In many applications, security is a serious issue due to the high risk of cyber-attacks. An adversary can cause severe damage by providing wrong information about the system and consequently leading the controller to perform incorrectly. Detecting any malicious activity is necessary to cover up its negative effects and make the system operate reliably. In this paper, we propose a new approach to analyze security and diagnosability of a Finite-state machine (FSM) under multiple attacks. Different kinds of attacks are modeled by an FSM and the composition of the nominal and attack model can express all the effects of possible attacks on the given system. We define different concepts of security and give conditions under which detectability of the attacks is possible. Moreover, diagnosability of an FSM affected by multiple attacks is addressed, and the special case of critical observability under attack is characterized. Note to Practitioners - Nowadays, cyber-physical systems (CPSs) are being widely used in industry and the extensive use of communication networks by CPSs raises the concern of vulnerability to malicious attacks. Therefore, it is a major challenge to detect the attack specifically when multiple attacks might launch on different sensors or communication channels. These facts motivate us to investigate the attack detectability properties of a system modeled by Finite State Machines (FSMs). To this end, we consider one of the well-known types of cyber-attacks which can inject, replace or remove output information in the communication network, called the man-in-the-middle attack. This may also be modeled by an FSM. In this paper, we provide a good understanding of the security level of a system under this powerful kind of attack, which can provide better insight into the weaknesses and strengths of the system before designing a supervisor. In some applications e.g. in air traffic control, the designer needs to detect if a state belongs to a 'critical set', i.e. a set of dangerous or unsafe states. As a second important contribution of the paper, we investigate under which conditions this is possible even if the system is under attack. An extension to the more general property of diagnosability is illustrated.

Security and Diagnosability of Finite State Machines Under Cyber-Attacks

Shamloo, Naeimeh Fakhr
;
Santis, Elena De;Benedetto, Maria Domenica Di
2024-01-01

Abstract

In many applications, security is a serious issue due to the high risk of cyber-attacks. An adversary can cause severe damage by providing wrong information about the system and consequently leading the controller to perform incorrectly. Detecting any malicious activity is necessary to cover up its negative effects and make the system operate reliably. In this paper, we propose a new approach to analyze security and diagnosability of a Finite-state machine (FSM) under multiple attacks. Different kinds of attacks are modeled by an FSM and the composition of the nominal and attack model can express all the effects of possible attacks on the given system. We define different concepts of security and give conditions under which detectability of the attacks is possible. Moreover, diagnosability of an FSM affected by multiple attacks is addressed, and the special case of critical observability under attack is characterized. Note to Practitioners - Nowadays, cyber-physical systems (CPSs) are being widely used in industry and the extensive use of communication networks by CPSs raises the concern of vulnerability to malicious attacks. Therefore, it is a major challenge to detect the attack specifically when multiple attacks might launch on different sensors or communication channels. These facts motivate us to investigate the attack detectability properties of a system modeled by Finite State Machines (FSMs). To this end, we consider one of the well-known types of cyber-attacks which can inject, replace or remove output information in the communication network, called the man-in-the-middle attack. This may also be modeled by an FSM. In this paper, we provide a good understanding of the security level of a system under this powerful kind of attack, which can provide better insight into the weaknesses and strengths of the system before designing a supervisor. In some applications e.g. in air traffic control, the designer needs to detect if a state belongs to a 'critical set', i.e. a set of dangerous or unsafe states. As a second important contribution of the paper, we investigate under which conditions this is possible even if the system is under attack. An extension to the more general property of diagnosability is illustrated.
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11697/255699
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? 0
social impact