Machine Learning-Enabled Security in Internet of Things and Cyber-Physical Systems

Liu, Jinxin

13 April 2023

Internet of Things (IoT) is a promising and thriving technology that incorporates a variety of smart devices that provide enhanced services for remote communication and interaction between humans and physical items. The number of deployed IoT devices will increase to 41.6 billion in 2025, as predicted by International Data Corporation. With such a large population, assaults on IoT networks will harm a vast number of users and IoT devices. In light of this, we explore security from physical and network viewpoints in this thesis. To preserve privacy in IoT environment, this thesis begins by proposing RASA, a context-sensitive access authorization approach. We evaluate the promise of RASA-generated policies against a heuristic rule-based policy. The decisions of the RASA and that of the policy are more than 99% consistent. Furthermore, not only physical attacks but also cybercrimes will threaten IoT networks; consequently, this thesis proposes various Network Intrusion Detection System (NIDS) to identify network intrusions. In this thesis, we firstly examine traditional attacks in the NSL-KDD dataset that can impact sensor networks. Furthermore, in order to detect the introduced attacks, we study eleven machine learning algorithms, among which, XGBoost ranks the first with 97% accuracy. As attack tactics continue to evolve, Advanced Persistent Threat (APT) poses a greater risk to IoT networks than traditional incursions. This thesis presents SCVIC-APT-2021 to define a APT benchmark. Following upon this, an ML-based Attack Centric Method (ACM) is introduced achieving 9.4% improvement with respect to the baseline performance. This thesis proposes a Combined Intrusion Detection System (CIDS) that takes network and host information into consideration to reduce data noise and improve the performance of IDS. Two new CIDS datasets, SCVIC-CIDS-2021 and SCVIC-CIDS-2022, are generated. We further propose CIDS-Net to incorporate network and host related data. CIDS-Net boost the macro F1 score of the best baseline by 5.8% (up to 99.95%) and 5.1% (up to 91.3%), respectively on the two datasets. Besides of detection performance, timely response is considered as a critical metric of NIDS. This thesis introduces Multivariate Time Series (MTS) early detection into NIDS . We form TS-CICIDS2017 which is a time series based NIDS dataset and a new deep learning-based early detection model called Multi-Domain Transformer (MDT) is proposed, resulting in a 84.1% macro F-score with only few of the initial packets. To reduce the size of NIDS inputs, this work proposes a deep learning-based lossy time series compressor (Deep Dict) to achieve a high compression ratio while limiting the decompression error within a desired range. As demonstrated by the results, Deep Dict outperforms the compression ratio of the state-of-the-art lossy compression methods by up to 53.66%.

Machine Learning

Deep Learning

Transformers

IoT

Cyber Physical System

Network Security

Intrusion Detection System

Time Sereis

AI-enabled modeling and monitoring of data-rich advanced manufacturing systems

Mamun, Abdullah Al

08 August 2023

The infrastructure of cyber-physical systems (CPS) is based on a meta-concept of cybermanufacturing systems (CMS) that synchronizes the Industrial Internet of Things (IIoTs), Cloud Computing, Industrial Control Systems (ICSs), and Big Data analytics in manufacturing operations. Artificial Intelligence (AI) can be incorporated to make intelligent decisions in the day-to-day operations of CMS. Cyberattack spaces in AI-based cybermanufacturing operations pose significant challenges, including unauthorized modification of systems, loss of historical data, destructive malware, software malfunctioning, etc. However, a cybersecurity framework can be implemented to prevent unauthorized access, theft, damage, or other harmful attacks on electronic equipment, networks, and sensitive data. The five main cybersecurity framework steps are divided into procedures and countermeasure efforts, including identifying, protecting, detecting, responding, and recovering. Given the major challenges in AI-enabled cybermanufacturing systems, three research objectives are proposed in this dissertation by incorporating cybersecurity frameworks. The first research aims to detect the in-situ additive manufacturing (AM) process authentication problem using high-volume video streaming data. A side-channel monitoring approach based on an in-situ optical imaging system is established, and a tensor-based layer-wise texture descriptor is constructed to describe the observed printing path. Subsequently, multilinear principal component analysis (MPCA) is leveraged to reduce the dimension of the tensor-based texture descriptor, and low-dimensional features can be extracted for detecting attack-induced alterations. The second research work seeks to address the high-volume data stream problems in multi-channel sensor fusion for diverse bearing fault diagnosis. This second approach proposes a new multi-channel sensor fusion method by integrating acoustics and vibration signals with different sampling rates and limited training data. The frequency-domain tensor is decomposed by MPCA, resulting in low-dimensional process features for diverse bearing fault diagnosis by incorporating a Neural Network classifier. By linking the second proposed method, the third research endeavor is aligned to recovery systems of multi-channel sensing signals when a substantial amount of missing data exists due to sensor malfunction or transmission issues. This study has leveraged a fully Bayesian CANDECOMP/PARAFAC (FBCP) factorization method that enables to capture of multi-linear interaction (channels × signals) among latent factors of sensor signals and imputes missing entries based on observed signals.

Artificial Intelligence

Condition-based maintenance

Cyber-physical system

Cybermanufacturing

Missing signal imputation

Process authentication

Industrial Engineering

Time-sensitive Information Communication, Sensing, and Computing in Cyber-Physical Systems

Li, Xinfeng

08 September 2014

No description available.

Computer Science

Time-sensitive

Cyber-Physical System

Information Dissemination

Human Localization

Big Visual Data

MapReduce

On integrated modularization for situated product configuration

Williamsson, David

January 2019

Road transports face increasing societal challenges with respect to emissions, safety, and traffic congestion, as well as business challenges. Truck automation, e.g. self-driving trucks may be utilized to address some of these issues. Autonomous transport vehicles may be characterized as Cyber-Physical Systems (CPS). A drawback is that CPS significantly increase technical complexity and thus introduce new challenges to system architecting. A product architecture is the interrelation between physical components and their function, i.e. their purpose. Product architectures can be categorized as being modular or integral. The main purpose of a modular architecture is to enable external variety and at the same time internal commonality. Products with a modular architecture are configured from predesigned building blocks, i.e. modules. A stable module, which is a carrier of main function(s) has standardized interfaces, is configured for company-specific reasons, which means it supports a company-specific (business) strategy. In this thesis, the present state at the heavy vehicle manufacturer Scania, concerning product architecting, modularization, product description and configuration is investigated. Moreover, a new clustering based method for product modularization that integrates product complexity and company business strategies is proposed. The method is logically verified with multiple industrial cases, where the architecture of a heavy truck driveline is used as a test bench. The driveline contains synergistic configurations of mechanical, electrical and software technologies that are constituents of an automated  and/or semi-autonomous system, i.e. the driveline may be characterized as a CPS. The architecture is analyzed both from technical complexity and business strategy point of view.  The presented research indicates that a structured methodology which supports the development of the product architecture is needed at Scania, to enable control of the increasing technical complexity in the Cyber-Physical Systems. Finally, configuration rules are identified to be highly important in order to successfully realize a modular product architecture. A drawback with this approach is that the solution space becomes hard to identify, therefore a complete and flexible product description methodology is essential. The results from the case studies indicate that clustering of a Product Architecture DSM may result in a modular architecture with significantly reduced complexity, but with clusters that contain conflicting module drivers. It is also identified that the new modularization methodology is capable of identifying and proposing reasonable module candidates that address product complexity as well as company-specific strategies. Furthermore, several case studies show that the proposed method can be used for analyzing and finding the explicit and/or implicit, technical as well as strategic, reasons behind the architecture of an existing product.

Modularization

Product Description

Module

Product Structure

Product Architecture

Cyber-Physical System

Other Mechanical Engineering

Annan maskinteknik

An Axiomatic Categorisation Framework for the Dynamic Alignment of Disparate Functions in Cyber-Physical Systems

Byrne, Thomas J., Doikin, Aleksandr, Campean, Felician, Neagu, Daniel

04 April 2019

Yes / Advancing Industry 4.0 concepts by mapping the product of the automotive industry on the spectrum of Cyber Physical Systems, we immediately recognise the convoluted processes involved in the design of new generation vehicles. New technologies developed around the communication core (IoT) enable novel interactions with data. Our framework employs previously untapped data from vehicles in the field for intelligent vehicle health management and knowledge integration into design. Firstly, the concept of an inter-disciplinary artefact is introduced to support the dynamic alignment of disparate functions, so that cyber variables change when physical variables change. Secondly, the axiomatic categorisation (AC) framework simulates functional transformations from artefact to artefact, to monitor and control automotive systems rather than components. Herein, an artefact is defined as a triad of the physical and engineered component, the information processing entity, and communication devices at their interface. Variable changes are modelled using AC, in conjunction with the artefacts, to aggregate functional transformations within the conceptual boundary of a physical system of systems. / Jaguar Land Rover funded research “Intelligent Personalised Powertrain Healthcare” 2016-2019

Cyber Physical System

Internet of Things

Industry 4.0

Multidisciplinary design

IVHM

FruitPAL: An IoT-Enabled Framework for Automatic Monitoring of Fruit Consumption in Smart Healthcare

Alkinani, Abdulrahman Ibrahim M.

12 1900

This research proposes FruitPAL and FruitPAL 2.0. They are full automatic devices that can detect fruit consumption to reduce the risk of disease. Allergies to fruits can seriously impair the immune system. A novel device (FruitPAL) detecting fruit that can cause allergies is proposed in this thesis. The device can detect fifteen types of fruit and alert the caregiver when an allergic reaction may have happened. The YOLOv8 model is employed to enhance accuracy and response time in detecting dangers. The notification will be transmitted to the mobile device through the cloud, as it is a commonly utilized medium. The proposed device can detect the fruit with an overall precision of 86%. FruitPAL 2.0 is envisioned as a device that encourages people to consume fruit. Fruits contain a variety of essential nutrients that contribute to the general health of the human body. FruitPAL 2.0 is capable of analyzing the consumed fruit and then determining its nutritional value. FruitPAL 2.0 has been trained on YOLOv5 V6.0. FruitPAL 2.0 has an overall precision of 90% in detecting the fruit. The purpose of this study is to encourage fruit consumption unless it causes illness. Even though fruit plays an important role in people's health, it might cause dangers. The proposed work can not only alert people to fruit that can cause allergies, but also it encourages people to consume fruit that is beneficial for their health.

Smart Healthcare

Diet Monitoring

Healthcare Cyber-Physical System (H-CPS)

Machine Learning

Engineering, Biomedical

Microgrid as a Cyber-Physical System: Dynamics and Control

Lee, Lung-An

15 May 2023

As a result of climate change, extreme events occur more frequently and at higher severity, causing catastrophic power outages with significant economic losses. Microgrids are deployed as a technology to enhance power system resilience. A microgrid may include one or more distributed energy resources (DERs), including synchronous generators, solar panels, wind turbines, and energy storage systems which are decentralized power sources primarily in a distribution system to enable system recovery from catastrophic events. Microgrids can be operated in a utility-connected mode or an islanded mode in separation with the hosting transmission or distribution system. As major disasters occur, intentional islanding of a microgrid is a strategy to serve critical loads, within or outside the microgrids, until the utility service is restored. To operate microgrids, dispatch and control capabilities are required that would significantly improve the dynamic performance of the microgrid. An islanded microgrid can be used to serve critical load as a resiliency source when a severe outage occurs. In an islanded mode, control of a microgrid relies on the communication system significantly. Hence, microgrids are cyber-physical systems and, therefore, the cyber system plays a crucial role in the performance of the cyber-power system. Improper parameters of the cyber system can result in instability of a microgrid system. Simplification of the networked control system model is needed to enhance the computational performance, making the analytical method practical for large-scale power systems. To reduce the emission of carbon dioxide and alleviate the impact of climate change, the electric power industry has been integrating renewable energy into the power grid. The high penetration of renewable energy at an unprecedented level also raises new issues for the power grid, e.g., low inertia, degraded power quality, and higher uncertainties. Power electronics technology is used for power conversion of renewable energy. As the level of penetration of renewable energy increases, the inverter-based resources (IBRs) are being installed at a fast pace on the power grid. Compared to conventional synchronous generators (SGs), a major technical challenge of IBRs is their low inertia which can lead to system instability. In this context, the work of this dissertation results in major contributions regarding control algorithms for microgrid resilience, stability, and cyber-physical systems. Specifically, three novel contributions are presented: 1) A coordinated control scheme is proposed to achieve the goals of power dispatch and system regulation for an islanded microgrid. The proposed control scheme improves system dynamics; 2) A method is developed for the determination of critical values for the data reporting period and communication delay. Based on the proposed method, a 2-dimensional stability region of a microgrid in the space of cyber parameters is derived and critical values of cyber parameters are identified based on the stability region; 3) A control scheme is proposed to improve system stability of a hybrid-DER microgrid. The analysis serves to illustrate the stability regions of the hybrid-DER microgrid. A control methodology based on two-time scale decomposition is developed to stabilize the system. / Doctor of Philosophy / Climate change is causing more frequent and severe weather events, resulting in catastrophic power outages and significant economic losses. To enhance power system resilience, microgrids are proposed as a solution. Microgrids consist of one or more distributed energy resources, such as solar panels, wind turbines, and energy storage systems, which can be operated in a utility-connected or islanded mode. Microgrids can operate in an islanded mode to serve critical loads when an extended outage of the utility grid occurs. Proper dispatch and control capabilities are necessary for the operation and control. However, the performance of a microgrid, especially in an islanded mode, is dependent on the communication system. Excessive cyber latencies can result in system instability of the microgrid. To reduce carbon dioxide emissions, the power industry is integrating an unprecedented level of renewable energy into the power grid. Power electronics technology is being used for power conversion of renewable energy, and inverter-based resources are being installed at a fast pace into the power grid. One major technical challenge of inverter-based resources is their low inertia, which can lead to system instability. To address these issues, this dissertation presents three novel contributions: a coordinated control scheme to improve the microgrid dynamics and perform power dispatch and system regulation functions, a method to determine critical values of cyber parameters based on stability regions, and a control scheme to improve system stability of a hybrid-DER microgrid. These contributions provide valuable concepts and methodologies for resilient and stable microgrids that are critical to meet the operational and control challenges of an electricity infrastructure with a high-level penetration of renewable energy.

Microgrid

Resilience

Dynamics

Stability

Cyber-Physical System

Hybrid-DER Microgrid

Droop Control

Secondary Control

Feedback Control

Electromagnetic Interference Attacks on Cyber-Physical Systems: Theory, Demonstration, and Defense

Dayanikli, Gokcen Yilmaz

27 August 2021

A cyber-physical system (CPS) is a complex integration of hardware and software components to perform well-defined tasks. Up to this point, many software-based attacks targeting the network and computation layers have been reported by the researchers. However, the physical layer attacks that utilize natural phenomena (e.g., electromagnetic waves) to manipulate safety-critic signals such as analog sensor outputs, digital data, and actuation signals have recently taken the attention. The purpose of this dissertation is to detect the weaknesses of cyber-physical systems against low-power Intentional Electromagnetic Interference (IEMI) attacks and provide hardware-level countermeasures. Actuators are irreplaceable components of electronic systems that control the physically moving sections, e.g., servo motors that control robot arms. In Chapter 2, the potential effects of IEMI attacks on actuation control are presented. Pulse Width Modulation (PWM) signal, which is the industry–standard for actuation control, is observed to be vulnerable to IEMI with specific frequency and modulated–waveforms. Additionally, an advanced attacker with limited information about the victim can prevent the actuation, e.g., stop the rotation of a DC or servo motor. For some specific actuator models, the attacker can even take the control of the actuators and consequently the motion of the CPS, e.g., the flight trajectory of a UAV. The attacks are demonstrated on a fixed-wing unmanned aerial vehicle (UAV) during varying flight scenarios, and it is observed that the attacker can block or take control of the flight surfaces (e.g., aileron) which results in a crash of the UAV or a controllable change in its trajectory, respectively. Serial communication protocols such as UART or SPI are widely employed in electronic systems to establish communication between peripherals (e.g., sensors) and controllers. It is observed that an adversary with the reported three-phase attack mechanism can replace the original victim data with the 'desired' false data. In the detection phase, the attacker listens to the EM leakage of the victim system. In the signal processing phase, the exact timing of the victim data is determined from the victim EM leakage, and in the transmission phase, the radiated attack waveform replaces the original data with the 'desired' false data. The attack waveform is a narrowband signal at the victim baud rate, and in a proof–of–concept demonstration, the attacks are observed to be over 98% effective at inducing a desired bit sequence into pseudorandom UART frames. Countermeasures such as twisted cables are discussed and experimentally validated in high-IEMI scenarios. In Chapter 4, a state-of-art electrical vehicle (EV) charger is assessed in IEMI attack scenarios, and it is observed that an attacker can use low–cost RF components to inject false current or voltage sensor readings into the system. The manipulated sensor data results in a drastic increase in the current supplied to the EV which can easily result in physical damage due to thermal runaway of the batteries. The current switches, which control the output current of the EV charger, can be controlled (i.e., turned on) by relatively high–power IEMI, which gives the attacker direct control of the current supplied to the EV. The attacks on UAVs, communication systems, and EV chargers show that additional hardware countermeasures should be added to the state-of-art system design to alleviate the effect of IEMI attacks. The fiber-optic transmission and low-frequency magnetic field shielding can be used to transmit 'significant signals' or PCB-level countermeasures can be utilized which are reported in Chapter 5. / Doctor of Philosophy / The secure operation of an electronic system depends on the integrity of the signals transmitted from/to components like sensors, actuators, and controllers. Adversaries frequently aim to block or manipulate the information carried in sensor and actuation signals to disrupt the operation of the victim system with physical phenomena, e.g., infrared light or acoustic waves. In this dissertation, it is shown that low-power electromagnetic (EM) waves, with specific frequency and form devised for the victim system, can be utilized as an attack tool to disrupt, and, in some scenarios, control the operation of the system; moreover, it is shown that these attacks can be mitigated with hardware-level countermeasures. In Chapter 2, the attacks are applied to electric motors on an unmanned aerial vehicle (UAV), and it is observed that an attacker can block (i.e., crash of the UAV) or control the UAV motion with EM waves. In Chapter 3, it is shown that digital communication systems are not resilient against intentional electromagnetic interference (IEMI), either. Low–power EM waves can be utilized by attackers to replace the data in serial communication systems with a success rate %98 or more. In Chapter 4, the attacks are applied to the sensors and actuators of electric vehicle chargers with low–cost over–the–shelf amplifiers and antennas, and it is shown that EM interference attacks can manipulate the sensor data and boosts the current supplied to the EV, which can result in overheating and fire. To ensure secure electronic system operation, hardware–level defense mechanisms are discussed and validated with analytical solutions, simulations, and experiments.

Cyber-Physical System Security

Electromagnetic Attacks

Signal Integrity

Uma abordagem baseada em modelos para suporte à validação de sistemas médicos físico-cibernéticos. / A model-based approach to support the validation of physico-cybernetic medical systems.

SILVA, Lenardo Chaves e.

09 May 2018

Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-05-09T17:24:59Z No. of bitstreams: 1 LENARDO CHAVES E SILVA - TESE PPGCC 2015..pdf: 9863003 bytes, checksum: b4ff7a7517f3ec159596b4b3c8730219 (MD5) / Made available in DSpace on 2018-05-09T17:24:59Z (GMT). No. of bitstreams: 1 LENARDO CHAVES E SILVA - TESE PPGCC 2015..pdf: 9863003 bytes, checksum: b4ff7a7517f3ec159596b4b3c8730219 (MD5) Previous issue date: 2015-11-12 / Capes / Sistemas Médicos Físico-Cibernéticos (SMFC) são sistemas críticos cientes de contexto que têm a segurança do paciente como principal requisito, demandando processos rigorosos de validação para garantir a conformidade com os requisitos do usuário e a corretude orientada à especificação. Neste trabalho é proposta uma arquitetura baseada em modelos para validação de SMFC, focando em promover a reúso e a produtividade. Tal abordagem permite que desenvolvedores de sistemas construam modelos formais de SMFC baseados em uma biblioteca de modelos de pacientes e dispositivos médicos, bem como simular o SMFC para identificar comportamentos indesejados em tempo de projeto. A abordagem proposta foi aplicada a três diferentes cenários clínicos para avaliar seu potencial de reúso para diferentes contextos. A abordagem foi também validada por meio de uma avaliação empírica com desenvolvedores para avaliar o reúso e a produtividade. Finalmente, os modelos foram formalmente verificados considerando os requisitos funcionais e de segurança, além da cobertura dos modelos. / Medical Cyber-Physical Systems (MCPS) are context-aware, life-critical systems with patient safety as the main concern, demanding rigorous processes for validation to guarantee user requirement compliance and specification-oriented correctness. In this article, we propose a model-based approach for early validation of MCPS, focusing on promoting reusability and productivity. It enables system developers to build MCPS formal models based on a library of patient and medical device models, and simulate the MCPS to identify undesirable behaviors at design time. Our approach has been applied to three different clinical scenarios to evaluate its reusability potential for different context. We have also validated our approach through an empirical evaluation with developers to assess productivity and reusability. Finally, our models have been formally verified considering functional and safety requirements and model coverage.

Ciência da Computação.

Sistemas Médicos Físico-Cibernético

Validação de sistema médico

Projeto baseado em modelos

Ambiente cínico integrado

Projeto orientado a atores

Actor-Oriented Design - AOD

Modelo AOD

Cyber-Physical System - CPS

Medical Cyber-Physical System

Distributed Control of HVDC Transmission Grids

Babazadeh, Davood

January 2017

Recent issues such as priority access of renewable resources recommended by European energy directives and increase the electricity trading among countries lead to new requirements on the operation and expansion of transmission grids. Since AC grid expansions are limited by legislative issues and long distance transmission capacity, there is a considerable attention drawn to application of HVDC transmission grids on top of, or in complement to, existing AC power systems. The secure operation of HVDC grids requires a hierarchical control system. In HVDC grids, the primary control action to deal with power or DC voltage deviations is communication-free and local. In addition to primary control, the higher supervisory control actions are needed to guarantee the optimal operation of HVDC grids. However, the implementation of supervisory control functions is linked to the arrangement of system operators; i.e. an individual HVDC operator (central structure) or sharing tasks among AC system operators (distributed structure). This thesis presents distributed control of an HVDC grid. To this end, three possible supervisory functions are investigated; coordination of power injection set-points, DC slack bus selection and network topology identification. In this thesis, all three functions are first studied for the central structure. For the distributed solution, two algorithms based on Alternating Direction Method of Multipliers (ADMM) and Auxiliary Problem Principle (APP) are adopted to solve the coordination of power injection. For distributed selection of DC slack bus, the choice of parameters for quantitative ranking of converters is important. These parameters should be calculated based on local measurements if distributed decision is desired. To this end, the short circuit capacity of connected AC grid and power margin of converters are considered. To estimate the short circuit capacity as one of the required selection parameters, the result shows that the recursive least square algorithm can be very efficiently used. Besides, it is possible to intelligently use a naturally occurring droop response in HVDC grids as a local measurement for this estimation algorithm. Regarding the network topology, a two-stage distributed algorithm is introduced to use the abstract information about the neighbouring substation topology to determine the grid connectivity. / <p>QC 20170306</p>

co-simulation

cyber-physical system

DC slack bus

distributed control

HVDC grids

power injection

topology processor

wind farms