[0001] This application claims the benefit of priority of Singapore Patent Application No. 10201905198V, filed on 7 June 2019, the content of which being hereby incorporated by reference in its entirety for all purposes.

TECHNICAL FIELD

[0002] The present invention generally relates to a method and a system for attack detection in a sensor network of a networked control system, and more particularly, for detecting (e.g., identifying) one or more sensors in the sensor network being subject to an attack.

BACKGROUND

[0003] An Industrial Control System (ICS) is a modem networked control system which may be controlled by the Programmable Logic Controller (PLC) in an automated way. Advances in the communication and computing technologies have resulted in the remote control and optimization of operations for the critical infrastructures, for example, water treatment, water distribution, smart grid and autonomous transportation. Automation may be achieved by using sensors, actuators and PLCs, therefore, it is important to ensure that the ICS operates securely.

[0004] The ICS may include a combination of computing elements and physical phenomenon, for example, including cyber components such as PLCs, sensors, actuators, Supervisory Control and Data Acquisition (SCAD A) workstation or system, and Human Machine Interface (HMI) elements interconnected via a communications network. The PLCs may control a physical process based on the sensor data via the SCADA system. The advances in communication technologies resulted in a widespread adoption of such a SCADA system to better monitor and operate the ICS, but such a connectivity also exposes physical processes associated with the ICS to malicious entities on the cyber domain. Previous incidents of sabotage on ICS have raised concerns on the security of ICS.

[0005] Challenges in ICS security are different as compared with conventional IT systems, especially in terms of consequences in case of a security lapse. Attacks on ICS may result in damage to the physical property, for example, as a result of an explosion or severely affecting people who depend on a critical infrastructure as was the case of the recent power cut-off in Ukraine. Data integrity is an important security requirement for ICS, therefore, integrity of sensor data should be ensured or improved. For example, sensor data may either be spoofed in cyber (digital) domain or in physical (analog) domain. Sensors may function as a bridge between the physical and cyber domains in an ICS. Traditionally, an intrusion detection system (IDS) (which may also be referred to as an attack detection system) may monitor a communication network or a computing host to detect attacks. However, physical tampering with sensors or sensor spoofing in physical/analog domain, may go undetected by the conventional IDS.

[0006] Data integrity attacks on sensor measurement and impact of such attacks have been studied in theory, including false data injection attacks, replay attacks, and stealthy attacks. These previous studies proposed attack detection methods based on system model and statistical fault detectors and also point out the limitations of such fault detectors against an adversarial manipulation of the sensor data. In practice, attacks on sensor measurement may be launched by analog spoofing attacks, or by tampering with the communication channel between a sensor and a controller by means of a classical Man-in-The-Middle (MiTM) attack.

[0007] Conventional IDS also has an attack isolation problem (e.g., problem in determining the source of attack), which is an important problem in the context of ICS. Previous anomaly (e.g., attack) detection research suffers from this issue, especially methods rooted in machine learning. For example, in conventional IDS, using machine learning methods with the available data may be able to raise an alarm when the ICS is subject to an attack but are not able to find the source of anomaly (e.g., attack) (e.g., not able to identify the sensor(s) in the ICS being subject to an attack). However, the problem of attack isolation is important, for example, considering the scale and complexity of an ICS.

[0008] A need therefore exists to provide a method and a system for attack detection in a sensor network of a networked control system, that seek to overcome, or at least ameliorate, one or more problems relating to conventional attack detection methods and systems, such as but not limited to, addressing the attack isolation problem, thereby facilitating or enabling detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack in an efficient and effective manner. It is against this background that the present invention has been developed. SUMMARY

[0009] According to a first aspect of the present invention, there is provided a method of attack detection in a sensor network of a networked control system using at least one processor, the sensor network comprising a plurality of sensors, the method comprising:

obtaining, from each of the plurality of sensors, measured sensor data;

determining, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor;

determining, for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors;

determining, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor;

determining, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and

detecting, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

[0010] According to a second aspect of the present invention, there is provided a system for attack detection in a sensor network of a networked control system, the sensor network comprising a plurality of sensors, the system comprising:

a memory; and

at least one processor communicatively coupled to the memory and configured to:

obtain, from each of the plurality of sensors, measured sensor data; determine, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor;

determine, for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors; determine, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor; determine, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and

detect, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

[0011] According to a third aspect of the present invention, there is provided a computer program product, embodied in one or more non-transitory computer-readable storage mediums, comprising instructions executable by at least one processor to perform a method of attack detection in a sensor network of a networked control system using at least one processor, the sensor network comprising a plurality of sensors, the method comprising:

obtaining, from each of the plurality of sensors, measured sensor data;

determining, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor;

determining, for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors;

determining, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor;

determining, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and

detecting, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

BRIEF DESCRIPTION OF THE DRAWINGS

[0012] Embodiments of the present invention will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which:

FIGs. 1A and IB illustrate an attack isolation problem in attacks on multiple sensors; FIG. 2 depicts a flow diagram of a method of attack detection in a sensor network of a networked control system, according to various embodiments of the present invention;

FIG. 3 depicts a schematic block diagram of a system for attack detection in a sensor network of a networked control system, according to various embodiments of the present invention;

FIG. 4 depicts a schematic block diagram of an exemplary computer system which may be used to realize or implement the system as depicted in FIG. 3;

FIG. 5 depicts a block diagram illustrating an overview of an attack detection method, according to various example embodiments of the present invention;

FIG. 6 depicts a block diagram illustrating an example networked control system under a sensor attack, according to various example embodiments of the present invention;

FIG. 7 depicts a schematic flow diagram illustrating various steps involved in generating a residual-based fingerprint, according to various example embodiments of the present invention;

FIG. 8 depicts a table listing example statistical features which may be included in a residual-based fingerprint, according to various example embodiments of the present invention;

FIG. 9 depicts graphs showing results obtained using an attack detection method based on a bank of observers approach for a first example case;

FIG. 10 depicts graphs showing results obtained using an attack detection method based on a bank of observers approach for a second example case;

FIG. 11 illustrates an example attack detection (or isolation) method, according to various example embodiments of the present invention;

FIG. 12 shows the attack detection performance results for various attack detection techniques for comparison;

FIGs. 13A and 13B depict graphs showing two example attacks and the coupling effects;

FIGs. 14A and 14B depict graphs illustrating that separate system models for both sensors were able to isolate both the attacks, according to various example embodiments of the present invention; and

FIG. 15 depicts a graph illustrating low TPR/TNR results due to post-attack effects, according to various example embodiments of the present invention. DETAILED DESCRIPTION

[0013] Various embodiments of the present invention provide a method and a system for attack detection in a sensor network of a networked control system, and more particularly, for detecting (e.g., identifying or locating) one or more sensors in the sensor network being subject to an attack. For example, the networked control system may be implemented in any industries (industrial applications) as desired or as appropriate that may require an industrial process control, such but not limited to, water treatment, chemical processing, power generation, oil and gas processing, and so on. Sensor networks are known in the art, and a sensor network may refer to a plurality of sensors that are spatially positioned or installed in the networked control system, each being arranged or positioned for monitoring and collecting sensor data (measurements or readings) relating to a physical condition or a property of a surrounding environment (e.g., in relation to a medium or an object), such as but not limited to, temperature, sound, pressure, fluid flow rate, and so on. The plurality of sensors may be communicatively coupled to a processor (e.g., a central processor or a sensor data processor) based on any communications technologies known in the art, such as wired communications technologies or wireless communications technologies, and need not be described herein. In various embodiments, an attack in a sensor network may refer to any network attack (e.g., security attack or malicious attack on sensor(s), which may also be referred to as sensor attack) on a sensor network, such as those known in the art and need not be described herein. In various embodiments, the attack in a sensor network may refer to a spoofing attack in the cyber (digital) domain and/or in the physical (analog) domain. In various embodiments, attack detection may refer to anomaly detection.

[0014] As described in the background, conventional intrusion detection systems (IDS) (or attack detection systems) have an attack isolation problem (e.g., problem in determining the source of attack), which is an important problem in the context of industrial control system (ICS) (e.g., a networked control system). Previous anomaly (e.g., attack) detection research suffers from this issue, especially methods rooted in machine learning. For example, in conventional IDS, using machine learning methods with the available data may be able to raise an alarm when the ICS is subject to an attack but are not able to find the source of anomaly (e.g., attack) (e.g., not able to identify the sensor(s) in the ICS being subject to an attack). However, the problem of attack isolation is important, for example, considering the scale and complexity of an ICS.

[0015] By way of an example only and without limitations, FIGs. 1A and IB illustrate the attack isolation problem associated with a conventional attack detection system in an example water treatment process. In the example, two sensors are illustrated, namely, a flow sensor (e.g., flow meter) (labelled as FIT-101) at an inlet of a water storage tank and a water level sensor (labelled as LIT- 101) on top of the water storage tank. Various embodiments of the present invention noted that, in the conventional attack detection system, a joint system model may be used to capture the dynamics of the physical process (e.g., the example water treatment process). For example, in the example water treatment process, the water storage tank may collect a limited amount of water to be used by subsequent stages of the example water treatment process. In this regard, various embodiments of the present invention noted that there may be a physical relationship between the physical quantities measured by the two sensors in relation to water, for example, when water flows into the water storage tank through the inlet pipe, the level of the water in the water storage should rise. Hence, the water level sensor (LIT-101) and the flow sensor (FIT-101) may be interrelated (which may also herein be referred to as being physically coupled, that is, coupled by flows of matter and energy for example) with each other.

[0016] For example, in an example attack, an attacker may spoof the flow sensor (FIT- 101) by spoofing the real sensor measurements of zero flow to 4m ³ /hr volumetric flow level. For this attack, as shown in FIG. 1A, various embodiments of the present invention note that the attack may be detected using a model-based detector (e.g., the model-based detector disclosed in C. M. Ahmed, C. Murguia, and J. Ruths,“Model- based attack detection scheme for smart water distribution networks,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security , ser. ASIA CCS’ 17, New York, NY, USA: ACM, 2017, pp. 101-113) for the flow sensor (FIT-101), but as shown in FIG. IB, it can be seen that the same attack may be detected using the model-based detector for the water level sensor (LIT-101). With reference to FIG. IB, various embodiments of the present invention note that, based on the joint system model, the estimate for the water level tends to increase, for the reason that if there is an inflow of water, the water level should be increased, but since the flow sensor is under attack (spoofing attack as mentioned above), it can be seen that the estimate deviates from the real sensor measurements. Accordingly, the model-based detectors defined for the water level sensor and the flow sensor, respectively, would both raise an alarm. As a result, various embodiments of the present invention note that in such a conventional attack detection system, it is not possible to identify where the attack is being carried out (i.e., which sensor(s) is under attack) unless manually checked. In this regard, various embodiments of the present invention note that the problem of attack isolation is important, for example, considering the scale and complexity of an ICS.

[0017] Accordingly, various embodiments of the present invention provide a method and a system for attack detection in a sensor network of a networked control system, that seek to overcome, or at least ameliorate, one or more problems relating to conventional attack detection methods and systems, such as but not limited to, addressing the attack isolation problem, thereby facilitating or enabling detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack in an efficient and effective manner.

[0018] FIG. 2 depicts a flow diagram of a method 200 of attack detection in a sensor network of a networked control system using at least one processor, the sensor network comprising a plurality of sensors, according to various embodiments of the present invention. The method 200 comprises: obtaining (at 202), from each of the plurality of sensors, measured sensor data; determining (at 204), for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor; determining (at 206), for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors; determining (at 208), for each of the plurality of sensors, first residual information (or data) associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor; determining (at 210), for each of the plurality of sensors, second residual information (or data) associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and detecting (212), for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

[0019] In relation to 202, in various embodiments, each of the plurality of sensors may be communicatively coupled to at least one processor (e.g., the above-mentioned at least one processor) based on any communications technologies known in the art, such as wired communications technologies or wireless communications technologies, and thus, the at least one processor may obtain measured sensor data from each of the plurality of sensors (i.e., respectively) based on the communications technology implemented in the sensor network. It will be appreciated by a person skilled in the art that each sensor may be any type of sensor known in the art configured for capturing a desired or an intended condition or property of a surrounding environment and outputting a corresponding sensor data in relation to the surrounding environment. It will be appreciated by a person skilled in the art that the plurality of sensors may be of the same type or may include a variety of sensors, depending on the aspects of (or in relation to) the networked control system that are desired to be monitored.

[0020] In relation to 204, in various embodiments, each sensor may have associated therewith a corresponding individual system model in relation to the networked control system.

[0021] In relation to 206, in various embodiments, each sensor may have further associated therewith a corresponding joint system model in relation to the networked control system.

[0022] In relation to 208 and 210, in various embodiments, for each of the plurality of sensors, first residual information and second residual information are determined, whereby the first residual information associated with the sensor is determined based on the measured sensor data and the first estimated sensor data (i.e., based on the individual system model associated with the sensor) associated with the sensor, and the second residual information associated with the sensor is determined based on the measured sensor data and the second estimated sensor data (i.e., based on the joint system model associated with the plurality of sensors) associated with the sensor. Therefore, according to various embodiments, at least two different types of residual information are determined for each of the plurality of sensors, one based on the individual system model associated with the sensor and another one based on the joint system model associated with the plurality of sensors.

[0023] In relation to 212, in various embodiments, any one or more of the plurality of sensors that is subject to an attack (e.g., a spoofing attack) may be detected (e.g., identified or located) based on the first and second residual information associated with the corresponding sensor.

[0024] Accordingly, the method 200 of attack detection according to various embodiments advantageously, for example, determines at least two different types of residual information for each of the plurality of sensors, one based on the individual system model associated with the sensor and another one based on the joint system model associated with the plurality of sensors. Such a technical approach or solution has been found to advantageously address the attack isolation problem, thereby facilitating or enabling the detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack. In particular, not only is the method 200 able to detect an attack in the networked control system, the method 200 is able to identify which particular sensor(s) in the networked control system is under attack (e.g., spoofing attack) in an efficient and effective manner.

[0025] In various embodiments, the individual system model associated with the sensor is a process representation of the networked control system (e.g., captures the dynamics of the physical process of the networked control system) and has an output corresponding to an output (sensor data output) of the sensor, and the joint system model associated with the plurality of sensors is a process representation of the networked control system (e.g., captures the dynamics of the physical process of the networked control system) and has a plurality of outputs corresponding to a plurality of outputs (sensor data outputs) of the plurality of sensors, respectively. In various embodiments, the individual system model has only one output, and thus may be referred to as a single output individual system model. In various embodiments, the joint system model has a plurality of outputs, and thus may be referred to as a multi - output joint system model.

[0026] In various embodiments, for each of the plurality of sensors, the first estimated sensor data is determined based on an estimated state of the individual system model associated with the sensor, and for each of the plurality of sensors, the second estimated sensor data is determined based on an estimated state of the joint system model associated with the plurality of sensors.

[0027] In various embodiments, for each of the plurality of sensors, the first residual information associated with the sensor is determined based on a difference between the measured sensor data and the first estimated sensor data associated with the sensor, and for each of the plurality of sensors, the second residual information associated with the sensor is determined based on a difference between the measured sensor data and the second estimated sensor data associated with the sensor.

[0028] In various embodiments, the first residual information is a function of sensor noise associated with the sensor and process noise associated with the networked control system based on the individual system model associated with the sensor; and the second residual information is a function of sensor noise associated with the sensor and process noise associated with the networked control system based on the joint system model associated with the plurality of sensors. In particular, by determining the first residual information associated with the sensor based on a difference between the measured sensor data and the first estimated sensor data associated with the sensor, the first residual information associated with the sensor has been found to be a function of sensor noise associated with the sensor and process noise associated with the networked control system based on the individual system model associated with the sensor. Similarly, by determining the second residual information associated with the sensor based on a difference between the measured sensor data and the second estimated sensor data associated with the sensor, the second residual information associated with the sensor has been found to be a function of sensor noise associated with the sensor and process noise associated with the networked control system based on the joint system model associated with the plurality of sensors.

[0029] In various embodiments, the method 200 further comprising: extracting, for each of the plurality of sensors, a first collection of statistical features from the first residual information associated with the sensor, and forming a first fingerprint associated with the sensor comprising the first collection of statistical features; and extracting, for each of the plurality of sensors, a second collection of statistical features from the second residual information associated with the sensor, and forming a second fingerprint associated with the sensor comprising the second collection of statistical features. In various embodiments, the first collection of statistical features may include time domain and frequency domain features extracted from the first residual information by analyzing or processing the first residual information in the time and frequency domains. Similarly, the second collection of statistical features may include time domain and frequency domain features extracted from the second residual information by analyzing or processing the second residual information in the time and frequency domains. In this manner, each sensor may be profiled based on variance and other statistical features in the first residual information associated with the sensor for forming the first fingerprint associated with the sensor, and each sensor may further (separately) be profiled based on variance and other statistical features in the second residual information associated with the sensor for forming the second fingerprint associated with the sensor. [0030] In various embodiments, the first collection of statistical features comprises a plurality of sets of statistical features extracted from a plurality of chunks (data chunks) of the first residual information associated with the sensor, respectively, and the second collection of statistical features comprises a plurality of sets of statistical features extracted from a plurality of chunks (data chunks) of the second residual information associated with the sensor, respectively. In various embodiments, the first residual information may be divided or segmented into a plurality of chunks and the second residual information may be divided or segmented into a plurality of chunks. Accordingly, for example in relation to the first residual information, the entire first residual information obtained over a period of time may be divided into a plurality of chunks, and a set of statistical features may be extracted from each of the plurality of chunks, thereby resulting in a first plurality of sets of features (e.g., the number of sets corresponding to (e.g., equal to) the number of chunks) for each sensor. Similarly, in relation to the second residual information, the entire second residual information obtained over a period of time may be divided into a plurality of chunks, and a set of statistical features may be extracted from each of the plurality of chunks, thereby resulting in a second plurality of sets of features (e.g., the number of sets corresponding to (e.g., equal to) the number of chunks) for each sensor.

[0031] In various embodiments, whether the sensor is subject to an attack is detected based on the first residual information associated with the sensor using a first classifier associated with the sensor and based on the second residual information associated with the sensor using a second classifier associated with the sensor. In various embodiments, the first classifier and the second classifier are each trained based on machine learning.

[0032] In various embodiments, the first classifier associated with the sensor is trained based on a first reference fingerprint associated with the sensor, the first reference fingerprint formed based on first reference residual information associated with the sensor, and the first reference residual information associated with the sensor determined based on reference measured sensor data obtained during a reference operation (e.g., under“normal” operation, that is, without attack) of the networked control system and first reference estimated sensor data associated with the sensor determined based on the individual system model associated with the sensor during the reference operation of the networked control system. In various embodiments, the first reference fingerprint may be formed in the same or corresponding manner as the first fingerprint as described hereinbefore according to various embodiments. In various embodiments, the first reference fingerprint formed for the sensor may be labelled with an identity of the sensor (e.g., sensor ID) that enables or facilitates identification of the sensor.

[0033] In various embodiments, the second classifier associated with the sensor is trained based on a second reference fingerprint associated with the sensor, the second reference fingerprint formed based on second reference residual information associated with the sensor, and the second reference residual information associated with the sensor determined based on the reference measured sensor data obtained during the reference operation of the networked control system and second reference estimated sensor data associated with the sensor determined based on the joint system model associated with the plurality of sensors during the reference operation of the networked control system. In various embodiments, the second reference fingerprint may be formed in the same or corresponding manner as the second fingerprint as described hereinbefore according to various embodiments. In various embodiments, the second reference fingerprint formed for the sensor may be labelled with an identity of the sensor (e.g., sensor ID) that enables identification of the sensor. In various embodiments, the above-mentioned reference operation in relation to the first residual information and the above-mentioned reference operation in relation to the second residual information may refer to any operation of the networked control system that is considered as“normal” (e.g., normal operating condition(s)) for the networked control system, and in particular, not under attack. Accordingly, the above-mentioned reference operation in relation to the first residual information and the above-mentioned reference operation in relation to the second residual information may or may not be the same type of operation and may or may not be performed at the same time period.

[0034] In various embodiments, the first reference fingerprint comprises a first reference collection of statistical features extracted from the first reference residual information associated with the sensor, and the second reference fingerprint comprising a second reference collection of statistical features extracted from the second reference residual information associated with the sensor.

[0035] In various embodiments, the first reference collection of statistical features comprises a plurality of reference sets of statistical features extracted from a plurality of chunks (data chunks) of the first reference residual information associated with the sensor, respectively, and the second reference collection of statistical features comprises a plurality of reference sets of statistical features extracted from a plurality of chunks (data chunks) of the second reference residual information associated with the sensor, respectively.

[0036] In various embodiments, the sensor is detected to be subject to an attack if the first classifier and the second classifier both classify the sensor as being subject to an attack. That is, the sensor is only detected to be subject to an attack if both the first classifier and the second classifier return a positive indication of an attack on the sensor. Therefore, the sensor is not detected to be subject to an attack if only one or none of the first classifier and the second classifier is detected to be subject to an attack.

[0037] In various embodiments, the first classifier and the second classifier are each a one-class Support Vector Machine (SVM) classifier. Accordingly, in various embodiments, each of the first classifier and the second classifier associated with the sensor is trained using only positive information or the reference (e.g.,“normal”, that is, without attack) class (i.e., the first and second reference fingerprints, respectively, obtained during the above-mentioned reference (e.g., “normal”) operation of the networked control system).

[0038] In various embodiments, the plurality of sensors is interrelated (which may also be referred to herein as being interdependent or physically coupled (that is, coupled by flows of matter and energy for example)) in the networked control system. For example, two sensors in the networked control system may be referred to as being interrelated to each other when at least an output of one of the two sensors affects or depends on an output of the other one of the two sensors.

[0039] FIG. 3 depicts a schematic block diagram of a system 300 for attack detection in a sensor network of a networked control system, the sensor network comprising a plurality of sensors, according to various embodiments of the present invention, such as corresponding to the method 200 of attack detection in a sensor network of a networked control system as described hereinbefore according to various embodiments of the present invention. The system 300 comprises a memory 302, and at least one processor 304 communicatively coupled to the memory 302 and configured to: obtain, from each of the plurality of sensors, measured sensor data; determine, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor; determine, for each of the plurality of sensors, second estimated sensor data based on a j oint system model associated with the plurality of sensors; determine, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor; determine, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and detect, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

[0040] It will be appreciated by a person skilled in the art that the at least one processor 304 may be configured to perform the required functions or operations through set(s) of instructions (e.g., software modules) executable by the at least one processor 304 to perform the required functions or operations. Accordingly, as shown in FIG. 3, the system 300 may comprise a measured sensor data module (or a measured sensor data circuit) 306 configured to obtain, from each of the plurality of sensors, measured sensor data; a first estimated sensor data determining module (or a first estimated sensor data determining circuit) 308 configured to determine, for each of the plurality of sensors, first estimated sensor data based on an individual system model associated with the sensor; a second estimated sensor data determining module (or a second estimated sensor data determining circuit) 310 configured to determine, for each of the plurality of sensors, second estimated sensor data based on a joint system model associated with the plurality of sensors; a first residual information determining module (or a first residual information determining circuit) 312 configured to determine, for each of the plurality of sensors, first residual information associated with the sensor based on the measured sensor data and the first estimated sensor data associated with the sensor; a second residual information determining module (or a second residual information determining circuit) 314 configured to determine, for each of the plurality of sensors, second residual information associated with the sensor based on the measured sensor data and the second estimated sensor data associated with the sensor; and an attack detection module (or an attack detection circuit) 316 configured to detect, for each of the plurality of sensors, whether the sensor is subject to an attack based on the first residual information and the second residual information associated with the sensor.

[0041] It will be appreciated by a person skilled in the art that the above-mentioned modules are not necessarily separate modules, and one or more modules may be realized by or implemented as one functional module (e.g., a circuit or a software program) as desired or as appropriate without deviating from the scope of the present invention. For example, two or more of the measured sensor data module 306, the first estimated sensor data determining module 308, the second estimated sensor data determining module 310, the first residual information determining module 312, the second residual information determining module 314 and the attack detection module 316 may be realized (e.g., compiled together) as one executable software program (e.g., software application or simply referred to as an“app”), which for example may be stored in the memory 302 and executable by the at least one processor 304 to perform the functions/operations as described herein according to various embodiments.

[0042] In various embodiments, the system 300 corresponds to the method 200 as described hereinbefore with reference to FIG. 2, therefore, various functions or operations configured to be performed by the least one processor 304 may correspond to various steps or operations of the method 200 described hereinbefore according to various embodiments, and thus need not be repeated with respect to the system 300 for clarity and conciseness. In other words, various embodiments described herein in context of the methods are analogously valid for the respective systems, and vice versa.

[0043] For example, in various embodiments, the memory 302 may have stored therein the measured sensor data module 306, the first estimated sensor data determining module 308, the second estimated sensor data determining module 310, the first residual information determining module 312, the second residual information determining module 314 and/or the attack detection module 316, which respectively correspond to various steps (or operations or functions) of the method 200 as described hereinbefore according to various embodiments, which are executable by the at least one processor 304 to perform the corresponding functions/operations as described herein.

[0044] A computing system, a controller, a microcontroller or any other system providing a processing capability may be provided according to various embodiments in the present disclosure. Such a system may be taken to include one or more processors and one or more computer-readable storage mediums. For example, the system 300 described hereinbefore may include a processor (or controller) 304 and a computer- readable storage medium (or memory) 302 which are for example used in various processing carried out therein as described herein. A memory or computer-readable storage medium used in various embodiments may be a volatile memory, for example a DRAM (Dynamic Random Access Memory) or a non-volatile memory, for example a PROM (Programmable Read Only Memory), an EPROM (Erasable PROM), EEPROM (Electrically Erasable PROM), or a flash memory, e.g., a floating gate memory, a charge trapping memory, an MRAM (Magnetoresistive Random Access Memory) or a PCRAM (Phase Change Random Access Memory).

[0045] In various embodiments, a“circuit” may be understood as any kind of a logic implementing entity, which may be special purpose circuitry or a processor executing software stored in a memory, firmware, or any combination thereof. Thus, in an embodiment, a“circuit” may be a hard-wired logic circuit or a programmable logic circuit such as a programmable processor, e.g., a microprocessor (e.g., a Complex Instruction Set Computer (CISC) processor or a Reduced Instruction Set Computer (RISC) processor). A“circuit” may also be a processor executing software, e.g., any kind of computer program, e.g., a computer program using a virtual machine code, e.g., Java. Any other kind of implementation of the respective functions which will be described in more detail below may also be understood as a“circuit” in accordance with various alternative embodiments. Similarly, a“module” may be a portion of a system according to various embodiments in the present invention and may encompass a “circuit” as above, or may be understood to be any kind of a logic-implementing entity therefrom.

[0046] Some portions of the present disclosure are explicitly or implicitly presented in terms of algorithms and functional or symbolic representations of operations on data within a computer memory. These algorithmic descriptions and functional or symbolic representations are the means used by those skilled in the data processing arts to convey most effectively the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities, such as electrical, magnetic or optical signals capable of being stored, transferred, combined, compared, and otherwise manipulated.

[0047] Unless specifically stated otherwise, and as apparent from the following, it will be appreciated that throughout the present specification, discussions utilizing terms such as “obtaining”, “determining”, “estimating”, “measuring” “detecting”, “extracting”,“identifying”,“training”,“classif ying” or the like, refer to the actions and processes of a computer system, or similar electronic device, that manipulates and transforms data represented as physical quantities within the computer system into other data similarly represented as physical quantities within the computer system or other information storage, transmission or display devices.

[0048] The present specification also discloses a system (e.g., which may also be embodied as a device or an apparatus), such as the system 300, for performing the operations/functions of the methods described herein. Such a system may be specially constructed for the required purposes, or may comprise a general purpose computer or other device selectively activated or reconfigured by a computer program stored in the computer. The algorithms presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose machines may be used with computer programs in accordance with the teachings herein. Alternatively, the construction of more specialized apparatus to perform the required method steps may be appropriate.

[0049] In addition, the present specification also at least implicitly discloses a computer program or software/functional module, in that it would be apparent to the person skilled in the art that the individual steps of the methods described herein may be put into effect by computer code. The computer program is not intended to be limited to any particular programming language and implementation thereof. It will be appreciated that a variety of programming languages and coding thereof may be used to implement the teachings of the disclosure contained herein. Moreover, the computer program is not intended to be limited to any particular control flow. There are many other variants of the computer program, which can use different control flows without departing from the spirit or scope of the invention. It will be appreciated by a person skilled in the art that various modules described herein (e.g., the measured sensor data module 306, the first estimated sensor data determining module 308, the second estimated sensor data determining module 310, the first residual information determining module 312, the second residual information determining module 314 and/or the attack detection module 316) may be software module(s) realized by computer program(s) or set(s) of instructions executable by a computer processor to perform the required functions, or may be hardware module(s) being functional hardware unit(s) designed to perform the required functions. It will also be appreciated that a combination of hardware and software modules may be implemented.

[0050] Furthermore, one or more of the steps of a computer program/module or method described herein may be performed in parallel rather than sequentially. Such a computer program may be stored on any computer readable medium. The computer readable medium may include storage devices such as magnetic or optical disks, memory chips, or other storage devices suitable for interfacing with a general purpose computer. The computer program when loaded and executed on such a general-purpose computer effectively results in an apparatus that implements the steps of the methods described herein.

[0051] In various embodiments, there is provided a computer program product, embodied in one or more computer-readable storage mediums (non-transitory computer-readable storage medium(s)), comprising instructions (e.g., the measured sensor data module 306, the first estimated sensor data determining module 308, the second estimated sensor data determining module 310, the first residual information determining module 312, the second residual information determining module 314 and/or the attack detection module 316) executable by one or more computer processors to perform a method 200 of attack detection in a sensor network of a networked control system using at least one processor, the sensor network comprising a plurality of sensors, as described hereinbefore with reference to FIG. 2. Accordingly, various computer programs or modules described herein may be stored in a computer program product receivable by a system therein, such as the system 300 as shown in FIG. 3, for execution by at least one processor 304 of the system 300 to perform the required or desired functions.

[0052] The software or functional modules described herein may also be implemented as hardware modules. More particularly, in the hardware sense, a module is a functional hardware unit designed for use with other components or modules. For example, a module may be implemented using discrete electronic components, or it can form a portion of an entire electronic circuit such as an Application Specific Integrated Circuit (ASIC). Numerous other possibilities exist. Those skilled in the art will appreciate that the software or functional module(s) described herein can also be implemented as a combination of hardware and software modules.

[0053] In various embodiments, the system 300 may be realized by any computer system (e.g., desktop or portable computer system) including at least one processor and a memory, such as a computer system 400 as schematically shown in FIG. 4 as an example only and without limitation. Various methods/steps or functional modules (e.g., the measured sensor data module 306, the first estimated sensor data determining module 308, the second estimated sensor data determining module 310, the first residual information determining module 312, the second residual information determining module 314 and/or the attack detection module 316) may be implemented as software, such as a computer program being executed within the computer system 400, and instructing the computer system 400 (in particular, one or more processors therein) to conduct the methods/functions of various embodiments described herein. The computer system 400 may comprise a computer module 402, input modules, such as a keyboard 404 and a mouse 406, and a plurality of output devices such as a display 408, and a printer 410. The computer module 402 may be connected to a computer network 412 via a suitable transceiver device 414, to enable access to e.g., the Internet or other network systems such as Local Area Network (LAN) or Wide Area Network (WAN). The computer module 402 in the example may include a processor 418 for executing various instructions, a Random Access Memory (RAM) 420 and a Read Only Memory (ROM) 422. The computer module 402 may also include a number of Input/Output (I/O) interfaces, for example I/O interface 424 to the display 408, and I/O interface 426 to the keyboard 404. The components of the computer module 402 typically communicate via an interconnected bus 428 and in a manner known to the person skilled in the relevant art.

[0054] It will be appreciated by a person skilled in the art that the terminology used herein is for the purpose of describing various embodiments only and is not intended to be limiting of the present invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

[0055] Any reference to an element or a feature herein using a designation such as “first,”“second,” and so forth does not limit the quantity or order of such elements or features. For example, such designations are used herein as a convenient method of distinguishing between two or more elements or instances of an element. Thus, a reference to first and second elements does not mean that only two elements can be employed, or that the first element must precede the second element. In addition, a phrase referring to“at least one of’ a list of items refers to any single item therein or any combination of two or more items therein. [0056] In order that the present invention may be readily understood and put into practical effect, various example embodiments of the present invention will be described hereinafter by way of examples only and not limitations. It will be appreciated by a person skilled in the art that the present invention may, however, be embodied in various different forms or configurations and should not be construed as limited to the example embodiments set forth hereinafter. Rather, these example embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the present invention to those skilled in the art.

[0057] In particular, for better understanding of the present invention and without limitation or loss of generality, unless stated otherwise, various example embodiments of the present invention will be described with respect to attack detection in a sensor network of a networked control system for a water treatment plant. However, it will be understood by a person skilled in the art that the present invention is not limited to being applied or implemented to a networked control system for a water treatment plant, and may be applied or implemented in any industries as desired or as appropriate that may require an industrial process control.

[0058] According to various example embodiments, an attack detection method (e.g., corresponding to the method 200 of attack detection as described hereinbefore according to various embodiments) is provided to detect data integrity attacks on sensors in Cyber Physical Systems (CPSs) or Industrial Control System (ICSs) (which may also be referred to as networked control systems). In various example embodiments, a combined fingerprint for sensor and process noise is created during the normal operation of the networked control system. For example, under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling or facilitating the attack detection method according to various example embodiments to detect attacks. According to various example embodiments, to extract noise (difference between expected and observed value), a representative model of the networked control system is derived. In this regard, a Kalman filter may be used for the purpose of state estimation. By determining a difference between measured sensor data (e.g., based on real system states) and estimated sensor data (e.g., based on state estimates), a residual vector (e.g., corresponding to the residual information described hereinbefore according to various embodiments) may be obtained. Various example embodiments note that in steady state, the residual vector is a function of process and sensor noise. In various example embodiments, a set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning model or algorithm to detect whether the networked control system is under attack (e.g., spoofing attack). In particular, as will be described further according to various example embodiments, not only is the attack detection method is able to detect an attack in the networked control system, the attack detection method is able to identify which particular sensor(s) in the networked control system is under attack. Accordingly, the attack detection method according to various example embodiments advantageously addresses the attack isolation problem, thereby facilitating or enabling the detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack. These advantages or technical effects will become more apparent to a person skilled in the art as the attack detection method is described in more detail according to various example embodiments of the present invention. For example, various experiments were performed on a real-world water treatment (SWaT) facility and the results will be discussed later below.

[0059] Attacks on sensor measurements can take the system to an unwanted state. In various example embodiments, in particular as mentioned above, the attack detection method is further able to identify which particular sensor(s) in the networked control system is under attack based on the process dynamics. Therefore, the attack detection method may also be referred to herein as an attack detection and isolation method, or simply an attack isolation method. In this regard, in various embodiments, a multi model framework is provided, which may herein be referred to as Bank of Models (BoM). Various example embodiments note that a disadvantage of using only a joint system model-based approach for attack detection is that it could not isolate which sensor(s) was under attack. For example, as explained with reference to FIGs. 1 A and IB, if one of two sensors that are physically coupled (which may also be referred to herein as being interrelated) is under attack, the attack would be reflected in both sensors. To address the attack isolation problem, various example embodiments provide an attack isolation method using multiple types of system models for the same process. More specifically, in various example embodiments, at least two different types of residual information for each of the plurality of sensors may be determined, one based on the individual system model associated with the sensor and another one based on the joint system model associated with the plurality of sensors. Advantageously, the attack detection (or isolation) method according to various example embodiments has been found to achieve higher accuracy for attack detection (including sensor identification) and low false alarm rates.

[0060] The attack detection method according to various example embodiments may serve or function as a device identification framework and it can also detect a range of attacks on sensors. The attack detection method improves on various limitations of conventional model based attack detection techniques. In general, for a complex CPS, there can be many possible attack scenarios. However, zero-alarm attack may be a worst case scenario for a model based attack detection method employing a threshold based detector. A zero-alarm attack exposes the limitations of threshold based statistical attack detection methods. In various example embodiments, the input to the classifier (e.g., which may be referred to herein as NoisePrint as will be described further later below) according to various example embodiments and reference methods is the same, i.e., a residual vector. Example experiments performed may execute bias attack (or data injection attack) as an example of an attack which can be detected using CUSUM and Bad-Data detectors. For example, the attack detection method according to various example embodiments may advantageously be a non-intrusive sensor and process fingerprinting method to authenticate sensors transmitting measurements to one or more PLCs. In various example embodiments, noise pattern is extracted, for which a system model of a networked control system (e.g., ICS) is used. The attack detection method intelligently uses a model of the networked control system in a particular way to extract noise pattern and then input that noise (i.e., the residual information determined) to NoisePrint (e.g., block 512) as shown in FIG. 5. In this regard, as described hereinbefore, the input (residual information determined) to the NoisePrint block 512 is a function of sensor and process noise. Various example embodiments note that sensor noise may be due to the construction of the sensor and process noise due to variations in the process (e.g., fluid sloshing in a storage tank in a process plant). For example, such a sensor noise is different from one sensor to another because of hardware imperfections during the manufacturing process. Furthermore, process noise is unique among different processes essentially because of different process dynamics. In this regard, according to various example embodiments, sensor and process noise is captured using a real system state (from sensor measurements) and system state estimate (from system model). These noise variations affect each device and process differently and thus are hard to control or reproduce, making physical or digital spoofing of sensor noise profiles challenging or impossible. For better understanding, FIG. 5 depicts a block diagram illustrating an overview 500 of the attack detection method according to various example embodiments of the present invention.

[0061] In various example embodiments, a classifier (or classifying technique) (which may be referred to herein as NoisePrint) is designed or configured, to fingerprint sensor and process found in the ICS. NoisePrint may create a noise fingerprint based on a set of time domain and frequency domain features that are extracted from the sensor and process noise. To extract noise pattern, a system model based method is used. According to various example embodiments, a one-class Support Vector Machine (SVM) is used to identify each sensor from a dataset, comprising of a multitude of industrial sensors, that is subject to an attack. In this regard, each classifier associated with a sensor is trained using only positive information or the reference (e.g.,“normal”, that is, without attack) class obtained during a reference (e.g.,“normal”) operation of the networked control system.

[0062] In particular, the attack detection method according to various example embodiments uses bank of models (BoM) (e.g., corresponding to the individual system models associated with the plurality of sensors, respectively, as described hereinbefore according to various embodiments) to detect and isolate attacks on the sensors in an ICS. The attack detection method advantageously improves on various limitations of conventional model based attack detection methods.

[0063] In various example embodiments, the BoM use the estimates for each sensor obtained from the multiple system models. It then creates a profile for each sensor based on a set of time domain and frequency domain features (e.g., corresponding to the first collection of statistical features associated with the sensor, as described hereinbefore according to various embodiments) that are extracted from the residual vector (e.g., difference between sensor measurement and sensor estimate). A one-class SVM associated with each sensor, respectively, is then used to detect attacks on the respective sensor, such that the particular sensor(s) under an attack amongst a multitude of sensors in the networked control system may be identified. Experiments were performed on an operational water treatment facility accessible for research (e.g., see A. P. Mathur and N. O. Tippenhauer,“Swat: a water treatment testbed for research and training on ics security,” in 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), April 2016, pp. 31-36). A class of attacks as explained in threat model were launched on a real water treatment testbed.

[0064] Accordingly, various example embodiments advantageously provide: • A fingerprinting framework for the attack detection method that is based on sensor and process noise, and is a function of hardware characteristics of a device and physics of the process;

• A BoM framework for the attack detection method to detect and isolate sensor attacks;

• A detailed evaluation of the attack detection method for a class of sensor spoofing attacks;

• Extensive empirical performance evaluation on a realistic ICS testbed; and

• An ensemble of models based technique or algorithm for increasing the attack detection accuracy rate and reducing the false alarm rate.

[0065] For better understanding, the attack detection method (e.g., corresponding to the corresponding to the method 200 of attack detection as described hereinbefore according to various embodiments) will now be described in further detail according to various example embodiments of the present invention.

System Dynamics

[0066] A system model represents the system dynamics in a mathematical form. By way of an example only and without limitation, FIG. 6 depicts a block diagram illustrating an example networked control system 600 under a sensor attack. It will be appreciated by a person skilled in the art that the example networked control system 600 illustrates only one sensor and only one actuator for the sake of simplicity and clarity in illustrating a system model, but a networked control system, for example, comprises a plurality of sensors as described herein according to various embodiments. In various example embodiments, a linear time invariant system model of the networked control system is obtained, for example, using either first principles (laws of physics) or subspace system identification techniques (e.g., see block 504 in FIG. 5). Subsequently, a Kalman filter (e.g., see block 506 in FIG. 5) may be constructed which is configured to obtain estimates for the system states, based on which the residual vector may then be determined (e.g., see block 508 in FIG. 5). As experiments, the system design and functionality of the water treatment (SWaT) testbed was analysed to obtain the system model, and data collected under regular or normal operation (i.e., no attacks) and subspace system identification techniques were used to obtain a system model. For the SWaT testbed, resulting system model is a Linear Time Invariant (LTI) discrete time state space model of the form:

Equation (1) where fe £ M is the discrete time index, x _k e R ⁿ is the state of the approximated model, (its dimension depends on the order of the approximated model), y e R ^m are the measured outputs, and u E R ^P denote the control actions. The variable & is reserved as the discrete-time index of various sequences, and where clear, it may not be repeated that k E N.

Threat Model

[0067] At the time instance k E N, the output of the process y _k may be sampled and transmitted over a communication channel as illustrated in the example networked control system 600 shown in FIG. 6. The control action u _k may be computed based on the received sensor measurement y _k . Data is exchanged between different entities of this control loop and it may be transmitted via communication channels. There are many potential points where an attacker may hack into the networked control system 600. For instance, Man-in-The-Middle (MiTM) attacks at the communication channels and physical attacks directly on the infrastructure. However, for the sake of simplicity and clarity, various example embodiments may particularly refer to sensor spoofing attacks by way of an example only and without limitations, which may be accomplished through a Man-in-The-Middle (MiTM) scheme or a replacement of on board PLC software. However, it will be appreciated by a person skilled in the art that the present attack detection method according to various example embodiments are not limited to sensor spoofing attacks and other types of sensor attacks may also be detected. After each transmission and reception, the attacked output y _k may take the form:

Vk ^: = Yk + S _k = Cx _k + Vk + s _kt

Equation (2) where S _k e R ^m denotes sensor attacks.

Problem of State Estimation

[0068] State estimation is to estimate the physical state variable of a system (e.g., the networked control system as described hereinbefore according to various embodiments) given the previous state measurement. A general state estimation problem may be formulated as,

X _k+1 = AX _k + BU _k + L(7 _k - ? _k ),

Equation (3)

[0069] Equation (3) presents a general estimator design, where E is a gain matrix calculated to minimize the estimation error. Ϋ and X are estimated system output and system state, respectively. Assuming an example of a system model with two outputs and one control input, Equation (3) becomes,

Equation (5)

[0070] The two system state estimates are labeled as x _k and x _{k .} It can be observed from Equation (5) that the state estimate x _k+1 at k + 1th time instance depends on error from both the outputs, i.e., e(y ) and e(y^), since the estimator is designed for both of the sensors as a joint system model. In various example embodiments, Kalman filter is used to estimate the state of the system based on the available output y _k ,

X _f c+i = Ax _k + Bu _k + L _k (y _k - Cx _k ),

Equation (6) with estimated state x _k E R ⁿ , x _t = £ ^' [x(t ₁ )] , E [·] denotes expectation, and gain matrix L _k E M ^nxm . Define the estimation error e _k := x _k — x _{k .} In the Kalman filter, the matrix L _k is designed to minimize the covariance matrix P _k := E [ e _k e _k \ (in the absence of attacks). Given the system model expressed in Equation (1) and the estimator expressed in Equation (6), the estimation error may be governed by the following difference equation,

Equation (7)

[0071] If the pair (A, C) is detectable, the covariance matrix converges to steady state in the sense that lim P _k = P exists. In various example embodiments, it is k co

assumed that the system has reached steady state before an attack occurs. Then, the estimation of the random sequence x _k , k E M may be obtained by the estimator expressed in Equation (6) with P _k and L _k in steady state. It can be verified that, if R ₂ + CPC ^T is positive definite, the following estimator gain

L _k = L -.= (APC ^T XR ₂ + CPC ^T r

Equation (8) leads to the minimal steady state covariance matrix P, with P given by the solution of the algebraic Riccati equation:

APA ^T - P + R ₁ = APC ^T (R ₂ + CPC ^T ) ^~1 CPA ^T .

Equation (9)

[0072] The reconstruction method given by Equations (6) to (9) may be referred to as the steady state Kalman filter.

Attack Detection Framework

[0073] Further details of the attack detection method will now be described according to various example embodiments. The Kalman filter based state estimation may be used to obtain an estimated state of the system, based on which an estimated sensor data (sensor measurement estimate) may then be generated. A residual vector may then be obtained by determining a difference between the actual sensor data (actual sensor measurement) and the estimated sensor data.

[0074] Residual and Noise Fingerprint: Proposition 1. In steady state, the residual vector is a function of sensor and process noise. Considering the process expressed in Equation (1) and the Kalman filter expressed in Equations (6) to (9), the residual vector may be expressed as,

where v _k E R ⁿ is the process noise and ^ e R ^m is the sensor noise.

[0075] Proof. The state estimation error is the difference between real system state and estimated system, state and may be presented as,

ek+ 1— ^X k+1 x k+ 1

Equation (10)

[0076] From the system state as expressed in Equation (1) and the state estimation as expressed in Equation (6), by substituting the equations for x _k+1 and x _k+1 , the following equation may be obtained,

e _k +i = Ax _k + Bu _k + v _k - Ax _k - Bu _k - L(y _k - %)

Equation (11)

[0077] For y _k = Cx _k and y _k = Cx _k , the following equation may be obtained, ^e _k+i = A(x _k - x _k ) + v _k - L(Cx _k + y) _k - Cx _k )

Equation (12)

[0078] As e _k+1 = x _k — x _k the following equations may be obtained,

e _/ c+i = Ae _k + v _k - LCe _k + Lr _k

Equation (13)

Equation (14)

[0079] Accordingly, it has been shown that the residual vector obtained from the system model is a function of process and sensor noise. That is, according to various example embodiments, using system model and system state estimates, it is possible to extract the residual vector, which is a function of the sensor and process noise. After these residual vectors capturing the modelled behaviour (e.g., including sensor and process noise characteristics) of the given networked control system have been obtained, various example embodiments proceed with pattern recognition techniques (e.g. machine learning) to detect anomalies in the networked control system (e.g., sensor attacks).

[0080] Design/Configuration of the Patern Recognition Framework: FIG. 7 depicts a schematic flow diagram 700 illustrating various steps involved in generating a residual-based fingerprint (or sensor and process noise fingerprint) according to various example embodiments of the present invention. According to various example embodiments, the residual information associated with a sensor may be collected and then divided into smaller chunks to extract a set of time domain and frequency domain features for each chunk. The plurality of sets of features may then be combined and labeled with the sensor ID. A machine learning model or algorithm may then be used for sensor classification under normal operation.

[0081] Residual Collection·. After obtaining a system model for a networked control system, for each of the plurality of sensors, a residual vector may be determined in the manner as described hereinbefore. In particular, for each of the plurality of sensors, first residual information and second residual information may be determined, whereby the first residual information associated with the sensor is determined based on the measured sensor data and the first estimated sensor data (i.e., based on the individual system model associated with the sensor) associated with the sensor, and the second residual information associated with the sensor is determined based on the measured sensor data and the second estimated sensor data (i.e., based on the joint system model associated with the plurality of sensors) associated with the sensor. Therefore, according to various embodiments, at least two different types of residual information are determined for each of the plurality of sensors, one based on the individual system model associated with the sensor and another one based on the joint system model associated with the plurality of sensors. Accordingly, residual information may be collected for different types of industrial sensors present in SWaT testbed. Accordingly, for each of the plurality of sensors, a plurality of sets of statistical features may be obtained for the sensor by analyzing the residual vector. For example, when the networked control system is operating, an error in sensor reading may be a combination of sensor noise and process noise (e.g., water sloshing and so on). The collected residual vector associated with the sensor is analyzed, in time and frequency domains. Each sensor may thus be profiled using variance and other statistical features in the residual vector, such as but not limited to, those listed in the table shown in FIG. 8. In relation to the table shown in FIG. 8, vector x is time domain data from the sensor for N elements in the data chunk, vector y is the frequency domain feature of sensor data, yf is the vector of bin frequencies and y _m is the magnitude of the frequency coefficients. A machine learning model or algorithm may then be used to profile sensors based on fresh readings (test data).

[0082] Feature Extraction : Data may be collected from sensors at a sampling rate of one second. Since data is collected over time, raw data may be used to extract time domain features. A Fast Fourier Transform (FFT) algorithm (e.g., as disclosed in P. Welch,“The use of fast fourier transform for the estimation of power spectra: a method based on time averaging over short, modified periodograms,”, IEEE Transactions on audio and electroacoustics, vol. 15, no. 2, pages 70-73, 1967) may be used to convert data to frequency domain and extract the spectral features. By way of an example only and without limitation, in total, as shown in FIG. 8, eight features may be used to construct a fingerprint.

[0083] Data Chunking : As described above, after residual collection, chunks of dataset based on the residual information may be created. By way of an example, experiments were performed on a dataset collected over seven days in SWaT testbed. In various example embodiments, in relation to data chunking, it is determined how much is the sample size to train a well-performing machine learning model and how much data is required to make a decision about presence or absence of an attacker. In various example embodiments, the whole residual dataset (total of N readings) for a sensor may be divided into m chunks (each chunk and a feature set < F( ) > may be determined for each data chunk i. Accordingly, for each sensor, m sets of features < may be obtained. In various example embodiments, a one- class SVM classifier is trained for each sensor for attack detection. In various example embodiments, it is found out empirically that a sample size of 120 readings, i.e., N = 120 gave the best results.

[0084] Size of Training and Testing Dataset : For a total of FS feature sets for each sensor, according to various example embodiments, at first half ( y for training and half for testing were used. To analyze the accuracy of the classifier for smaller feature sets during training phase, the number of feature sets were reduced starting with

FS

— Classification was then carried out for the following corresponding range of feature sets for

respectively. For the classifier, a one-class SVM library was used (e.g., see C.-C. Chang and C.-J. Lin,“LIBSVM: A library for support vector machines,” ACM Transactions on Intelligent Systems and Technology , vol. 2, pp. 27: 1-27:27, 2011), and found that the amount of data does not affect the performance. Moreover, since supervised learning was not used for attack detection according to various example embodiments, therefore, training of the one-class SVM classifier for a sensor is only done on the normal data obtained in relation to the sensor. That is, in various example embodiments, each classifier associated with the sensor is trained using only positive information or the reference (e.g.,“normal”, that is, without attack) class (i.e., the fingerprint obtained during the reference (e.g.,“normal”) operation of the networked control system).

Attack Isolation

[0085] In fault isolation literature, conventional techniques based on multiple observers have been disclosed. Consider the dynamic system as expressed in Equation (1) with p outputs,

Vk = [ ί ί - _' IU = Cx _k

Equation (15) [0086] For the case of an attack on one sensor attack vector S _k ^l ¹ 0 and y _k ^l = C _L x _k + 5 _{k .} Again, referring to the example of two sensors in the water tank example considered hereinbefore. Various example embodiments note that to implement the bank of observers, a first sensor may be dropped at first and a first observer may be designed just using the first sensor (e.g., the flow sensor FIT-101). Then, a second observer may be designed by using a second sensor (e.g., the water level sensor LIT- 101). Now, consider both of the cases one by one:

[0087] Case 1 :

Equation (16) rk = Cx _k - y _k

Equation (17)

[0088] Using the first observer designed for FIT-101 may produce the output as,

[0089] Case 2: Using the second observer designed for LIT-101 may produce the output as,

Equation (19) where d and <5 _; ² are the attack vectors in the first sensor (sensor 1) and the second sensor (sensor 2), respectively. To isolate the attack using a bank of observers, the following conditions may be considered for p sensors,

• Condition 1 : ¹ 0 for one j E (1, 2, ... , i— 1 , i + 1, ... , p), then sensor j is under attack, while sensor i is the one used to design an observer.

• Condition 2: ¹ 0 for one all j e (1, 2, ... , i— 1, i + 1, ... , p), then sensor i is under attack, while sensor i is the one used to design an observer.

[0090] By way of a simple example, two observers as designed in Equations (18) and (19) are considered. In the first case, FIT-101 sensor measurements were used to design an observer and also note that FIT-101 was free of any attacks. This means that, according to the Condition 1 above, the FIT- 101 residual mean should go to zero but for LIT-101, it does not. FIG. 9 shows the results for the Case 1. In particular, FIG. 9 shows that FIT-101 is used for observer design but the attack was in LIT-101. It can be seen that the sensor 1 (FIT- 101) residual does not deviate from the normal residual, while the sensor 2 (LIT-101) residual deviates from the normal operation, hence detecting and isolating the source of attack. For the Case 2, the observer was designed using the LIT-101 and also note that the attack was also present in LIT-101. FIG. 10 shows the results for this case. In particular, FIG. 10 shows that FIT-101 (sensor 1) was used for observer design and the attack was also in LIT-101 (sensor 2). Therefore, both the sensor residuals deviate from the normal pattern. Case 2 satisfies the Condition 2 as stated above and it can been seen that the attack is present in both the sensors as the observer used is the one which has the attack. This means <¾ was 0 and S . was not zero in Equations (18) and (19), respectively.

[0091] However from the results above, various example embodiments note that the bank of observers are not able to detect the case when the attack is in multiple sensors at the same time, e.g., multi-point single-stage attacks in a networked control system. Accordingly, in various example embodiments, a Bank of Models (BoM) is provided to isolate and detect attacks on multiple sensors at the same time in a networked control system.

[0092] Bank of Models (BoM): According to various example embodiments, multiple models of the physical process is created. By way of an example only and without limitation, FIG. 1 1 illustrates an example attack detection (or isolation) method according to various example embodiments of the present invention.

[0093] In particular, for each of the plurality of sensors, first estimated sensor data (e.g., Y _BOM ) based on an individual system model associated with the sensor is determined. Furthermore, for each of the plurality of sensors, second estimated sensor data (e.g., j _oint ) based on a joint system model associated with the plurality of sensors is determined. In this regard, the individual system model associated with the sensor is a process representation of the networked control system (e.g., captures the dynamics of the physical process of the networked control system) and has an output corresponding to an output (sensor data output) of the sensor. The joint system model associated with the plurality of sensors is a process representation of the networked control system (e.g., captures the dynamics of the physical process of the networked control system) and has a plurality of outputs corresponding to a plurality of outputs (sensor data outputs) of the plurality of sensors, respectively. In various embodiments, the individual system model has only one output, and thus may be referred to as a single output individual system model. In various embodiments, the joint system model has a plurality of outputs, and thus may be referred to as a multi -output joint system model. Accordingly, according to various example embodiments, a plurality of individual system models for the plurality of sensors may be generated, which may herein be referred to as a bank of models. Furthermore, as described above, the above-mentioned joint system model associated with the plurality of sensors is generated. In this regard, the above-mentioned joint system model and the above-mentioned plurality of individual system models may be referred to herein as an ensemble or collection of models, according to various example embodiments of the present invention.

[0094] Subsequently, for each of the plurality of sensors, first residual information (e.g., r _BoM ) associated with the sensor may be determined based on the measured sensor data (e.g., y _B ^l _0M ) ^ar| d the first estimated sensor data ( B _O M) associated with the sensor. Similarly, for each of the plurality of sensors, second residual information (e.g., r _oint ) associated with the sensor may be determined based on the measured sensor data (e.g., y join _t ) ^ar| d the second estimated sensor data (yjoin _t ) associated with the sensor. For each of the plurality of sensors, whether the sensor is subject to an attack may then be detected (e.g., identified) based on the first residual information (e.g., r _BoM ) and the second residual information (e.g., r _oint ) associated with the sensor.

[0095] Accordingly, at least two different types of residual information for each of the plurality of sensors may be determined, one based on the individual system model associated with the sensor and another one based on the joint system model associated with the plurality of sensors. Such a technical approach or solution has been found to advantageously address the attack isolation problem (including the above-mentioned problem associated with the bank of observers), thereby facilitating or enabling the detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack in an efficient and effective manner.

[0096] For each of the plurality of sensors, the first residual information associated with the sensor may be determined based on a difference between the measured sensor data and the first estimated sensor data associated with the sensor, and for each of the plurality of sensors, the second residual information associated with the sensor is determined based on a difference between the measured sensor data and the second estimated sensor data associated with the sensor.

[0097] For each of the plurality of sensors, a first collection of statistical features may be extracted from the first residual information associated with the sensor, and a first fingerprint associated with the sensor may be formed comprising the first collection of statistical features. Similarly, for each of the plurality of sensors, a second collection of statistical features may be extracted from the second residual information associated with the sensor, and a second fingerprint associated with the sensor may be formed comprising the second collection of statistical features. In this manner, each sensor may be profiled based on variance and other statistical features in the first residual information associated with the sensor for forming the first fingerprint associated with the sensor, and also separately profiled based on variance and other statistical features in the second residual information associated with the sensor for forming the second fingerprint associated with the sensor.

[0098] Whether the sensor is subject to an attack may be detected based on the first residual information associated with the sensor using a first classifier (e.g., r^ _oM Attack ) associated with the sensor and based on the second residual information associated with the sensor using a second classifier (e.g., r _oint Attack ) associated with the sensor.

[0099] The first classifier associated with the sensor may be trained based on a first reference fingerprint associated with the sensor, the first reference fingerprint formed based on first reference residual information associated with the sensor, and the first reference residual information associated with the sensor determined based on reference measured sensor data obtained during a reference operation (e.g., under “normal” operation, that is, without attack) of the networked control system and first reference estimated sensor data associated with the sensor determined based on the individual system model associated with the sensor during the reference operation of the networked control system. The first reference fingerprint formed for the sensor may be labelled with an identity of the sensor (e.g., sensor ID) that enables identification of the sensor.

[00100] The second classifier associated with the sensor is trained based on a second reference fingerprint associated with the sensor, the second reference fingerprint formed based on second reference residual information associated with the sensor, and the second reference residual information associated with the sensor determined based on the reference measured sensor data obtained during the reference operation of the networked control system and second reference estimated sensor data associated with the sensor determined based on the joint system model associated with the plurality of sensors during the reference operation of the networked control system. The second reference fingerprint formed for the sensor may be labelled with an identity of the sensor (e.g., sensor ID) that enables identification of the sensor.

[00101] The first reference fingerprint may comprise a first reference collection of statistical features extracted from the first reference residual information associated with the sensor, and the second reference fingerprint may comprise a second reference collection of statistical features extracted from the second reference residual information associated with the sensor.

[00102] The sensor is detected to be subject to an attack if the first classifier and the second classifier both classify the sensor as being subject to an attack (e.g., r^ _oM Attack = True and e.g., r _j ^l _oint Attack = True). That is, the sensor is only detected to be subject to an attack if both the first classifier and the second classifier return a positive indication of an attack on the sensor. Therefore, the sensor is not detected to be subject to an attack if only one or none of the first classifier and the second classifier is detected to be subject to an attack.

[00103] By way of an example only and without limitation, for example, assuming two sensors which are physically coupled as in the example of FIT-101 and LIT-101 as described hereinbefore, then three different system models may be generated, namely, a joint system model having two outputs corresponding to two outputs of the two sensors (e.g., FIT-101 and LIT-101), a first individual system model having one output (only) corresponding to the output of one of the sensors (e.g., FIT-101) and a second individual system model having (only) one output (only) corresponding to the output of the other sensor (e.g., LIT-101). The two individual system models associated with the two sensors may be referred to as a BoM. Furthermore, the joint system model and the two individual system models may collectively be referred to as an ensemble of models. In various example embodiments, the ensemble of models may be used to isolate attacks in a networked control system. For example, by having the BoM, various example embodiments advantageously decouple the sensors from each other. Furthermore, in various example embodiments, the joint system model is used in addition to the BoM (i.e., collectively as an ensemble of models) to improve the accuracy of attack detection, as well as to isolate the attack (identifying sensor(s) under attack).

Attacker and Attack Model

[00104] In various example embodiments, specific cyber and physical attacks on sensor measurements in a networked sensor system are considered, such as shown in FIG. 6. By way of examples only, the types of attacks launched on the water treatment testbed (SWaT) are introduced. Essentially, the attacker model encompasses the attacker’s intentions and its capabilities. The attacker may choose its goals from a set of intentions, including performance degradation, disturbing a physical property of the system, or damaging a component.

[00105] Assumptions on Attacker: It is assumed that the attacker has access to y _{k i} = C _t x _k + h i (i.e., the opponent has access to sensor measurements). Also, the attacker knows the system dynamics, the state space matrices, the control inputs and outputs, and the implemented detection procedure.

[00106] Attack Scenarios - Data Injection Attacks: For data injection attacks, it is considered that an attacker injects or modifies the real sensor measurement. The attacker’s goal is to deceive the control system by sending incorrect sensor measurements. In this scenario, the level sensor measurements may be increased, while the actual tank level is invariant. For example, this makes the controller think that the attacked values are true sensor readings, and hence, the water pump keeps working until the tank is empty and cause the pump to burn out. The attack vector may be defined as,

y _k = _{k +} s _k,

Equation (20) where 5 _k is the bias injected by the attacker.

[00107] Attack Execution: All the attacks taken from reference work, J. Goh, S. Adepu, K. N. Junejo, and A. Mathur,“A dataset to support research in the design of secure water treatment systems,” in Critical Information Infrastructures Security , G. Havameanu, R. Setola, H. Nassopoulos, and S. Wolthusen, Eds. Cham: Springer International Publishing, 2017, pp. 88-99, are executed by compromising the Supervisory Control and Data Acquisition (SCADA) system. An attack toolbox was used to inject an arbitrary value for real sensor measurement. Evaluation

[00108] The performance is evaluated in three areas, namely, attack detection, attack isolation and the improvement in attack detection rate.

[00109] In relation to attack detection, to show the performance of attack detector, True Positive Rate (TPR: meaning attack data declared as attack or attack detected successfully) and True Negative Rate (TNR: normal data declared as attack or normal data classified successfully) were used. Attack detection results are provided in the table shown in FIG. 12. For each sensor in the SWaT testbed, attack sequences are shown. These attack sequences and attacked dataset were obtained from already published benchmark attacks, such as disclosed in the above-mentioned reference work, Goh et al, and/or Y. Chen, C. M. Poskitt, and J. Sun,“Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system,” IEEE Security and Privacy 2018, vol. abs/1801.00903, 2018. A high TPR and TNR can be observed, indicating the effectiveness of the attack detection method according to various example embodiments. Various example embodiments note that, as described hereinbefore, the technique based on a joint system model exhibits a strong coupling between inputs and outputs of a system. If attacks are executed on water level sensors, the effect on associated flow meter and vice versa can be observed. This indicates the coupling due to the laws of physics even though the sensors were of different types. Column 3 and 4 of the table in FIG. 12 indicates this result in form of TNR-Joint and TPR-Joint, respectively. For LIT-101, it can be seen that the TPR is 100%, however, it can be observed that the attack detection TPR for FIT-101 is 88.88% while there were no attacks carried out on FIT-101. Column 5 and 6 of the table in FIG. 12 depict results for the case having a separate system model for each sensor labeled as TNR-BoM and TPR-BoM, respectively. It can be seen that these two single models can help in detecting attacks just in LIT-101 and none in FIT-101 as expected.

[00110] In relation to attack isolation, the attack isolation performance has been shown in the table in FIG. 12 using a separate model for each sensor. For illustration purpose, FIGs. 13 A and 13B show two example attacks and the coupling effects. In particular, FIGs. 13 A and 13B shows how two different attacks on two different sensors are reflected in residuals of both the sensors due to the physical coupling. Attack 1 was carried out on the flow meter (FIT-101) by spoofing the flow value to 4m ³ /hr as shown in FIG. 13B and this attack can be observed in the residual value on the right-hand side of FIG. 13B. However, attack 1 can be seen in FIG. 13A in the level sensor (LIT- 101) as well. The Attack 2 was carried out on the level sensor by spoofing the water level value as shown in FIG. 13 A. This attack can be seen in the residual of the level sensor (LIT-101) in FIG. 13A and also on the right-hand side of FIG. 13B in the flow sensor FIT-101 residual. In FIGs. 14A and 14B, it can be seen that separate system models for both the sensors were able to isolate both the attacks. In particular, both the attacks as shown FIGs. 13 A and 13B are shown but for the case when two separate models are generated for the two sensors. It can be observed that the attacks are isolated to the particular sensor under attack. For example, Attack 1 only appears in the residual of FIT-101 and Attack 2 is detected only by LIT-101.

[00111] In relation to the improvement in attack detection rate (or reduction in false alarm rate via ensemble), from the results above, it can be observed that the bank of models (BoM) can detect, as well as isolate, the attacks on the sensors. According to various example embodiments, more information were utilized by combining the BoM and the Joint model (ensemble model), such as described with reference to FIG. 11. In this regard, the last two columns in the table shown in FIG. 12 presents the results for the ensemble model. It can be seen that using the information about residual vectors from two different types of models and obtaining an ensemble advantageously increases the information at hand and results in reduced false alarms. For example, observing column TNR-Ensemble and comparing with other TNR columns in FIG. 12 demonstrates that the false alarm rate has significantly reduced.

Discussion

[00112] TPR and TNR Accuracy: A reason for low TPR and TNR in some cases may be that as soon as an attack has ended, the behaviour/ground truth was considered to be as normal operation. But the attack detection system still raise alarms and these alarms are treated as false positives. In practice, this is the time required by the networked control system to return to a normal operating range. Moreover, since that is not recorded as a rightful attack detection, then it is also counted as wrongful TNR, thereby reducing the TNR. For example, as shown in FIG. 15, it can be observed that as soon as attack is removed, post-attack effects can be observed which persist for some time. In this region, the attack is assumed to be over but due to attack-effects, the attack detection system according to various example embodiments keep raising an alarm, thus reducing the TNR value. [00113] Therefore, using the bank of models (BoM) according to various example embodiments, the attack isolation problem on multiple sensors at a time is addressed. Furthermore, using the ensemble of models according to various example embodiments, the attack detection accurate (e.g., TNR and TPR accuracies) is advantageously improved. Accordingly, the attack detection method according to various example embodiments advantageously address the attack isolation problem in an efficient and effective manner, thereby enabling or facilitating detection (e.g., identification) of one or more sensors in a sensor network being subject to an attack, such as in a complex industrial control system.

[00114] While embodiments of the invention have been particularly shown and described with reference to specific embodiments, it should be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. The scope of the invention is thus indicated by the appended claims and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced.