(235d) Controller Switching to Facilitate the Detection of Multiplicative Cyberattacks on Nonlinear Process Systems

In the past decade, industrial control systems such as process control systems (PCSs) have been the targets of frequent and sophisticated cyberattacks [1]. These attacks have demonstrated that cyberattackers are highly adept in designing targeted cyberattacks and skirting existing information technology infrastructure-based cybersecurity measures. This has resulted in an increased focus on controller-based approaches for enhancing the cyberattack resilience of a PCS against targeted attacks. Several approaches for achieving cyberattack resilience have been explored (e.g., [2]-[6]). Some approaches presented consider inherently secure control design (e.g., [2]) and cyberattack detection, identification, and mitigation strategies [3]-[7].

Attack detection approaches seek to detect the presence of a cyberattack on the PCS. Attack detection approaches may be broadly classified as either passive or active. Passive attack detection approaches detect attacks without utilizing an external intervention [4]. Residual-based detection schemes are one such type of passive detection schemes that monitor a process for anomalies based on a residual (defined as the difference between the measured output and its estimate). Residual-based detection schemes have been used extensively for process monitoring [8], and have been applied for attack detection [9]. In contrast to passive schemes, active attack detection schemes detect attacks by means of an external intervention or perturbation to the process [5], [6], [10]. Active detection methods are particularly useful when the process is subjected to stealthy attacks. An example are false data injection (FDI) attacks that replace the operational data being communicated over the PCS communication channels with altered data. Stealthy FDI attacks may be designed to inject data that mimics the normal process operational data and may compromise process operation while evading detection by passive detection schemes [6]. To enable the detection of such stealthy attacks, active detection methods may be utilized.

Multiplicative FDI attacks alter the data communicated over the controller communication channels by multiplying a factor to the process data. Multiplicative FDI attacks may be designed to be stealthy without requiring extensive process knowledge. In [9], the detectability of such attacks with respect to a residual-based detection scheme was analyzed. However, as revealed by the analysis in [9], multiplicative FDI attacks may not always be detected by a passive residual-based detection scheme. This motivated the development of an active methodology for the detection of multiplicative FDI attacks in linear processes [10]. The developed methodology utilizes occasional switching between nominal and attack-sensitive control modes to facilitate the detection of an attack. The design of the nominal and attack sensitive control modes rests on a rigorous characterization of the intrinsic relationship between the control system parameters, closed-loop stability, and attack detectability with respect to a passive residual-based detection scheme. However, chemical processes are characterized by strong nonlinear dynamics. At this point, an explicit characterization of the relationship between the control system design, closed-loop stability and attack detectability for nonlinear processes has not been addressed. Moreover, the majority of works on the design of cyberattack detection schemes consider linear systems (e.g., [4]-[6], [9],[10]).

This work presents an active methodology for the detection of multiplicative FDI attacks in nonlinear process systems. Initially, a nonlinear controller that stabilizes the closed-loop system in the absence of attacks is designed. The controller is implemented using state estimates generated by a suitable nonlinear observer which is also used for residual generation and process monitoring purposes. Then, the relationship between the control system design, closed-loop stability and attack detectability with respect to a residual-based detection scheme is characterized. The resulting characterization is used to design an “attack-sensitive” control mode under which an attack destabilizes the closed-loop system and can therefore be more easily detected. The key idea is to facilitate attack detection by occasional switching between the nominal control system (chosen to meet standard control design criteria) and the attack-sensitive control system (chosen to render attacks detectable). Finally, the proposed active detection methodology is applied to a chemical process example to demonstrate the enhanced detection capabilities compared to those of passive detection schemes.

References:

[1] J. Slowik, “Evolution of ICS attacks and the prospects for future disruptive events”, Technical report, Threat Intelligence Centre Dragos Inc., 2019.

[2] H. Durand, “State measurement spoofing prevention through model predictive control design,” In Proceedings of the 6th IFAC Conference on Nonlinear Model Predictive Control, volume 51, pp. 543 – 548, Madison, WI, USA, 19-22 August 2018.

[3] D. Zhang, Q. G. Wang, G. Feng, Y. Shi, and A. V. Vasilakos, “ A survey on attack detection, estimation and control of industrial cyber–physical systems,” ISA transactions, vol. 116, pp. 1-16, 2021.

[4] D. D. Nguyen, and M.H., Do, “Two methods for detecting the linear attack on SCADA systems,” In Proceedings of the International Conference on Engineering Research and Applications, pp. 929-940, Thai Nguyen, Vietnam, 1-2 December 2021.

[5] G. Na and Y. Eun, “A multiplicative coordinated stealthy attack and its detection for cyber physical systems”, In Proceedings of the IEEE Conference on Control Technology and Applications, pp. 1698–1703, Copenhagen, Denmark, 21-24 August 2018.

[6] S. Weerakkody, O. Ozel, P. Griffioen, B. Sinopoli, “Active detection for exposing intelligent attacks in control systems,” In Proceedings of the IEEE Conference on Control Technology and Applications, pp. 1306–1312, Hawai’i, USA, 27-30 August, 2017.

[7] Zedan, A. and N. H. El-Farra, “A machine-learning approach for identification and mitigation of cyberattacks in networked process control systems,” Chemical Engineering Research and Design, 176: 102-115, 2021.

[8] P. M. Frank, X. Ding, “Survey of robust residual generation and evaluation methods in observer-based fault detection systems, “ Journal of Process Control 7 (6) (1997) 403–424.

[9] S. Narasimhan, N. H. El-Farra, and M. J. Ellis, “Detectability-based controller design screening for processes under multiplicative cyberattacks,” AIChE Journal, 68:e17430, 2022.

[10] S. Narasimhan, N. H. El-Farra, and M. J. Ellis. “Active multiplicative cyberattack detection utilizing controller switching for process systems,” Submitted.