Learning-guided network fuzzing for testing cyber-physical system defences
The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4905 https://ink.library.smu.edu.sg/context/sis_research/article/5908/viewcontent/Chen_Poskitt_et_al.ASE.2019.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5908 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-59082020-02-13T07:46:33Z Learning-guided network fuzzing for testing cyber-physical system defences CHEN, Yuqi POSKITT, Christopher M. SUN, Jun ADEPU, Sridhar ZHANG, Fan The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding 'test suites' of CPS network attacks, without requiring any knowledge of the system's control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. We demonstrate the efficacy of smart fuzzing by implementing it for two real-world CPS testbeds---a water purification plant and a water distribution system---finding attacks that drive them into 27 different unsafe states involving water flow, pressure, and tank levels, including six that were not covered by an established attack benchmark. Finally, we use our approach to test the effectiveness of an invariant-based defence system for the water treatment plant, finding two attacks that were not detected by its physical invariant checks, highlighting a potential weakness that could be exploited in certain conditions. 2020-01-09T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4905 info:doi/10.1109/ASE.2019.00093 https://ink.library.smu.edu.sg/context/sis_research/article/5908/viewcontent/Chen_Poskitt_et_al.ASE.2019.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University cyber-physical systems fuzzing testing benchmark generation machine learning metaheuristic optimisation Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
cyber-physical systems fuzzing testing benchmark generation machine learning metaheuristic optimisation Software Engineering |
| spellingShingle |
cyber-physical systems fuzzing testing benchmark generation machine learning metaheuristic optimisation Software Engineering CHEN, Yuqi POSKITT, Christopher M. SUN, Jun ADEPU, Sridhar ZHANG, Fan Learning-guided network fuzzing for testing cyber-physical system defences |
| description |
The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding 'test suites' of CPS network attacks, without requiring any knowledge of the system's control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. We demonstrate the efficacy of smart fuzzing by implementing it for two real-world CPS testbeds---a water purification plant and a water distribution system---finding attacks that drive them into 27 different unsafe states involving water flow, pressure, and tank levels, including six that were not covered by an established attack benchmark. Finally, we use our approach to test the effectiveness of an invariant-based defence system for the water treatment plant, finding two attacks that were not detected by its physical invariant checks, highlighting a potential weakness that could be exploited in certain conditions. |
| format |
text |
| author |
CHEN, Yuqi POSKITT, Christopher M. SUN, Jun ADEPU, Sridhar ZHANG, Fan |
| author_facet |
CHEN, Yuqi POSKITT, Christopher M. SUN, Jun ADEPU, Sridhar ZHANG, Fan |
| author_sort |
CHEN, Yuqi |
| title |
Learning-guided network fuzzing for testing cyber-physical system defences |
| title_short |
Learning-guided network fuzzing for testing cyber-physical system defences |
| title_full |
Learning-guided network fuzzing for testing cyber-physical system defences |
| title_fullStr |
Learning-guided network fuzzing for testing cyber-physical system defences |
| title_full_unstemmed |
Learning-guided network fuzzing for testing cyber-physical system defences |
| title_sort |
learning-guided network fuzzing for testing cyber-physical system defences |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/4905 https://ink.library.smu.edu.sg/context/sis_research/article/5908/viewcontent/Chen_Poskitt_et_al.ASE.2019.pdf |
| _version_ |
1770575091271204864 |