| dc.description.abstract | Critical infrastructures such as power grids, water treatment and distribution facilities,
and Building Automation Systems (BAS) have come to employ Cyber-Physical Systems
(CPSs) in which physical devices or components are coordinated and controlled through
communication networks. Due to the criticalness of the infrastructures in which CPSs
are deployed, they have become a ripe target for cyber-attacks. This work focuses on
developing solutions to protect CPSs from cyber-attacks.
To understand the network traffic behavior in a CPS, a collection of BACnet traffic
was collected from a real-world BAS network. We conducted in-depth traffic analysis
and observed that BACnet traffic can be classified into three categories: Time-driven,
Human-driven, and Event-driven. Based on the observed traffic behavior, we developed
“THE-driven” anomaly detector which adopts different mechanisms for each category of
traffic. In addition, Commensurate Response (CR) was introduced to improve the system
resilience and attack survivability of the CPS. CR forces the footprint of the attack
to be commensurate with its impact on the system. Next, Path Redundancy was proposed
to counter compromised embedded controllers which could be leveraged by attackers to
launch data integrity attacks and false command attacks. As an extension of Path Redundancy,
a new CPS architecture is introduced to provide data replica and enable control
switching when a controller is attacked. The new architecture leverages virtualization
to overcome Single-Point-of-Failures (SPOFs) without requiring additional hardware devices. | en |
