Selected Publications

You can find all of my articles on Google Scholar.

NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems

Published in ACM AsiaCCS 2018, 2018

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, Aditya P. Mathur, Rizwan Qadeer, Carlos Murguia, and Justin Ruths. 2018. NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS 18). Association for Computing Machinery, New York, NY, USA, 483–497. DOI:https://doi.org/10.1145/3196494.3196532 https://dl.acm.org/doi/abs/10.1145/3196494.3196532

Model-based Attack Detection Scheme for Smart Water Distribution Networks

Published in ACM AsiaCCS 2017, 2017

In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security ASIA CCS17. Association for Computing Machinery, New York, NY, USA https://dl.acm.org/doi/abs/10.1145/3052973.3053011

Limitations of state estimation based cyber attack detection schemes in industrial control systems

Published in Smart City Security and Privacy Workshop (SCSP-W), 2016

An experiment was conducted on a water treatment plant to investigate the effectiveness of using Kalman filter based attack detection schemes in a Cyber Physical System (CPS). Kalman filter was implemented with Chi-Square detector. Random, stealthy bias, and replay attacks were launched and results analysed. Analysis indicates that stealthy false data injection and replay attacks cannot be detected by legacy failure detection methods. Read more

Recommended citation: C. M. Ahmed, S. Adepu and A. Mathur, "Limitations of state estimation based cyber attack detection schemes in industrial control systems," 2016 Smart City Security and Privacy Workshop (SCSP-W), Vienna, 2016, pp. 1-5, doi: 10.1109/SCSPW.2016.7509557. https://ieeexplore.ieee.org/abstract/document/7509557/