| As the rapid integration of computer and communication system with physical world,the emergence of cyber physical systems(CPSs)is promoted.Since industrial CPSs with integrated control,communication,sensing and computing capabilities requires more open interfaces,a large number of network security threats flood into the system,which has aroused wide attention of scholars on system security issues.Replay attack is one of common data integrity attacks in industrial CPSs.Although some achievements have been made in the detection schemes against data replay attacks,these studies usually require the exact mathematical model of the known system,and data analysis based detection scheme of replay attacks has not been fully studied.Therefore,this paper focuses on detection problems of replay attack in the following aspects:(1)According to the attack principle of replay attack,this paper analyzes the stealth of replay attack from the point of view of data.The research shows that when the system is attacked,malicious attackers can replay sensor measurements to the system in place of the real measurement data.Due to the similarity between historical data and replayed data,it is difficult to find features from the original data to distinguish the normal data from the attack data,which indicates the stealth of replay attack.The conclusions of the above analysis are verified by a semi-physical simulation platform.(2)During the replay attack,measurements output by the system are repeatedly replayed,resulting in a downward trend in the data complexity of measurements.According to this characteristic,this paper proposes the permutation entropy based detection scheme of replay attack.First,the sliding window permutation entropy is used to calculate the complexity of sensor measurements.Afterwards,according to the calculated permutation entropy set,support vector data description is applied to carry out model training,update and determination on operating measurements of the system.In addition,considering the influence of measurement noise in the actual application system and the influence of the attacker's malicious addition of shielding noise on the detection effect of replay attack,wavelet analysis is introduced to denoise measurements containing noise,so as to enhance the detection scheme of replay attack.Finally,the validity of detection scheme based on permutation entropy of replay attack in industrial CPSs is verified by using the data collected from the semi-physical platform.(3)Some scholars have proposed that the detection method of discontinuous replay attack based on relative entropy has the situation of missing detection when the replayed interval is small.The previous study found that when the system is attacked by malicious attackers,measurements are constantly replayed,resulting in a certain deviation of the controller signals.The interdependence between measurements and controller signals can be measured by mutual information.Therefore,this paper proposes the mutual information based detection scheme of replay attack.Considering abnormal peak noise of measurements,we need to preprocess it.Afterwards,mutual information is used to evaluate the degree of interdependence between measurements variations and controlled variations.Moreover,according to the mutual information data set,the support vector machine is used to train model and predict operating data of the system.Finally,the data collected by the semi-physical simulation platform is used to verify the effectiveness of mutual information based detection scheme of replay attack. |
PDF Full Text Request