Resilient Anomaly Detection in Cyber-Physical Systems
Cyber-physical systems (CPS), such as autonomous automobile systems and process control systems, are mechanisms that deeply intertwine physical and software components. A resilient CPS is one that maintains an accepted level of operational normalcy in response to system faults and threats of unexpected and malicious nature. The focus of this dissertation is on improving resilience of CPS through design and evaluation of resilient anomaly detectors, which guarantee satisfactory performance even in the presence of worst-case faults and attacks. The contributions of the thesis address challenges in the design of resilient anomaly detectors by taking into consideration features of the physical system and the control and monitoring algorithms. Detection thresholds of resilient anomaly detectors need to be configured properly to ensure detection performance while minimizing false alarms. Using a game-theoretic approach, our work formulates the problem of computing optimal detection thresholds which minimize both the number of false alarms and the probability of missing attacks. An efficient algorithm based on dynamic programming for solving the game and finding optimal detection thresholds is developed and analyzed. The approach is evaluated using a case study of contamination attacks in water networks. To increase resilience against detection errors, a framework for application-aware anomaly detection is presented. The main objective is to configure an anomaly detector so that the performance loss of the application in the presence of detection errors is minimized. An efficient algorithm for finding the application-aware detector is proposed and analyzed. The results are evaluated using a case study of real-time control of traffic signals. To improve resilience against malicious attackers, the problem of adversarial regression in CPS is investigated, where an adversary capable of perturbing the values of sensors attempts to drive a CPS to an unsafe state while remaining undetected. The problem is solved considering linear regression- and neural network regression-based detectors. Then, a resilient detector is presented that mitigates the impact of stealthy attacks through configuration of thresholds. The proposed approach is numerically evaluated using a case study of a process control system.