Justin Ruths

Limiting the Impact of Stealthy Attacks on Industrial Control Systems

While attacks on information systems have for most practical purposes binary outcomes (information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to cause a continuous spectrum in damages. Attackers that want to remain undetected can attempt to hide their manipulation of the system by following closely the expected behavior of the system, while injecting just enough false information at each time step to achieve their goals. In this work, we study if attack-detection can limit the impact of such stealthy attacks. We start with a comprehensive review of related work on attack detection schemes in the security and control systems community. We then show that many of those works use detection schemes that are not limiting the impact of stealthy attacks. We propose a new metric to measure the impact of stealthy attacks and how they relate to our selection on an upper bound on false alarms. We finally show that the impact of such attacks can be mitigated in several cases by the proper combination and configuration of detection schemes. We demonstrate the effectiveness of our algorithms through simulations and experiments using real ICS testbeds and real ICS systems.

A pseudospectral method for optimal control of open quantum systems

In this paper, we present a unified computational method based on pseudospectral approximations for the design of optimal pulse sequences in open quantum systems. The proposed method transforms the problem of optimal pulse design, which is formulated as a continuous-time optimal control problem, to a finite-dimensional constrained nonlinear programming problem. This resulting optimization problem can then be solved using existing numerical optimization suites. We apply the Legendre pseudospectral method to a series of optimal control problems on open quantum systems that arise in nuclear magnetic resonance spectroscopy in liquids. These problems have been well studied in previous literature and analytical optimal controls have been found. We find an excellent agreement between the maximum transfer efficiency produced by our computational method and the analytical expressions. Moreover, our method permits us to extend the analysis and address practical concerns, including smoothing discontinuous controls as well as deriving minimum-energy and time-optimal controls. The method is not restricted to the systems studied in this article and is applicable to optimal manipulation of both closed and open quantum systems.

A multidimensional pseudospectral method for optimal control of quantum ensembles

In our previous work, we have shown that the pseudospectral method is an effective and flexible computation scheme for deriving pulses for optimal control of quantum systems. In practice, however, quantum systems often exhibit variation in the parameters that characterize the system dynamics. This leads us to consider the control of an ensemble (or continuum) of quantum systems indexed by the system parameters that show variation. We cast the design of pulses as an optimal ensemble control problem and demonstrate a multidimensional pseudospectral method with several challenging examples of both closed and open quantum systems from nuclear magnetic resonance spectroscopy in liquid. We give particular attention to the ability to derive experimentally viable pulses of minimum energy or duration.

Model-based Attack Detection Scheme for Smart Water Distribution Networks

In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.

Optimal ensemble control of open quantum systems with a pseudospectral method

In this paper, we extend our previous results concerning the application of the Legendre pseudospectral method to optimal pulse design problems for open quantum systems. We now consider the more realistic case in which systems are characterized by variations in parameter values, such as relaxation rates and coupling constants. Such dispersions in system parameters motivate us to consider an ensemble of systems, each member distinct due to distinct parameter values. We demonstrate the method with systems from nuclear magnetic resonance (NMR) spectroscopy in liquid. In particular, we highlight the flexibility and robustness of the pseudospectral method approach by developing pulses that minimize the energy or total duration of the pulse sequence.

A Survey of Physics-Based Attack Detection in Cyber-Physical Systems

Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false control commands or false sensor readings. In this article, we review previous work on physics-based anomaly detection based on a unified taxonomy that allows us to identify limitations and unexplored challenges and to propose new solutions.

Exact broadband excitation of two-level systems by mapping spins to springs

Designing accurate and high-fidelity broadband pulses is an essential component in conducting quantum experiments across fields from protein spectroscopy to quantum optics. However, constructing exact and analytic broadband pulses remains unsolved due to the nonlinearity and complexity of the underlying spin system dynamics. Here, we present a nontrivial dynamic connection between nonlinear spin and linear spring systems and show the surprising result that such nonlinear and complex pulse design problems are equivalent to designing controls to steer linear harmonic oscillators under optimal forcing. We derive analytic broadband π/2 and π pulses that perform exact, or asymptotically exact, excitation and inversion over a defined bandwidth, and also with bounded amplitude. This development opens up avenues for pulse sequence design and lays a foundation for understanding the control of two-level systems.Coherent control of two-level systems is crucial for achieving fidelity in spectroscopy and quantum computing, but inherent nonlinearities and parameter variation have, to date, required an approximate, numerical approach. Here, Li et al. show how to map a spin ensemble to a spring model so analytic pulses can be designed using linear methods.

Multistage Downstream Attack Detection in a Cyber Physical System

We present an attack detection scheme for a water treatment system. We leverage the connectivity of two stages of the process to detect attacks downstream from the point of attack. Based on a mathematical model of the process, carefully crafted and executed attacks, are detected by deploying CUSUM and Bad-Data detectors. Extensive experiments are carried out and the results show the performance of the proposed scheme.

A comprehensive approach, and a case study, for conducting attack detection experiments in Cyber Physical Systems

Abstract Several methods have been proposed by researchers to detect cyber attacks in Cyber–Physical Systems (CPSs). This paper proposes a comprehensive approach for conducting experiments to assess the effectiveness of such methods in the context of a robot (Amigobot) that includes both cyber and physical components. The proposed approach includes a method for performing vulnerability analysis, several methods for attack detection, and guidelines for conducting experimental studies in the context of cyber security. The method for vulnerability analysis makes use of the Failure-Attack-CounTermeasure (FACT) graph. The experimental study to evaluate methods for attack detection comprises of three experiments. These methods have been implemented and evaluated, within and across all three experiments, with respect to their effectiveness, detection speed, and durability for injection, scaling, and stealthy attacks. The proposed guidelines define key phases and artifacts for conducting such experiments and are an adaptation of those used in Software Engineering.

Robustness of Network Controllability to Degree-Based Edge Attacks

We analyze the tolerance of network controllability to degree-based edge attacks as well as random edge failure. In particular, we leverage both control-based and reachability-based robustness metrics to investigate the case when a fixed number of controls are allowed to change locations following each attack. This ability to change the locations of controls models the more realistic scenario in which operators may have a fixed budget of resources but that these resources can be redeployed in response to attacks on the system. We also identify that the most potent targeted attack for network controllability selects edges (on average) based on betweenness centrality.