Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Why can not we just use Machine Learning Algorithms for detecting intrusions in Industrial Systems?

1 minute read

Published:

This blog post is our recent work that explains the challenges we have faced in adopting Machine Learning Algorithms for intrusion detection in Industrial Control Systems (ICS). This study is insightful with a summary of several projects both using examples from design and data-centric techniques. Each study is concluding with a lesson learned and some recommendations are made for future research. Read more

Test Blog Post

less than 1 minute read

Published:

This is a test blog post. This is unfinished page and will be updated in future with some interesting content related to security and privacy. Read more

portfolio

publications

Limitations of state estimation based cyber attack detection schemes in industrial control systems

Published in Smart City Security and Privacy Workshop (SCSP-W), 2016

An experiment was conducted on a water treatment plant to investigate the effectiveness of using Kalman filter based attack detection schemes in a Cyber Physical System (CPS). Kalman filter was implemented with Chi-Square detector. Random, stealthy bias, and replay attacks were launched and results analysed. Analysis indicates that stealthy false data injection and replay attacks cannot be detected by legacy failure detection methods. Read more

Recommended citation: C. M. Ahmed, S. Adepu and A. Mathur, "Limitations of state estimation based cyber attack detection schemes in industrial control systems," 2016 Smart City Security and Privacy Workshop (SCSP-W), Vienna, 2016, pp. 1-5, doi: 10.1109/SCSPW.2016.7509557. https://ieeexplore.ieee.org/abstract/document/7509557/

Model-based Attack Detection Scheme for Smart Water Distribution Networks

Published in ACM AsiaCCS 2017, 2017

In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security ASIA CCS17. Association for Computing Machinery, New York, NY, USA https://dl.acm.org/doi/abs/10.1145/3052973.3053011

NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems

Published in ACM AsiaCCS 2018, 2018

An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect attacks. To extract the noise (difference between expected and observed value) a representative model of the system is derived. A Kalman filter is used for the purpose of state estimation. By subtracting the state estimates from the real system states, a residual vector is obtained. It is shown that in steady state the residual vector is a function of process and sensor noise. A set of time domain and frequency domain features is extracted from the residual vector. Feature set is provided to a machine learning algorithm to identify the sensor and process. Experiments are performed on two testbeds, a real-world water treatment (SWaT) facility and a water distribution (WADI) testbed. A class of zero-alarm attacks, designed for statistical detectors on SWaT are detected by the proposed scheme. It is shown that a multitude of sensors can be uniquely identified with accuracy higher than 90% based on the noise fingerprint. Read more

Recommended citation: Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, Aditya P. Mathur, Rizwan Qadeer, Carlos Murguia, and Justin Ruths. 2018. NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS 18). Association for Computing Machinery, New York, NY, USA, 483–497. DOI:https://doi.org/10.1145/3196494.3196532 https://dl.acm.org/doi/abs/10.1145/3196494.3196532

talks

teaching

Computer Networking

Undergraduate course, Singapore University of Technology and Design, 2016

I was teaching assistant with Prof. Nils O. Tippenhauer in Fall Semester 2016 for the Networking Course. I was mainly responsible for the lab exercises. Read more