can derive, and their cost in terms of computational overhead due to runtime modifications of spurious PLC registers. We developed a prototype tool to automatize the devised obfuscation strategies and applied them to a non-trivial use case in the field of water tank systems. Our results show that code obfuscation can be effectively used to counter malicious process comprehension of ICSs achieved via scanning of PLC memory registers. To our knowledge, this is the first work using obfuscation as a technique to protect ICSs from such threats. The efficacy of the proposed obfuscation strategies predominantly depends on the intrinsic complexity of the interplay introduced between genuine and spurious registers.

A Defense Planning Model for a Power System Against Coordinated Cyber-Physical Attack

A Defense Planning Model for a Power System Against Coordinated Cyber-Physical Attack

BioTrojans: viscoelastic microvalve-based attacks in flow-based microfluidic biochips and their countermeasures

Flow-based microfluidic biochips (FMBs) are widely used in biomedical research and diagnostics. However, their security against potential material-level cyber-physical attacks remains inadequately explored, posing a significant future challenge. One of the main components, polydimethylsiloxane (PDMS) microvalves, is pivotal to FMBs' functionality. However, their fabrication, which involves thermal curing, makes them susceptible to chemical tampering-induced material degradation attacks. Here, we demonstrate one such material-based attack termed “BioTrojans,” which are chemically tampered and optically stealthy microvalves that can be ruptured through low-frequency actuations. To chemically tamper with the microvalves, we altered the associated PDMS curing ratio. Attack demonstrations showed that BioTrojan valves with 30:1 and 50:1 curing ratios ruptured quickly under 2 Hz frequency actuations, while authentic microvalves with a 10:1 ratio remained intact even after being actuated at the same frequency for 2 days (345,600 cycles). Dynamic mechanical analyzer (DMA) results and associated finite element analysis revealed that a BioTrojan valve stores three orders of magnitude more mechanical energy than the authentic one, making it highly susceptible to low-frequency-induced ruptures. To counter BioTrojan attacks, we propose a security-by-design approach using smooth peripheral fillets to reduce stress concentration by over 50% and a spectral authentication method using fluorescent microvalves capable of effectively detecting BioTrojans.

A novel framework for identification of cyber-physical attacks in additive manufacturing

A novel framework for identification of cyber-physical attacks in additive manufacturing

Markov game based on reinforcement learning solution against cyber–physical attacks in smart grid

The rapid expansion of information networks has amplified vulnerabilities in cyberspace, particularly within the power grid and communication layers of smart grid systems. Safeguarding smart grid security has become imperative for users concerned about both online and offline privacy. Detecting attacks in smart grids is crucial for ensuring the safety and continuity of the electrical network. This paper introduces a novel stealth attack-defense game that examines the impact of these invasions on the availability, confidentiality, and integrity of phasor measurement units. The proposed system considers both attack and defense perspectives. Attackers focus on key parameters to covertly infiltrate system layers while defending the smart grid system requires advanced knowledge of data flow and critical insights to establish robust protections. To address this cybersecurity challenge, we propose a game approach based on a partially observed Markov game with an improved Shapley Q-value and a multi-agent reinforcement learning framework, implemented in cooperative, communicative, and dynamic environments. The evaluation results demonstrate the robustness of the proposed approach against coordinated attacks in smart grid environments. Additionally, the results emphasize the significance of attack distribution as a crucial trace for identifying the attack source. Our approach shows promise for addressing various types of attacks against smart grid systems.

Integrated management of safety and security barriers in chemical plants to cope with emerging cyber-physical attack risks under uncertainties

Chemical facilities face threats from accidental and intentional events, including the rising concern of cyber-physical (C2P) attacks in the digitized industrial control system era. Addressing major accident risks from safety hazards and C2P attacks requires an immediate unified framework for safety and security barrier management. This study presents a systematic risk-based approach to integrate conventional safety risks with emerging C2P attack risks. Adverse scenarios are identified, integrated into an attack-tree-bow-tie diagram, and modelled using a Bayesian network (BN). A vulnerability assessment model is developed to quantify industrial control system vulnerability to C2P attacks, considering uncertainties in attackers' knowledge levels. Monte Carlo simulations are used to handle uncertainty propagation in risk assessment, allowing the use of probability distributions for BN root nodes. Sensitivity analysis identifies critical factors/events, guiding the proposal of candidate strategies for barrier improvements. Combining cost-effectiveness analysis with a risk matrix yields the optimal strategy for safety and security barrier enhancements based on risk estimations. A hypothetical case study demonstrates the proposed approach's effectiveness in integrated safety and security barrier management, considering security vulnerability patching and safety barrier maintenance scheduling from a cost-effective perspective.

Innovative solutions for critical infrastructure resilience against cyber-physical attacks

Critical infrastructure must withstand cyber and physical assaults in today's interconnected world. This study explores innovative strategies to shield these systems from cyber-physical threats. As networks become more connected, cyberattacks grow more sophisticated, making it imperative to safeguard sectors like transportation, energy, water, and information. The paper analyzes the present and future threat landscape, identifying vulnerabilities within critical infrastructures and proposing targeted mitigation strategies to enhance security. The research leverages AI and machine learning to develop detection tools that identify and predict cyber-physical attacks, enhancing response times and preventive measures. Additionally, resilience engineering and architecture are crucial in fortifying infrastructure, enabling it to withstand and recover from attacks while maintaining essential functions. The study also reviews legislation and policies surrounding infrastructure protection, pinpointing shortcomings and recommending improvements to bolster national security. Effective countermeasures against cyber-physical threats require collaboration and information sharing among government bodies, industry stakeholders, and educational institutions. These partnerships facilitate the exchange of knowledge, best practices, and tools to address threats efficiently. Furthermore, the paper highlights the importance of training programs that equip professionals with skills to integrate cyber and physical security defenses. Exploring the integration of blockchain, IoT, and autonomous technologies could further enhance the resilience of critical systems. These technologies foster secure communications and automated responses to incidents. Lastly, community awareness initiatives play a vital role in preparing for and mitigating cyber-physical attacks, ensuring that public readiness and resilience are maintained. This comprehensive approach aims to fortify critical infrastructure against evolving cyber threats, ensuring continuous operation and security.

Trustworthy cyber-physical power systems using AI: dueling algorithms for PMU anomaly detection and cybersecurity

Energy systems require radical changes due to the conflicting needs of combating climate change and meeting rising energy demands. These revolutionary decentralization, decarbonization, and digitalization techniques have ushered in a new global energy paradigm. Waves of disruption have been felt across the electricity industry as the digitalization journey in this sector has converged with advances in artificial intelligence (AI). However, there are risks involved. As AI becomes more established, new security threats have emerged. Among the most important is the cyber-physical protection of critical infrastructure, such as the power grid. This article focuses on dueling AI algorithms designed to investigate the trustworthiness of power systems’ cyber-physical security under various scenarios using the phasor measurement units (PMU) use case. Particularly in PMU operations, the focus is on areas that manage sensitive data vital to power system operators’ activities. The initial stage deals with anomaly detection applied to energy systems and PMUs, while the subsequent stage examines adversarial attacks targeting AI models. At this stage, evaluations of the Madry attack, basic iterative method (BIM), momentum iterative method (MIM), and projected gradient descend (PGD) are carried out, which are all powerful adversarial techniques that may compromise anomaly detection methods. The final stage addresses mitigation methods for AI-based cyberattacks. All these three stages represent various uses of AI and constitute the dueling AI algorithm convention that is conceptualised and demonstrated in this work. According to the findings of this study, it is essential to investigate the trade-off between the accuracy of AI-based anomaly detection models and their digital immutability against potential cyberphysical attacks in terms of trustworthiness for the critical infrastructure under consideration.

A Novel Techno-Economical Control of UPFC against Cyber-Physical Attacks Considering Power System Interarea Oscillations

In the field of electrical engineering, there is an increasing concern among managers and operators about the secure and cost-efficient operation of smart power systems in response to disturbances caused by physical cyber attacks and natural disasters. This paper introduces an innovative framework for the hybrid, coordinated control of Unified Power Flow Controllers (UPFCs) and Power System Stabilizers (PSSs) within a power system. The primary objective of this framework is to enhance the system’s security metrics, including stability and resilience, while also considering the operational costs associated with defending against cyber-physical attacks. The main novelty of this paper lies in the introduction of a real-time online framework that optimally coordinates a power system stabilizer, power oscillation damper, and unified power flow controller to enhance the power system’s resilience against transient disturbances caused by cyber-physical attacks. The proposed approach considers technical performance indicators of power systems, such as voltage fluctuations and losses, in addition to economic objectives, when determining the optimal dynamic coordination of UPFCs and PSSs—aspects that have been neglected in previous modern research. To address the optimization problem, a novel multi-objective search algorithm inspired by Harris hawks, known as the Multi-Objective Harris Hawks (MOHH) algorithm, was developed. This algorithm is crucial in identifying the optimal controller coefficient settings. The proposed methodology was tested using standard IEEE9-bus and IEEE39-bus test systems. Simulation results demonstrate the effectiveness and efficiency of this approach in achieving optimal system recovery, both technically and economically, in the face of cyber-physical attacks.

Localization of Coordinated Cyber-Physical Attacks in Power Grids Using Moving Target Defense and Machine Learning

Coordinated cyber-physical attacks (CCPAs) are dangerously stealthy and have considerable destructive effects against power grids. The problem of stealthy CCPA (SCCPA) localization, specifically identifying disconnected lines in attack, is a nonlinear multi-classification problem. To the best of our knowledge, only one paper has studied the problem; nevertheless, the total number of classifications is not appropriate. In the paper, we propose several methods to solve the problem of SCCPA localization. Firstly, considering the practical constraints and abiding by one of our previous studies, we elaborately determine the total number of classifications and design an approach for generating training and testing datasets. Secondly, we develop two algorithms to solve multiple classifications via the support vector machine (SVM) and random forest (RF), respectively. Similarly, we also present a one-dimensional convolutional neural network (1D-CNN) architecture. Finally, extensive simulations are carried out for IEEE 14-bus, 30-bus, and 118-bus power system, respectively, and we verify the effectiveness of our approaches in solving the problem of SCCPA localization.

Attack Scenarios Generation Algorithm Based on Discrete Event System Formalism

To help automatize the security risk assessment process of Cyber-Physical Systems (CPS), we propose a tool based on Discrete Event Systems (DES) to model the architecture and the behavior of CPS in the presence of cyberattacks. Then, we present a lightweight algorithm to generate all the attack scenarios threatening a system, i.e. the sequences of attacks leading to a critical state (e.g. loss of control, collision, etc.). This kind of generation being prone to combinatorial explosion, our algorithm embeds state-space reduction capabilities focused on the specificities of cyber-physical attacks. Finally, we illustrate the performance of our algorithm on a case study: the navigation system of an autonomous vessel. This work can be seen as an alternative to heavy tools expressed in specific languages. It is open source and aims to give a good compromise between expressiveness, modeling time and computational power.