Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode
We consider the trusted operation of cyber-physical processes based on an assessment of the system’s state and operating mode and present a method for detecting anomalies in the behavior of a cyber-physical system (CPS) based on the analysis of the data transmitted by its sensory subsystem. Probabil...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-02-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/23/4/1996 |
| _version_ | 1797618256499965952 |
|---|---|
| author | Elena Basan Alexandr Basan Alexey Nekrasov Colin Fidge Evgeniya Ishchukova Anatoly Basyuk Alexandr Lesnikov |
| author_facet | Elena Basan Alexandr Basan Alexey Nekrasov Colin Fidge Evgeniya Ishchukova Anatoly Basyuk Alexandr Lesnikov |
| author_sort | Elena Basan |
| collection | DOAJ |
| description | We consider the trusted operation of cyber-physical processes based on an assessment of the system’s state and operating mode and present a method for detecting anomalies in the behavior of a cyber-physical system (CPS) based on the analysis of the data transmitted by its sensory subsystem. Probability theory and mathematical statistics are used to process and normalize the data in order to determine whether or not the system is in the correct operating mode and control process state. To describe the mode-specific control processes of a CPS, the paradigm of using cyber-physical parameters is taken as a basis, as it is the feature that most clearly reflects the system’s interaction with physical processes. In this study, two metrics were taken as a sign of an anomaly: the probability of falling into the sensor values’ confidence interval and parameter change monitoring. These two metrics, as well as the current mode evaluation, produce a final probability function for our trust in the CPS’s currently executing control process, which is, in turn, determined by the operating mode of the system. Based on the results of this trust assessment, it is possible to draw a conclusion about the processing state in which the system is operating. If the score is higher than 0.6, it means the system is in a trusted state. If the score is equal to 0.6, it means the system is in an uncertain state. If the trust score tends towards zero, then the system can be interpreted as unstable or under stress due to a system failure or deliberate attack. Through a case study using cyber-attack data for an unmanned aerial vehicle (UAV), it was found that the method works well. When we were evaluating the normal flight mode, there were no false positive anomaly estimates. When we were evaluating the UAV’s state during an attack, a deviation and an untrusted state were detected. This method can be used to implement software solutions aimed at detecting system faults and cyber-attacks, and thus make decisions about the presence of malfunctions in the operation of a CPS, thereby minimizing the amount of knowledge and initial data about the system. |
| first_indexed | 2024-03-11T08:10:33Z |
| format | Article |
| id | doaj.art-1f900ad34fa0451c80c8cfd2fd9a9f1a |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-11T08:10:33Z |
| publishDate | 2023-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-1f900ad34fa0451c80c8cfd2fd9a9f1a2023-11-16T23:08:54ZengMDPI AGSensors1424-82202023-02-01234199610.3390/s23041996Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating ModeElena Basan0Alexandr Basan1Alexey Nekrasov2Colin Fidge3Evgeniya Ishchukova4Anatoly Basyuk5Alexandr Lesnikov6Institute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaInstitute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaInstitute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaFaculty of Science, Queensland University of Technology (QUT), Gardens Point Campus, Brisbane, QLD 4001, AustraliaInstitute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaInstitute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaInstitute for Computer Technologies and Information Security, Southern Federal University, Chekhova 2, 347922 Taganrog, RussiaWe consider the trusted operation of cyber-physical processes based on an assessment of the system’s state and operating mode and present a method for detecting anomalies in the behavior of a cyber-physical system (CPS) based on the analysis of the data transmitted by its sensory subsystem. Probability theory and mathematical statistics are used to process and normalize the data in order to determine whether or not the system is in the correct operating mode and control process state. To describe the mode-specific control processes of a CPS, the paradigm of using cyber-physical parameters is taken as a basis, as it is the feature that most clearly reflects the system’s interaction with physical processes. In this study, two metrics were taken as a sign of an anomaly: the probability of falling into the sensor values’ confidence interval and parameter change monitoring. These two metrics, as well as the current mode evaluation, produce a final probability function for our trust in the CPS’s currently executing control process, which is, in turn, determined by the operating mode of the system. Based on the results of this trust assessment, it is possible to draw a conclusion about the processing state in which the system is operating. If the score is higher than 0.6, it means the system is in a trusted state. If the score is equal to 0.6, it means the system is in an uncertain state. If the trust score tends towards zero, then the system can be interpreted as unstable or under stress due to a system failure or deliberate attack. Through a case study using cyber-attack data for an unmanned aerial vehicle (UAV), it was found that the method works well. When we were evaluating the normal flight mode, there were no false positive anomaly estimates. When we were evaluating the UAV’s state during an attack, a deviation and an untrusted state were detected. This method can be used to implement software solutions aimed at detecting system faults and cyber-attacks, and thus make decisions about the presence of malfunctions in the operation of a CPS, thereby minimizing the amount of knowledge and initial data about the system.https://www.mdpi.com/1424-8220/23/4/1996cyber-physical systemunmanned vehiclecyber-attacksanomaliesverification |
| spellingShingle | Elena Basan Alexandr Basan Alexey Nekrasov Colin Fidge Evgeniya Ishchukova Anatoly Basyuk Alexandr Lesnikov Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode Sensors cyber-physical system unmanned vehicle cyber-attacks anomalies verification |
| title | Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode |
| title_full | Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode |
| title_fullStr | Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode |
| title_full_unstemmed | Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode |
| title_short | Trusted Operation of Cyber-Physical Processes Based on Assessment of the System’s State and Operating Mode |
| title_sort | trusted operation of cyber physical processes based on assessment of the system s state and operating mode |
| topic | cyber-physical system unmanned vehicle cyber-attacks anomalies verification |
| url | https://www.mdpi.com/1424-8220/23/4/1996 |
| work_keys_str_mv | AT elenabasan trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT alexandrbasan trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT alexeynekrasov trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT colinfidge trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT evgeniyaishchukova trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT anatolybasyuk trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode AT alexandrlesnikov trustedoperationofcyberphysicalprocessesbasedonassessmentofthesystemsstateandoperatingmode |