For cyber physical systems – often the cyber-attacks are not isolated or a single vulnerability exploitation but many vulnerabilities in different devices, network, and system architecture. For example, STUXNET exploited vulnerabilities in S7 PLCs, operating system, unprotected network paths, lack of detection mechanism etc. As a result, only monitoring devices (such as hardware counters, unusual activities in CPU or unusual events), or network traffic and application-level protocol traffic is not sufficient as some of the advanced persistent threats (APTs) camouflage themselves by injecting DLLs in legitimate libraries or applications, by making stealthy attacks which provide no significant sign of unusual activities at the device or network level etc. This necessitates one to monitor the physical dynamics of the various components of the physical system under supervisory control. Therefore, anomaly detection in the physical dynamics at various sensors is employed. However, since physical dynamics of most physical systems – such as power system has a lot of unpredictability and stochastic variation in their dynamics based on generation loss or use of renewable energy sources which are intermittent, loss of load, sudden load encroachment, faults developing suddenly in transmission or distribution lines or in generators etc, anomaly detection is not possible through signature or rule-based methods except for drastic anomalies.
Especially for stealthy attacks, it is quite challenging. For supervised learning requiring labelled data about physical dynamics is also quite rare – and most data sources are simulated or emulated. Therefore, unsupervised learning methods are often the only way to devise intrusion detection mechanisms based on anomaly detection. In this layer, continuous monitoring, and machine learning based detection of abnormal behaviour will be the main thrust of research. This requires expertise in machine learning, domain knowledge in specific critical infrastructure such as power system dynamics, or dynamics of a factory automation, in automotive and UAV control.
The main topics of research in this layer are:
i. Application of Machine Learning for Anomaly Detection based Intrusion Detection.
ii. Threat Modelling for Destabilizing Power System Dynamics, Automotive and UAV dynamics
iii. Resilient Control Algorithms for brining system to safe trajectory when destabilized by a cyber-attack.
iv. Methodology and Tools development for implement IEC 62443 and NIST Cyber Security Framework
v. Building expertise base in Securing Physical Dynamics of CPS systems