Real-time detection of deception attacks in cyber-physical systems

Real-time detection of deception attacks in cyber-physical systems

Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sen...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2023-10, Vol.22 (5), p.1099-1114
Hauptverfasser: Cai, Feiyang, Koutsoukos, Xenofon
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Autonomous cars
Autonomous vehicles
Braking systems
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cyber-physical systems
Datasets
Deception
Management of Computing and Information Systems
Networks
Neural networks
Operating Systems
Real time
Recurrent neural networks
Sensors
Sequences
Simulation
Special Issue Paper
Water treatment
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1114
container_issue 5
container_start_page 1099
container_title International journal of information security
container_volume 22
creator Cai, Feiyang
Koutsoukos, Xenofon
description Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.
doi_str_mv 10.1007/s10207-023-00677-z
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2868479611</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2868479611</sourcerecordid><originalsourceid>FETCH-LOGICAL-c314t-dc0f02b42a9ce600ce8f3b5ffc70cf2fd2011fc3d4e884aee2c1ac8cac35b2673</originalsourceid><addsrcrecordid>eNp9kEtPwzAQhC0EEqXwBzhF4mxYO4mdHqHiJVVCQnC2nM0aUpoHtntIfz2hQXDjtDPSzKz0MXYu4FIA6KsgQILmIFMOoLTmuwM2E0rkPJcaDn-1ksfsJIQ1gBSwEDN280x2w2PdUFJRJIx11yadGw1Svzc2RosfIanbBIeSPO_fh1Cj3SRhCJGacMqOnN0EOvu5c_Z6d_uyfOCrp_vH5fWKYyqyyCsEB7LMpF0gKQCkwqVl7hxqQCddJUEIh2mVUVFklkiisFigxTQvpdLpnF1Mu73vPrcUoll3W9-OL40sVJHphRJiTMkphb4LwZMzva8b6wcjwHyzMhMrM7Iye1ZmN5bSqRTGcPtG_m_6n9YXSwZuAw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2868479611</pqid></control><display><type>article</type><title>Real-time detection of deception attacks in cyber-physical systems</title><source>SpringerLink Journals</source><source>Business Source Complete</source><creator>Cai, Feiyang ; Koutsoukos, Xenofon</creator><creatorcontrib>Cai, Feiyang ; Koutsoukos, Xenofon</creatorcontrib><description>Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-023-00677-z</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Anomalies ; Autonomous cars ; Autonomous vehicles ; Braking systems ; Coding and Information Theory ; Communications Engineering ; Computer Communication Networks ; Computer Science ; Cryptology ; Cyber-physical systems ; Datasets ; Deception ; Management of Computing and Information Systems ; Networks ; Neural networks ; Operating Systems ; Real time ; Recurrent neural networks ; Sensors ; Sequences ; Simulation ; Special Issue Paper ; Water treatment</subject><ispartof>International journal of information security, 2023-10, Vol.22 (5), p.1099-1114</ispartof><rights>The Author(s), under exclusive licence to Springer-Verlag GmbH, DE 2023 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.. corrected publication 2023</rights><rights>The Author(s), under exclusive licence to Springer-Verlag GmbH, DE 2023 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. corrected publication 2023.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c314t-dc0f02b42a9ce600ce8f3b5ffc70cf2fd2011fc3d4e884aee2c1ac8cac35b2673</cites><orcidid>0000-0002-1486-0971</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-023-00677-z$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-023-00677-z$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Cai, Feiyang</creatorcontrib><creatorcontrib>Koutsoukos, Xenofon</creatorcontrib><title>Real-time detection of deception attacks in cyber-physical systems</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.</description><subject>Anomalies</subject><subject>Autonomous cars</subject><subject>Autonomous vehicles</subject><subject>Braking systems</subject><subject>Coding and Information Theory</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Cryptology</subject><subject>Cyber-physical systems</subject><subject>Datasets</subject><subject>Deception</subject><subject>Management of Computing and Information Systems</subject><subject>Networks</subject><subject>Neural networks</subject><subject>Operating Systems</subject><subject>Real time</subject><subject>Recurrent neural networks</subject><subject>Sensors</subject><subject>Sequences</subject><subject>Simulation</subject><subject>Special Issue Paper</subject><subject>Water treatment</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNp9kEtPwzAQhC0EEqXwBzhF4mxYO4mdHqHiJVVCQnC2nM0aUpoHtntIfz2hQXDjtDPSzKz0MXYu4FIA6KsgQILmIFMOoLTmuwM2E0rkPJcaDn-1ksfsJIQ1gBSwEDN280x2w2PdUFJRJIx11yadGw1Svzc2RosfIanbBIeSPO_fh1Cj3SRhCJGacMqOnN0EOvu5c_Z6d_uyfOCrp_vH5fWKYyqyyCsEB7LMpF0gKQCkwqVl7hxqQCddJUEIh2mVUVFklkiisFigxTQvpdLpnF1Mu73vPrcUoll3W9-OL40sVJHphRJiTMkphb4LwZMzva8b6wcjwHyzMhMrM7Iye1ZmN5bSqRTGcPtG_m_6n9YXSwZuAw</recordid><startdate>20231001</startdate><enddate>20231001</enddate><creator>Cai, Feiyang</creator><creator>Koutsoukos, Xenofon</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-1486-0971</orcidid></search><sort><creationdate>20231001</creationdate><title>Real-time detection of deception attacks in cyber-physical systems</title><author>Cai, Feiyang ; Koutsoukos, Xenofon</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c314t-dc0f02b42a9ce600ce8f3b5ffc70cf2fd2011fc3d4e884aee2c1ac8cac35b2673</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Anomalies</topic><topic>Autonomous cars</topic><topic>Autonomous vehicles</topic><topic>Braking systems</topic><topic>Coding and Information Theory</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Cryptology</topic><topic>Cyber-physical systems</topic><topic>Datasets</topic><topic>Deception</topic><topic>Management of Computing and Information Systems</topic><topic>Networks</topic><topic>Neural networks</topic><topic>Operating Systems</topic><topic>Real time</topic><topic>Recurrent neural networks</topic><topic>Sensors</topic><topic>Sequences</topic><topic>Simulation</topic><topic>Special Issue Paper</topic><topic>Water treatment</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Cai, Feiyang</creatorcontrib><creatorcontrib>Koutsoukos, Xenofon</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Criminal Justice Database</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Cai, Feiyang</au><au>Koutsoukos, Xenofon</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Real-time detection of deception attacks in cyber-physical systems</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2023-10-01</date><risdate>2023</risdate><volume>22</volume><issue>5</issue><spage>1099</spage><epage>1114</epage><pages>1099-1114</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-023-00677-z</doi><tpages>16</tpages><orcidid>https://orcid.org/0000-0002-1486-0971</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2023-10, Vol.22 (5), p.1099-1114
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_journals_2868479611
source SpringerLink Journals; Business Source Complete
subjects Anomalies
Autonomous cars
Autonomous vehicles
Braking systems
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cyber-physical systems
Datasets
Deception
Management of Computing and Information Systems
Networks
Neural networks
Operating Systems
Real time
Recurrent neural networks
Sensors
Sequences
Simulation
Special Issue Paper
Water treatment
title Real-time detection of deception attacks in cyber-physical systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T07%3A33%3A32IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Real-time%20detection%20of%20deception%20attacks%20in%20cyber-physical%20systems&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Cai,%20Feiyang&rft.date=2023-10-01&rft.volume=22&rft.issue=5&rft.spage=1099&rft.epage=1114&rft.pages=1099-1114&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-023-00677-z&rft_dat=%3Cproquest_cross%3E2868479611%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2868479611&rft_id=info:pmid/&rfr_iscdi=true