Selected Publications

You can find all of my articles on Google Scholar.

Energy Level Spoofing Attacks and Countermeasures in Blockchain-enabled IoT

Published in IEEE GlobeCom 2022, 2022

The Internet of Things (IoT) ecosystem is witnessing widespread deployments for emerging applications in diverse domains such as remote sensing, smart homes, and industry 4.0. There is also a growing need to secure such deployments against malicious IoT devices to sustain normal network operations. Since the IoT deployments encompass geographically distributed nodes, blockchain technology, which inherently offers distributed trust in such scenarios, is gaining popularity in providing a secure and trusted IoT deployment. In this paper, we present a use case in which an IoT deployment is retrofitted with a blockchain. The use of blockchain prevents malicious nodes from falsifying information about their energy levels. We first present attack scenarios where IoT nodes can spoof energy while joining or being a part of the network. We then build a defense strategy and evaluate its performance under various attack scenarios. Our results indicate that the IoT deployment is robust under the proposed defense strategy which can detect if a node is spoofing its energy levels over 75% of the time. Read more

Recommended citation: A. H. Khan, H. Ikram, C. M. Ahmed, N. U. Hassan and Z. A. Uzmi, "Energy Level Spoofing Attacks and Countermeasures in Blockchain-enabled IoT," GLOBECOM 2022 - 2022 IEEE Global Communications Conference, Rio de Janeiro, Brazil, 2022, pp. 4322-4327, doi: 10.1109/GLOBECOM48099.2022.10001609. https://ieeexplore.ieee.org/abstract/document/10001609

Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning

Published in ACM CPSIoTSec 2021, 2021

Adversarial learning is used to test the robustness of machine learning algorithms under attack and create attacks that deceive the anomaly detection methods in Industrial Control System (ICS). Given that security assessment of an ICS demands that an exhaustive set of possible attack patterns is studied, in this work, we propose an association rule mining-based attack generation technique. The technique has been implemented using data from a Secure Water Treatment plant. The proposed technique was able to generate more than 110,000 attack patterns constituting a vast majority of new attack vectors which were not seen before. Automatically generated attacks improve our understanding of the potential attacks and enable the design of robust attack detection techniques. Read more

Recommended citation: Muhammad Azmi Umer, Chuadhry Mujeeb Ahmed, Muhammad Taha Jilani, and Aditya P. Mathur. 2021. Attack Rules: An Adversarial Approach to Generate Attacks for Industrial Control Systems using Machine Learning. In Proceedings of the 2th Workshop on CPS&IoT Security and Privacy (CPSIoTSec 21). Association for Computing Machinery, New York, NY, USA, 35–40. https://doi.org/10.1145/3462633.3483976 https://dl.acm.org/doi/abs/10.1145/3462633.3483976

Scanning the Cycle: Timing-based Authentication on PLCs

Published in ACM AsiaCCS 2021, 2021

Programmable Logic Controllers (PLCs) are a core component of an Industrial Control System (ICS). However, if a PLC is compromised or the commands sent across a network from the PLCs are spoofed, consequences could be catastrophic. In this work, a novel technique to authenticate PLCs is proposed that aims at raising the bar against powerful attackers while being compatible with real-time systems. The proposed technique captures timing information for each controller in a non-invasive manner. It is argued that Scan Cycle is a unique feature of a PLC that can be approximated passively by observing network traffic. An attacker that spoofs commands issued by the PLCs would deviate from such fingerprints. To detect replay attacks a PLC Watermarking technique is proposed. PLC Watermarking models the relation between the scan cycle and the control logic by modeling the input/output as a function of request/response messages of a PLC. The proposed technique is validated on an operational water treatment plant (SWaT) and smart grid (EPIC) testbeds. Results from experiments indicate that PLCs can be distinguished based on their scan cycle timing characteristics. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, and Aditya Mathur. 2021. Scanning the Cycle: Timing-based Authentication on PLCs. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIA CCS 21). Association for Computing Machinery, New York, NY, USA, 886–900. https://doi.org/10.1145/3433210.3453102 https://dl.acm.org/doi/abs/10.1145/3433210.3453102

NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems

Published in ACM AsiaCCS 2018, 2018

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, Aditya P. Mathur, Rizwan Qadeer, Carlos Murguia, and Justin Ruths. 2018. NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS 18). Association for Computing Machinery, New York, NY, USA, 483–497. DOI:https://doi.org/10.1145/3196494.3196532 https://dl.acm.org/doi/abs/10.1145/3196494.3196532

Model-based Attack Detection Scheme for Smart Water Distribution Networks

Published in ACM AsiaCCS 2017, 2017

In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security ASIA CCS17. Association for Computing Machinery, New York, NY, USA https://dl.acm.org/doi/abs/10.1145/3052973.3053011

Limitations of state estimation based cyber attack detection schemes in industrial control systems

Published in Smart City Security and Privacy Workshop (SCSP-W), 2016

An experiment was conducted on a water treatment plant to investigate the effectiveness of using Kalman filter based attack detection schemes in a Cyber Physical System (CPS). Kalman filter was implemented with Chi-Square detector. Random, stealthy bias, and replay attacks were launched and results analysed. Analysis indicates that stealthy false data injection and replay attacks cannot be detected by legacy failure detection methods. Read more

Recommended citation: C. M. Ahmed, S. Adepu and A. Mathur, "Limitations of state estimation based cyber attack detection schemes in industrial control systems," 2016 Smart City Security and Privacy Workshop (SCSP-W), Vienna, 2016, pp. 1-5, doi: 10.1109/SCSPW.2016.7509557. https://ieeexplore.ieee.org/abstract/document/7509557/