Moving Target Defense Approach to Detecting Stuxnet-Like Attacks

Recent cybersecurity incidents such as Stuxnet and Irongate alert us to the threats faced by critical cyber-physical systems. These attacks compromise the control signals to push the system to unsafe regions and meanwhile, inject fake sensor measurements to cover the ongoing attack. Detecting these Stuxnet-like (SL) attacks still remains an open research issue. This paper analyzes the taxonomy, construction, and implication of SL attacks in CPS control loops. We propose to apply the moving target defense (MTD) approach that actively changes the system configuration to detect SL attacks, since these attacks are generally constructed based on the knowledge about the system’s configuration. We analyze the basic conditions for MTD to be successful. Finally, as a case study, we apply MTD for the secondary voltage control of power grids and present simulation results based on the IEEE 39-bus test system under realistic settings.