Fast Attack Detection for Cyber-Physical Systems Using Dynamic Data Encryption

IEEE Trans Cybern. 2024 May;54(5):3251-3264. doi: 10.1109/TCYB.2023.3332079. Epub 2024 Apr 16.

Abstract

To defend the cyber-physical system (CPSs) from cyber-attacks, this work proposes an unified intrusion detection mechanism which is capable to fast hunt various types of attacks. Focusing on securing the data transmission, a novel dynamic data encryption scheme is developed and historical system data is used to dynamically update a secret key involved in the encryption. The core idea of the dynamic data encryption scheme is to establish a dynamic relationship between original data, secret key, ciphertext and its decrypted value, and in particular, this dynamic relationship will be destroyed once an attack occurs, which can be used to detect attacks. Then, based on dynamic data encryption, a unified fast attack detection method is proposed to detect different attacks, including replay, false data injection (FDI), zero-dynamics, and setpoint attacks. Extensive comparison studies are conducted by using the power system and flight control system. It is verified that the proposed method can immediately trigger the alarm as soon as attacks are launched while the conventional χ2 detection could only capture the attacks after the estimation residual goes over the predetermined threshold. Furthermore, the proposed method does not degrade the system performance. Last but not the least, the proposed dynamic encryption scheme turns to normal operation mode as the attacks stop.