Research On Data Injection Attack And Detection In Cyber-Physical Systems

With the rapid development of information technology,connecting everything with internet is occurring.Especially,traditional physical system and cyber system are fast merged and Cyber-Physical System(CPS)is formed.Many large-scale CPSs such as smart grid,smart transportation system,and smart factory,have been widely deployed and provide highly efficient services for users.However,CPSs also confront serious cyber threat because of their high openness.Especially,it is easy to launch false data injection(FDI)attack to cause the serious degradation of system performance or the disruption of physical systems.FDI refers to the attack intruding the cyber system to modify sensory data or command signals to conduct the disruption of physical systems.Currently,the research on FDI attacks mainly pays attention to how to inject bad data with going undetected by the status estimator under different applications and focuses on the effective detection methods for remedying shortages of status estimator.However,researchers do not pay attention to the work about long-term attacks,FDI attacks by modifying control signals,and collaborative attacks.In this thesis,we focus on new attack schemes of FDI and novel detection methods.We mainly develop new attack models about advanced FDI attack,collaborative attack,and false command disaggregation attack,and propose novel and effective detection methods.Our work can enhance the security of CPSs.Our work and contributions are described as follows.1.Considering the harmfulness of successive attack and lack of attention about continuously injecting bad sensory data,we propose the advanced FDI model.Attackers with less knowledge analyze history data to obtain system parameters and compute the corresponding injected bad sensory data,leading to long-term performance degradation or system faults with going undetected.Simulation experiments demonstrate that advanced FDI attack can effectively evade the detection of existing detection methods and cause long-term performance degradation or system faults.2.Considering the situation that the existing detection methods are ineffective to detect advanced FDI attacks,we propose a novel detection method utilizing machine learning with first difference for detecting attacks.The detection method simultaneously collects constant sensory data and discrete command signals,and changes control signals as constant values to obtain a 2-classifier by training history data.The 2-classifier detects data in real time.Simulation experiments demonstrate that the proposed detection method is effective to identify advanced FDI attacks.3.Considering the harmfulness of modifying control commands and lack of importance about command data injection attacks,we propose the false command disaggregation attack.We present two feasible attack modes: wrong command disorders and false command allocation.We also discuss three kinds of feasible attack models to implement two attack modes.The simulation experiments demonstrate that command disaggregation attacks can cause serious harmfulness for the physical process.4.Considering the existing detection methods are ineffective to identify command disaggregation attacks,we design a novel detection method based on correlations between commands and sub-commands.The algorithms of correlation mining are also discussed.The simulation experiments demonstrate that the detection method is effective to detect command disaggregation attacks.5.Considering the harmfulness of collaborative attacks and lack of importance about collaborative attacks,we propose the collaborative attack strategy that modifies sensory data and changes control signals.Standing on the point of attackers,in the scenario of smart grid,we propose an attack model of modifying control signals to disrupt the physical process and injecting sensory data to hide the attack trace.The attack is called successive direct load altering attack.Moreover,we also discuss how to execute the optimal attack strategy.The simulation experiments demonstrate that the collaborative attacks can better hide attack traces and cause greater impact on the physical process.6.Because the existing detection methods cannot effectively detect the collaborative attack,we propose a novel approach based on correlations of event and time series to solve the problem.This approach analyzes correlations between time series and events to detect and locate attacks.To fast mine correlations,we design the correlation mining algorithm based on greedy rules.We also discuss how to detect attacks and locate objects under single attacks by utilizing correlations.Considering the possibility that multiple attacks may be launched,we construct the causal network model utilizing correlations and propose the causal-network algorithm to locate attack objects under multiple attacks.