Curse of System Complexity and Virtue of Operational Invariants: Machine Learning based System Modeling and Attack Detection in CPS

Cyber Physical Systems (CPS) security has gained a lot of interest in recent years. Different approaches have been proposed to tackle the security challenges. Intrusion detection has been of most interest so far, involving design-based and data-based approaches. Design-based approaches require domain expertise and are not scalable, on the other hand, data-based approaches suffer from the lack of real-world datasets available for specific critical physical processes. In this work, a data collection effort is made on a realistic Water Distribution (WADI) test-bed. Collected data consists of both the normal operation as well as a range of attack scenarios. Next, machine learning-based system-modeling techniques are considered using the data from WADI. It is shown that the accuracy of system model-based intrusion detectors depends on the model accuracy and for non-linear processes, it is non-trivial to obtain accurate system models. Moreover, an operational invariants-based attack detection technique is proposed using the system design parameters. It is shown that using a simple rule-based anomaly detector performs better than the complex black-box data-based techniques.