Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle...
Transcript of Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle...
![Page 1: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/1.jpg)
Learning-based Attacks in
Cyber-Physical Systems
1
Mohammad Javad (MJ) Khojasteh
Center for Autonomous Systems and Technologies (CAST)
California Institute of Technology
Joint work with:
• Anatoly Khina, Tel Aviv University
• Massimo Franceschetti, University of California, San Diego
• Tara Javidi, University of California, San Diego
![Page 2: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/2.jpg)
Cloud robots and automation systems
MJ Khojasteh 2
![Page 3: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/3.jpg)
Security
MJ Khojasteh 3
We need to address physical security in addition to cyber security
![Page 4: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/4.jpg)
News reports
4MJ Khojasteh
![Page 5: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/5.jpg)
News reports
“It has changed the way we view the security threat”
5MJ Khojasteh
![Page 6: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/6.jpg)
ff
The man in the middle
Plant Controller
A malicious controller
for the plant
A fictitious plant for
the controller
6MJ Khojasteh
![Page 7: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/7.jpg)
Mathematical formulation
• Linear dynamical system
• The controller, at time , observes and generates a control signal
as a function of all past observations .
• The attacker feeds a malicious input to the plant.
• How can the controller detect that the system is under attack?
Under normal operation
Under attack
7
are i.i.d.
MJ Khojasteh
![Page 8: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/8.jpg)
Anomaly detection
• The controller is armed with a detector that tests for anomalies in
the observed history .
• Under legitimate system operation we expect
• The detector performs the variance test
• What kind of attacks can we detect?
8
i.i.d.
MJ Khojasteh
![Page 9: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/9.jpg)
B. Satchidanandan,
P. R. Kumar (2017)
R. S. Smith (2011)
The man in the middle attack types
Replay attack
Statistical-duplicate attack
Learning-based attack
9
Y. Mo, B. Sinopoli (2009)
MJ Khojasteh
MJ Khojasteh et al.
(2020)
Stuxnet
![Page 10: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/10.jpg)
• The attacker has access to both and and knows the
distribution of and of the initial condition , but it should learn
the open loop gain of the plant.
• For analysis purposes, we can assume the open loop gain of the plant
is a random variable with a distribution known to the attacker and
for any event we let
Learning-based attack
10MJ Khojasteh
![Page 11: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/11.jpg)
Two phases of the learning-based attack
Learning (exploration)
phase
Hijacking (exploitation)
phase
Eavesdropping and learning Hijacking the system
11MJ Khojasteh
![Page 12: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/12.jpg)
Learning (exploration) phase
• For , the attacker observes the plant state and control input,
and tries to learn the open-loop gain .
12MJ Khojasteh
![Page 13: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/13.jpg)
Hijacking (exploitation) phase
• For , the attacker feeds the fake signal to the
controller, reads the next input , and drives the system to an
undesired state by feeding to the plant.
13MJ Khojasteh
![Page 14: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/14.jpg)
• The controller uses to construct an estimate of
according to the variance test
Detecting the attack
14
• Let be the indicator of the attack at any time before
• Define the deception probabilities
• Assume the power of the fictitious sensor reading converges a.s.
MJ Khojasteh
![Page 15: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/15.jpg)
Results
15
• We provide lower and upper bounds on the deception probability
• The lower bound is based on a given learning algorithm and holds
for any measurable control policy
• The upper bound holds for any learning algorithm, and any
measurable control policy
MJ Khojasteh
![Page 16: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/16.jpg)
• Assuming the attacker uses a least-square learning algorithm to learn
the plant, such that
• This algorithm is consistent, namely
Lower bound
16
as
K. J. Åström, P. Eykhoff (1971), L Ljung (1982)
MJ Khojasteh
![Page 17: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/17.jpg)
Lower bound
17
• On the other hand, for any fixed L the deception probability
depends on the ability to learn the plant, and we can show
Using concentration bound
of A. Rantzer 2018
MJ Khojasteh
![Page 18: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/18.jpg)
Comparison with a replay attack
18MJ Khojasteh
MJ Khojasteh et al.
(2020)
![Page 19: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/19.jpg)
Upper bound on the deception probability
• If is distributed uniformly in , then letting
, we have
• The numerator represents the information revealed about from
the observation of the random variable
• The denominator represents the intrinsic uncertainty of when it is
observed at resolution corresponding to the entropy of
the quantized random variable
19MJ Khojasteh
![Page 20: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/20.jpg)
• In addition, if is a Markov chain for all
, then
Upper bound on the deception probability
any sequence of probability measures , provided
for all
20MJ Khojasteh
![Page 21: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/21.jpg)
• The freedom in choosing the auxiliary probability measure
make the second bound a useful bound.
The Gaussian case
21
• Gaussian plant disturbance
• By choosing we have
where
MJ Khojasteh
![Page 22: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/22.jpg)
Impede the learning process of the attacker
Privacy-enhancing signal
22MJ Khojasteh
Nominal control policy
Privacy-enhancing signal
![Page 23: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/23.jpg)
23
• Injecting a strong noise may in fact speed up the learning process
• Carefully crafted watermarking signals provide better guarantees
on the deception probability
?
Privacy-enhancing signal
MJ Khojasteh
![Page 24: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/24.jpg)
24
Defense against learning-based attack
MJ Khojasteh
MJ Khojasteh et al.
(2020)
![Page 25: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/25.jpg)
Vector systems
25MJ Khojasteh
![Page 26: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/26.jpg)
Learning-based attack: vector systems
26
MJ Khojasteh et al.
(2020)
MJ Khojasteh
![Page 27: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/27.jpg)
Defense against vector learning-based attack
27MJ Khojasteh
![Page 28: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/28.jpg)
Nonlinear learning-based attack
28MJ Khojasteh
Reproducing Kernel Hilbert Space (RKHS)
Linear regression Bayesian learning: Gaussian processes (GP)
Vulnerable region
Lower attacker's
success rate
![Page 29: Learning-based Attacks in Cyber-Physical Systemsmjkhojas/Papers/LB-slide.pdfThe man in the middle attack types Replay attack Statistical-duplicate attack Learning-based attack 9 Y.](https://reader033.fdocuments.in/reader033/viewer/2022042418/5f34b0e93e09172a2e092721/html5/thumbnails/29.jpg)
References
29MJ Khojasteh
• Khojasteh MJ, Khina A, Franceschetti M, Javidi T.
Authentication of cyber-physical systems under learning-based attacks.
IFAC-PapersOnLine. 2019 Jan 1; 52(20): 369-74.
• Khojasteh, M.J., Khina, A., Franceschetti, M. and Javidi, T.
Learning-based attacks in cyber-physical systems.
arXiv preprint arXiv:1809.06023, 2020.