•This paper analyses and classifies existing researches on the security of cyber-physical systems.•Philosophical issues of cyber-physical systems are raised and discussed.•The principle of ...cyber-physical system operation is described.•This paper proposes a tree of attacks on cyber-physical systems.
The creation of cyber-physical systems posed new challenges for people. Ensuring the information security of cyber-physical systems is one of the most complex problems in a wide range of defenses against cyber-attacks. The aim of this paper is to analyse and classify existing research papers on the security of cyber-physical systems. Philosophical issues of cyber-physical systems are raised. Their influence on the aspects of people's lives is investigated. The principle of cyber-physical system operation is described. The main difficulties and solutions in the estimation of the consequences of cyber-attacks, attacks modeling and detection and the development of security architecture are noted. The main types of attacks and threats against cyber-physical systems are analysed. A tree of attacks on cyber-physical systems is proposed. The future research directions are shown.
The rapid convergence of legacy industrial infrastructures with intelligent networking and computing technologies (e.g., 5G, software-defined networking, and artificial intelligence), have ...dramatically increased the attack surface of industrial cyber-physical systems (CPSs). However, withstanding cyber threats to such large-scale, complex, and heterogeneous industrial CPSs has been extremely challenging, due to the insufficiency of high-quality attack examples. In this article, we propose a novel federated deep learning scheme, named DeepFed, to detect cyber threats against industrial CPSs. Specifically, we first design a new deep learning-based intrusion detection model for industrial CPSs, by making use of a convolutional neural network and a gated recurrent unit. Second, we develop a federated learning framework, allowing multiple industrial CPSs to collectively build a comprehensive intrusion detection model in a privacy-preserving way. Further, a Paillier cryptosystem-based secure communication protocol is crafted to preserve the security and privacy of model parameters through the training process. Extensive experiments on a real industrial CPS dataset demonstrate the high effectiveness of the proposed DeepFed scheme in detecting various types of cyber threats to industrial CPSs and the superiorities over state-of-the-art schemes.
Cyber-physical systems (CPS) have gained an increasing attention recently for their immense potential towards the next generation smart systems that integrate cyber technology into the physical ...processes. However, CPS did not initiate either smart factories or smart manufacturing, and vice versa. Historically, the smart factory was initially studied with the introduction of the Internet of Things (IoT) in manufacturing, and later became a key part of Industry 4.0. Also emerging are other related models such as cloud manufacturing, social manufacturing and proactive manufacturing with the introduction of cloud computing (broadly, the Internet of Services, IoS), social networking (broadly, the Internet of People, IoP) and big data (broadly, the Internet of Content and Knowledge, IoCK), respectively. At present, there is a lack of a systemic and comprehensive study on the linkages and relations between these terms. Therefore, this study first presents a comprehensive survey and analysis of the CPS treated as a combination of the IoT and the IoS. Then, the paper addresses CPS-based smart manufacturing as an eight tuple of
CPS,
IoT
,
IoS
and
IoCK
as elements. Further, the paper extends the eight-tuple CPS-based manufacturing to social-CPS (SCPS)-based manufacturing, termed wisdom manufacturing, which forms a nine tuple with the addition of one more element, the
IoP
and which is based on the
SCPS
instead of
CPS
. Both architectures and characteristics for smart and wisdom manufacturing are addressed
.
As such, these terms’ linkages are established and relations are clarified with a special discussion. This study thus contributes as a theoretical basis and as a comprehensive framework for emerging manufacturing integration.
With the advent of 5G, cyber-physical systems (CPSs) employed in the vertical industries and critical infrastructures will depend on the cellular network more than ever; making their attack surface ...wider. Hence, guarding the network against cyberattacks is critical not only for its primary subscribers but to prevent it from being exploited as a proxy to attack CPSs. In this article, we propose a consolidated framework, by utilizing deep convolutional neural networks (CNNs) and real network data, to provide early detection for distributed denial-of-service (DDoS) attacks orchestrated by a botnet that controls malicious devices. These puppet devices individually perform silent call, signaling, SMS spamming, or a blend of these attacks targeting call, Internet, SMS, or a blend of these services, respectively, to cause a collective DDoS attack in a cell that can disrupt CPSs' operations. Our results demonstrate that our framework can achieve higher than 91\% normal and underattack cell detection accuracy.
With increasing diverse product demands, the manufacturing paradigm has been transformed into a mass-individualized one, among which one bottleneck is to achieve the interoperability between physical ...world and the digital world of manufacturing system for the intelligent organizing of resources. This paper presents a digital twin-driven manufacturing cyber-physical system (MCPS) for parallel controlling of smart workshop under mass individualization paradigm. By establishing cyber-physical connection via decentralized digital twin models, various manufacturing resources can be formed as dynamic autonomous system to co-create personalized products. Clarification on the MCPS concept, characteristics, architecture, configuration, operating mechanism and key enabling technologies are elaborated, respectively. A demonstrative implementation of the digital twin-driven parallel controlling of board-type product smart manufacturing workshop is also presented. It addresses a bi-level online intelligence in proactive decision making for the organization and operation of manufacturing resources.
Smart buildings today are aimed at providing safe, healthy, comfortable, affordable, and beautiful spaces in a carbon and energy-efficient way. They are emerging as complex cyber-physical systems ...with humans in the loop. Cost, the need to cope with increasing functional complexity, flexibility, fragmentation of the supply chain, and time-to-market pressure are rendering the traditional heuristic and ad hoc design paradigms inefficient and insufficient for the future. In this paper, we present a platform-based methodology for smart building design. Platform-based design (PBD) promotes the reuse of hardware and software on shared infrastructures, enables rapid prototyping of applications, and involves extensive exploration of the design space to optimize design performance. In this paper, we identify, abstract, and formalize components of smart buildings, and present a design flow that maps high-level specifications of desired building applications to their physical implementations under the PBD framework. A case study on the design of on-demand heating, ventilation, and air conditioning (HVAC) systems is presented to demonstrate the use of PBD.
This paper studies the problem of sensor attack detection for a class of cyber-physical systems with bounded perturbations. A novel attack detection method is proposed based on zonotopic reachability ...analysis. A false data injection attack is detected if there is no intersection between the predicted state set and the measurement state set. These sets are online calculated via zonotopic segments minimization. Two approaches, namely, projection and polytopic conversion, are presented to check the intersection situation. The detection performance is quantified using a stealthy attack set and the corresponding state estimation error set. Further, we consider replay attacks. To detect a replay attack, a watermark signal based active detection mechanism is introduced. Numerical simulations are conducted to demonstrate the validity of the proposed method.
In the state-of-the-art literature on cryptography and control theory, there has been no systematic methodology of constructing cyber-physical systems that can achieve the desired control performance ...while being protected against eavesdropping attacks. In this article, we tackle this challenging problem. We first propose two novel notions referred to as sample identifying complexity and sample deciphering time in an encrypted control framework. The former explicitly captures the relation between the dynamical characteristics of control systems and the level of identifiability of the systems while the latter shows the relation between the computation time for the identification and the key length of a cryptosystem. Based on these two tractable new notions, we propose a systematic method for designing both of an optimal key length to prevent system identification with a given precision within a given life span of systems and of an optimal controller to maximize both of the control performance and the difficulty of the identification. The efficiency of the proposed method in terms of security level and realtime-ness is investigated through numerical simulations. To the best of our knowledge, this article first connects the relationship between the security of cryptography and dynamical systems from a control-theoretic perspective.
Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management ...functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber-physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners-This article was motivated by the challenge of real-time anomaly detection in industrial cyber-physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.
The intelligent industrial environment developed with the support of the new generation network cyber-physical system (CPS) can realize the high concentration of information resources. In order to ...carry out the analysis and quantification for the reliability of CPS, an automatic online assessment method for the reliability of CPS is proposed in this article. It builds an evaluation framework based on the knowledge of machine learning, designs an online rank algorithm, and realizes the online analysis and assessment in real time. The preventive measures can be taken timely, and the system can operate normally and continuously. Its reliability has been greatly improved. Based on the credibility of the Internet and the Internet of Things, a typical CPS control model based on the spatiotemporal correlation detection model is analyzed to determine the comprehensive reliability model analysis strategy. Based on this, in this article, we propose a CPS trusted robust intelligent control strategy and a trusted intelligent prediction model. Through the simulation analysis, the influential factors of attack defense resources and the dynamic process of distributed cooperative control are obtained. CPS defenders in the distributed cooperative control mode can be guided and select the appropriate defense resource input according to the CPS attack and defense environment.
PDF
