R-print: A System Residuals-based Fingerprinting for Attack Detection in Industrial Cyber-physical Systems

Abstract

Industrial cyber-physical systems (ICPS) are widely used to facilitate accurately remote control in industrial application fields using cyberspace technologies. However, it is easily suffered from internal vulnerabilities and other external threats from cyberspace, e.g., the attacker can bypass the intrusion detection systems (IDS) to access inner network and destroy devices, due to the deployed old-fashioned hardware and software. From the view of the system control level, we propose a system residuals-based fingerprinting for attack detection, namely, R-print. We firstly abstract the actual water-level system as a physical model. Then the measurement noise and the process noise from the sensor and system operation are respectively extracted as the input of model, and the output residual is synthesized into the unique fingerprint. Furthermore, we also propose a data resampling strategy to focus on the problem that how to fast detect the injection attack with small-value false data. Finally, a small water-level control testbed was built to simulate the real-scenario of the industrial water treatment process. The experimental results verify the effectiveness of the proposed attack detection approach.