Trusted Operation of Cyber-Physical Processes Based on Assessment of the System's State and Operating Mode

Elena Basan; Alexandr Basan; Alexey Nekrasov; Colin Fidge; Evgeniya Ishchukova; Anatoly Basyuk; Alexandr Lesnikov

doi:10.3390/s23041996

Trusted Operation of Cyber-Physical Processes Based on Assessment of the System's State and Operating Mode

Sensors (Basel). 2023 Feb 10;23(4):1996. doi: 10.3390/s23041996.

Authors

Elena Basan¹, Alexandr Basan¹, Alexey Nekrasov¹, Colin Fidge², Evgeniya Ishchukova¹, Anatoly Basyuk¹, Alexandr Lesnikov¹

Affiliations

¹ Institute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, Russia.
² Faculty of Science, Queensland University of Technology (QUT), Gardens Point Campus, Brisbane, QLD 4001, Australia.

Abstract

We consider the trusted operation of cyber-physical processes based on an assessment of the system's state and operating mode and present a method for detecting anomalies in the behavior of a cyber-physical system (CPS) based on the analysis of the data transmitted by its sensory subsystem. Probability theory and mathematical statistics are used to process and normalize the data in order to determine whether or not the system is in the correct operating mode and control process state. To describe the mode-specific control processes of a CPS, the paradigm of using cyber-physical parameters is taken as a basis, as it is the feature that most clearly reflects the system's interaction with physical processes. In this study, two metrics were taken as a sign of an anomaly: the probability of falling into the sensor values' confidence interval and parameter change monitoring. These two metrics, as well as the current mode evaluation, produce a final probability function for our trust in the CPS's currently executing control process, which is, in turn, determined by the operating mode of the system. Based on the results of this trust assessment, it is possible to draw a conclusion about the processing state in which the system is operating. If the score is higher than 0.6, it means the system is in a trusted state. If the score is equal to 0.6, it means the system is in an uncertain state. If the trust score tends towards zero, then the system can be interpreted as unstable or under stress due to a system failure or deliberate attack. Through a case study using cyber-attack data for an unmanned aerial vehicle (UAV), it was found that the method works well. When we were evaluating the normal flight mode, there were no false positive anomaly estimates. When we were evaluating the UAV's state during an attack, a deviation and an untrusted state were detected. This method can be used to implement software solutions aimed at detecting system faults and cyber-attacks, and thus make decisions about the presence of malfunctions in the operation of a CPS, thereby minimizing the amount of knowledge and initial data about the system.

Keywords: anomalies; cyber-attacks; cyber-physical system; unmanned vehicle; verification.

Grants and funding

22-11-00184/Russian Science Foundation