=Paper=
{{Paper
|id=Vol-2683/paper3
|storemode=property
|title=Analysis Of Attacks In Modern Cyberphysical Systems
|pdfUrl=https://ceur-ws.org/Vol-2683/paper3.pdf
|volume=Vol-2683
|authors=Yurii Shcherbyna,Nadiia Kazakova,Oleksii Fraze-Frazenko ,Lubomir Parchuts,Sergey Schneider
}}
==Analysis Of Attacks In Modern Cyberphysical Systems==
https://ceur-ws.org/Vol-2683/paper3.pdf
Analysis Of Attacks In Modern
Cyberphysical Systems
Yurii Shcherbyna Nadiia Kazakova Oleksii Fraze-Frazenko
Dept. Automated Systems and Dept. Information Technologies Dept. Information Technologies
Cybersecurity Odesa State Environmental Odesa State Environmental
Odesa State Academy of Technical University University
Regulation and Quality Odesa, Ukraine Odesa, Ukraine
Odesa, Ukraine kaz2003@ukr.net frazenko@gmail.com
shcherbinayura53@gmail.com
Lubomir Parchuts Sergey Schneider
dep. protection of information dep. Information Security
Lviv Polytechnic National Lviv Polytechnic National
University University
Lviv, Ukraine Lviv, Ukraine
par7@i.ua shnapi007@gmail.com
Abstract—Cyber-physical systems, representing the
integration of computing, network and physical processes, are I. INTRODUCTION
increasingly being implemented into critical infrastructure, The use of cyberphysical systems to improve the
processes of community management and private life of people. management of society and complex technological processes,
Due to their excessive complexity, the number of vulnerabilities lead to radical changes in society itself. Such systems are
in both the software and the physical part of the equipment
based on intelligent networks (Smart Grid), which can
significantly increases, which in turn leads to increased risks
from the implementation of possible threats. Implementation of
significantly increase the efficiency of automation of power
the overwhelming part of cyber threats occurs through infrastructure management, telecommunications and defense
intelligent telecommunication networks, attacks on data systems and other objects of strategic importance. Smart Grid
transmission protocols, intellectual part of data sources in first appeared as a term in the West to use a description of
executive mechanisms of systems, as well as local control everything related to the automation, control and management
centers of the system. The construction of adequate of power supply systems components [1]. Today, the term
requirements for the system of cybernetic protection implies a Smart Grid is used in those areas where information
careful approach to the study of the architecture and technical collection and processing systems are implemented, and
features of the cyberphysical system to be protected. As in any equipment condition monitoring in large complex systems
real engineering system, in systems of protection of cyber- [2]. Along with the benefits of public life = , production and
physics systems, modeling of internal processes plays a key role business digitalization, the threat of using digital systems to
in the analysis of their dynamic behavior. It is shown that the interfere in the sphere of other people's interests with
only model of the cyberphysical system is to describe at the malicious purposes is growing. As a result, there is a growing
formal level in spatial and temporal measure all possible need to explore issues related to responding to operational
connections between the cybernetic and physical parts of the events related to resource recovery, security control, and
functioning environment and to substantiate the characteristics automation.
that determine the quality of its functioning. This analysis of
published works shows that the most dangerous attacks used by The use of cyberphysical systems involves the
security breachers in cybernetic space are divided into attacks implementation of appropriate infrastructure, which should
such as DoS attacks, Replay attacks and Deception attacks. It is increase the reliability and security of all aspects of its
against the attacks of this type that the efforts of specialists in operation. Due to its complexity and the fact that the basis of
the field of cybernetic defense are concentrated. It is shown that such infrastructure is intelligent information and
ensuring stability, security and reliability of protection is based telecommunications networks, increases the probability of
on solving the problem of multi-purpose optimization. attacks from the external environment on critical management
procedures, the implementation of which may allow attackers
Keywords—Cyber-physical system, Cyber-security, Cyber-
to manipulate measurements, load conditions and other
Attack, DoS attack, Replay attack, Deception attacks, Wormhole
attack, cyberspace, physical space.
critical system parameters [3]. Thus, the importance of
constant monitoring of risks in the operating environment of
Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
�the system and timely prevention of illegal interference is . From a practical and theoretical point of view, it is important
obvious. It follows that the cybersecurity system is one of the to build a model of a single system before any analysis. An
main components of any modern cyberphysical system [4]. example of a model that considers a cyberphysical system as
a dynamic system with distributed parameters and a high
II. FORMULATION OF THE PROBLEM degree of automation and is used by specialists in various
fields is the model described in [8]. It makes it possible to
With the cyberphysical systems development , security formally determine such system characteristics as asynchrony
problems arise in both their physical and cyber spaces [5]. of measurements in time and control, network packet delays
The modern cyberphysical systems architecture allows the and the state of coherence of processes in the system. Within
violator to carry out parallel coordinated attacks from external modeling-based analysis, it is important that attacks be
cyberspace on elements of their infrastructure and formally described at the mathematical level. Currently, the
management. The consequences of such attacks can be events most popular and described in scientific journals attacks can
that pose a threat to human life, man-made disasters and large be divided into the following categories: attacks such as
material losses. "denial of service" (DoS attacks), Replay attacks and
The cybersecurity system should reduce the risks of Deception attacks.
threats, detect and identify abnormal system behavior, The most common attack type is DoS attack. With their
respond to intrusions, and initiate countermeasures to mitigate help, violators manage to make system resources inaccessible.
the effects of such threats and quickly restore normal Typically, they constantly send "empty" messages to the
operation. smart network domain buffers and thus block them by
Extensive security research on modern cyberphysical overloading. This allows you to block one or another of its
systems has identified a significant number of attack resources and make it impossible to exchange data between
scenarios based on specific vulnerabilities, their targets, and system entities or change the routing protocol. For
the resources required to implement them. The results of such quantitative analysis of the reduction of system performance
an analysis form the basis for the organization of appropriate from such attacks use queuing models, and also Markov and
protection [6]. Bernoulli models.
The security systems reliability is determined by careful Attacks build on queuing models can be described as
analysis of physical and cyber environments for the presence time-delayed systems, which will effectively solve the
of intentional and unintentional events that lead to threats, so problem of stability [9]. In [10], based on the analysis of the
the purpose of this work is to review the current state of the schedule of DoS-attacks, the substantiation of the method of
most common cyber attacks and defense strategies scenarios. calculating the average error in the operation of the intrusion
detection system is given. DoS-attack models based on the
Bernoulli scheme, although describing different mechanisms,
III. MAIN PART are the same, which makes it possible to effectively analyze
The appear of cyberphysical systems does not require a the performance of cyberphysical systems, using typical
fundamental revision of the protection theory. Its main part is approaches for missed measurements.
still network protection, and the main attacks type are attacks
on communication protocols, identification and authentication The next type of dangerous that is common in cyberspace
mechanisms, as well as key distribution mechanisms. At the are Replay attacks. This is an attack on the authentication
same time, the features of cyberphysical systems and their system by recording and then playing the correct message or
gradual improvement give rise to new scenarios and types of part of it [11]. Any immutable information, such as a
attacks. In relation to traditional security systems, cyberspace password or biometric data, is used to simulate authenticity.
protection systems are still in their infancy, and studies have Such an attack makes it possible to gain unauthorized access
already identified a large number of vulnerabilities that could to resources or transmit false data to disrupt the system.
lead to catastrophic attacks. Although a strategy for protection An example of a Replay attack is an attack on
and detection or mitigation already exists for most of the cyberphysical system actuators, where packets that were
detected attacks, this problem is far from being resolved. previously transmitted are transmitted instead of packets
Given the vulnerabilities of cyberphysical systems, containing control commands. Such an attack is not easy to
attacks can be implemented covertly and unpredictably [7]. identify due to the possibility of authentication procedures
Thus, an attacker could alter control information by forging and, as a consequence, the normal functioning of the
packets intercepted in the control loop using viral software, cyberphysical system may be disrupted.
illegally accessing process monitoring centers to disrupt their Using a wormhole attack, attackers intercept information
normal operation. Thus, the dynamics of the system can be between two endpoints and pass it on to other attackers, thus
disrupted if its protection is not provided at the appropriate creating a "tunnel" of control. Using this Replay-attack,
level and, therefore, cyber attacks are considered the main violators have the ability to control management processes.
type of threats in cyberspace. Obviously, violators do not need any system information to
Effective defense can be organized if it is based on carry out attacks.
mathematical models of attacks. Modeling plays a key role in
analyzing and understanding the violators' behavior dynamics
� A cryptographic authentication system is required to fight intelligent networks on which cyberphysical systems are
Replay attacks. It should provide for the availability of built.
original keys for each session. In addition to the password,
the packages must include timestamps and other additional The design of cyberphysical systems requires
control data that limit the capabilities of potential violators. simultaneous consideration of security tasks with limited
The presence of such parameters makes the packets resources and compliance with the requirements of the quality
retransmission less effective. of their operation. At the same time, to ensure stability,
security and reliability, it is necessary to solve the problem of
The most common and dangerous in cyberspace is the multi-purpose optimization.
Deception attacks. This is a type of cyber attack, the purpose
of which is to intervene in physical and cybernetic processes REFERENCES
through telecommunications systems to gain control over
[1] Janssen M.C. The Smart Grid Drivers, PAC World, 2010, 77 p.
certain parts of the cyberphysical system [12]. In principle,
[2] Amin S.M., Wollenberg B.F. Toward a Smart Grid, IEEE P&E
deception can be defined as the interaction between two Magazine, 2005, No. 3, pp. 34-41.
subjects - the attacker and the target of deception, in which
[3] MoY.KimT.H.J.BrancikK. et al.: ‘Cyber–physical security of a smart
the deceiver tries to force the target to accept the false version grid infrastructure’, Proc. IEEE, 2012, 100, (1), pp. 195–209 (doi:
of reality desired by the deceiver. 10.1109/JPROC.2011.2161428).
[4] National Institute of Standards and Technologies (NIST): ‘Guidelines
Cyberspace is very different from the natural for smart grid cybersecurity’ (NIST Special Publication, Gaithersburg,
environment. First, it is much easier to hide personal MD, 2014). Available at url:
information or identification data in cyberspace than in the http://www.dx.doi.org/10.6028/NIST.IR.7628r1.
usual interaction of subjects. Second, information in [5] SridharS.HahnA.GovindarasuM.: ‘Cyber–physical system security for
cyberspace is subject to constant change. Both of these the electric power grid’, Proc. IEEE, 2012, 100, (1), pp. 210–224 (doi:
factors contribute to the implementation of fraudulent 10.1109/JPROC.2011.2165269).
activities in cyberspace. Therefore, deception attacks do not [6] The Industrial Control Systems Cyber Emergency Response Team
have a separate typical model. Their scenarios are determined (ICS-CERT): ‘Cyber-attack against Ukrainian critical infrastructure’.
Alert (IR-ALERT-H-16-056-01), 2016. Available at url:
depending on the goals, vulnerabilities and available https://www.ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01.
resources of security violators [13]. [7] A. D’Innocenzo, F. Smarra, M. Benedetto, Resilient stabilization of
In the case of an attack on technological systems, the main multi-hop control networks subject to malicious attacks, Automatica
71 (2016) 1–9.
purposes of fraud attacks are sensor readings manipulation,
[8] X. Guan, B. Yang, C. Chen, W. Dai, Y. Wang, A comprehensive
control information forgery and access to system resources. overview of cyber-physical systems: from perspective of feedback
system, IEEE/CAA J. Autom. Sin. 3 (1) (2016) 1–14.
Over time, the fraud attacks technical complexity will
increase, due to improved countermeasures. Today, there are [9] X.-M. Zhang, Q.-L. Han, A. Seuret, F. Gouaisbaut, An improved
reciprocally convex inequality and an augmented Lyapunov —
a large number of methods to detect and stop attacks of this Krasovskii functional for stability of linear systems with time-varying
type. Success is based on the study of vulnerabilities and delay, Automatica 84 (2017) 221–226.
attack scenarios that have been used in the past, their [10] H. Zhang, P. Cheng, L. Shi, J. Chen, Optimal denial-of-service attack
assessment and finding ways to effectively counter [14]. As scheduling in cyber-physical systems, Technical Report, Zhejiang
the attacks intensity increases, so should the variety of University, 2015. (Online).
protection means. http://www.sensornet.cn/heng/HengestimationFull.pdf.
[11] Dutt, V., Ahn, Y. S., & Gonzalez, C.: Cyber situation awareness
modeling detection of cyber-attacks with instance-based learning
IV. CONCLUSION theory. Human Factors: The Journal of the Human Factors and
Ergonomics Society, 55(3), 605-618 (2013).
The main tasks of cybersecurity are to ensure the
[12] D. Ding, Z. Wang, Q.-L. Han, G. Wei, Security control for a class of
sustainable operation of cyberphysical systems by creating discretetime stochastic nonlinear systems subject to deception attacks,
their mathematical models that formally take into account the IEEE Trans. Syst. Man Cybern.Syst.
smallest features of the architecture and processes of doi:10.1109/TSMC.2016.2616544.
measurement, control and data exchange protocols. The [13] [20] D. Ding, Z. Wang, D.W.C. Ho, G. Wei, Observer-based event-
presence of such models makes it possible to analyze the triggering consensus control for multi-agent systems with lossy
detected attacks, on the basis of which counteraction sensors and cyber attacks, IEEE Trans. Cybern. 47 (8) (2017) 1936–
1947.
mechanisms are built.
[14] Sridhar, S., Govindarasu, M.: ‘Model-based attack detection and
Given the complexity of such systems and their mitigation for automatic generation control’, IEEE Trans. Smart Grid,
components dynamic behavior, it is almost impossible to 2014, 5, (2), pp. 580–591.
predict all possible scenarios of attacks in cyberspace. At the
moment, this problem is still far from being finally solved.
The published literature assumes that violators have all the
necessary system information, and defenders - possible
scenarios of attacks. For the most part this is the case, but not
always. It follows that the main problem is the openness of
�