Visible to the public Biblio

Found 107 results

Submitted
2019
Ákos Lédeczi, MiklÓs MarÓti, Hamid Zare, Bernard Yett, Nicole Hutchins, Brian Broll, Peter Volgyesi, Michael B. Smith, Timothy Darrah, Mary Metelko et al..  2019.  Teaching Cybersecurity with Networked Robots. 50th ACM Technical Symposium on Computer Science Education . :885-891.

The paper presents RoboScape, a collaborative, networked robotics environment that makes key ideas in computer science accessible to groups of learners in informal learning spaces and K-12 classrooms. RoboScape is built on top of NetsBlox, an open-source, networked, visual programming environment based on Snap! that is specifically designed to introduce students to distributed computation and computer networking. RoboScape provides a twist on the state of the art of robotics learning platforms. First, a user's program controlling the robot runs in the browser and not on the robot. There is no need to download the program to the robot and hence, development and debugging become much easier. Second, the wireless communication between a student's program and the robot can be overheard by the programs of the other students. This makes cybersecurity an immediate need that students realize and can work to address. We have designed and delivered a cybersecurity summer camp to 24 students in grades between 7 and 12. The paper summarizes the technology behind RoboScape, the hands-on curriculum of the camp and the lessons learned.

Amin Ghafouri, Xenofon Koutsoukos, Yevgeniy Vorobeychik, Waseem Abbas, Aron Laszka.  2019.  A game-theoretic approach for selecting optimal time-dependent thresholds for anomaly detection. International Foundation for Autonomous Agents and Multi-Agent Systems Journal. 33

Adversaries may cause significant damage to smart infrastructure using malicious attacks. To detect and mitigate these attacks before they can cause physical damage, operators can deploy anomaly detection systems (ADS), which can alarm operators to suspicious activities. However, detection thresholds of ADS need to be configured properly, as an oversensitive detector raises a prohibitively large number of false alarms, while an undersensitive detector may miss actual attacks. This is an especially challenging problem in dynamical environments, where the impact of attacks may significantly vary over time. Using a game-theoretic approach, we formulate the problem of computing optimal detection thresholds which minimize both the number of false alarms and the probability of missing actual attacks as a two-player Stackelberg security game. We provide an efficient dynamic programming-based algorithm for solving the game, thereby finding optimal detection thresholds. We analyze the performance of the proposed algorithm and show that its running time scales polynomially as the length of the time horizon of interest increases. In addition, we study the problem of finding optimal thresholds in the presence of both random faults and attacks. Finally, we evaluate our result using a case study of contamination attacks in water networks, and show that our optimal thresholds significantly outperform fixed thresholds that do not consider that the environment is dynamical.

2018
Aron Laszka, Waseem Abbas, Yevgeniy Vorobeychik, Xenofon Koutsoukos.  2018.  Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening. IEEE International Conference on Industrial Internet (ICII). :153-158.

As the Industrial Internet of Things (IIot) becomes more prevalent in critical application domains, ensuring security and resilience in the face of cyber-attacks is becoming an issue of paramount importance. Cyber-attacks against critical infrastructures, for example, against smart water-distribution and transportation systems, pose serious threats to public health and safety. Owing to the severity of these threats, a variety of security techniques are available. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach for designing secure and resilient IIoT systems, which integrates redundancy, diversity, and hardening techniques. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design by determining security investments in redundancy, diversity, and hardening. To demonstrate the applicability of our framework, we present a case study in water-distribution systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risk at the same cost.

Jiani Li, Xenofon Koutsoukos.  2018.  Resilient Distributed Diffusion for Multi-task Estimation. 14th International Conference on Distributed Computing in Sensor Systems (DCOSS). :93-102.

Distributed diffusion is a powerful algorithm for multi-task state estimation which enables networked agents to interact with neighbors to process input data and diffuse infor- mation across the network. Compared to a centralized approach, diffusion offers multiple advantages that include robustness to node and link failures. In this paper, we consider distributed diffusion for multi-task estimation where networked agents must estimate distinct but correlated states of interest by processing streaming data. By exploiting the adaptive weights used for diffusing information, we develop attack models that drive normal agents to converge to states selected by the attacker. The attack models can be used for both stationary and non- stationary state estimation. In addition, we develop a resilient distributed diffusion algorithm under the assumption that the number of compromised nodes in the neighborhood of each normal node is bounded by F and we show that resilience may be obtained at the cost of performance degradation. Finally, we evaluate the proposed attack models and resilient distributed diffusion algorithm using stationary and non-stationary multi- target localization.

Xenofon Koutsoukos, Gabor Karsai, Aron Laszka, Himanshu Neema, Bradley Potteiger, Peter Volgyesi, Yevgeniy Vorobeychik, Janos Sztipanovits.  2018.  SURE: A Modeling and Simulation Integration Platform for Evaluation of Secure and Resilient Cyber–Physical Systems. Proceedings of the IEEE. 106:93-112.

The exponential growth of information and communication technologies have caused a profound shift in the way humans engineer systems leading to the emergence of closed-loop systems involving strong integration and coordination of physical and cyber components, often referred to as cyber-physical systems (CPSs). Because of these disruptive changes, physical systems can now be attacked through cyberspace and cyberspace can be attacked through physical means. The paper considers security and resilience as system properties emerging from the intersection of system dynamics and the computing architecture. A modeling and simulation integration platform for experimentation and evaluation of resilient CPSs is presented using smart transportation systems as the application domain. Evaluation of resilience is based on attacker-defender games using simulations of sufficient fidelity. The platform integrates 1) realistic models of cyber and physical components and their interactions; 2) cyber attack models that focus on the impact of attacks to CPS behavior and operation; and 3) operational scenarios that can be used for evaluation of cybersecurity risks. Three case studies are presented to demonstrate the advantages of the platform: 1) vulnerability analysis of transportation networks to traffic signal tampering; 2) resilient sensor selection for forecasting traffic flow; and 3) resilient traffic signal control in the presence of denial-of-service attacks.

Saqib Hasan, Amin Ghafouri, Abhishek Dubey, Gabor Karsai, Xenofon Koutsoukos.  2018.  Vulnerability analysis of power systems based on cyber-attack and defense models. 2018 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1-5.

Reliable operation of power systems is a primary challenge for the system operators. With the advancement in technology and grid automation, power systems are becoming more vulnerable to cyber-attacks. The main goal of adversaries is to take advantage of these vulnerabilities and destabilize the system. This paper describes a game-theoretic approach to attacker / defender modeling in power systems. In our models, the attacker can strategically identify the subset of substations that maximize damage when compromised. However, the defender can identify the critical subset of substations to protect in order to minimize the damage when an attacker launches a cyber-attack. The algorithms for these models are applied to the standard IEEE-14, 39, and 57 bus examples to identify the critical set of substations given an attacker and a defender budget.

Waseem Abbas, Aron Laszka, Xenofon Koutsoukos.  2018.  Improving Network Connectivity and Robustness Using Trusted Nodes With Application to Resilient Consensus. IEEE Transactions on Control of Network Systems. 5:2036-2048.

To observe and control a networked system, especially in failure-prone circumstances, it is imperative that the underlying network structure be robust against node or link failures. A common approach for increasing network robustness is redundancy: deploying additional nodes and establishing new links between nodes, which could be prohibitively expensive. This paper addresses the problem of improving structural robustness of networks without adding extra links. The main idea is to ensure that a small subset of nodes, referred to as the trusted nodes, remains intact and functions correctly at all times. We extend two fundamental metrics of structural robustness with the notion of trusted nodes, network connectivity, and r-robustness, and then show that by controlling the number and location of trusted nodes, any desired connectivity and robustness can be achieved without adding extra links. We study the complexity of finding trusted nodes and construction of robust networks with trusted nodes. Finally, we present a resilient consensus algorithm with trusted nodes and show that, unlike existing algorithms, resilient consensus is possible in sparse networks containing few trusted nodes.

Amin Ghafouri, Aron Laszka, Xenofon Koutsoukos.  2018.  Application-Aware Anomaly Detection of Sensor Measurements in Cyber-Physical Systems. Sensors. 18:2448.

Detection errors such as false alarms and undetected faults are inevitable in any practical anomaly detection system. These errors can create potentially significant problems in the underlying application. In particular, false alarms can result in performing unnecessary recovery actions while missed detections can result in failing to perform recovery which can lead to severe consequences. In this paper, we present an approach for application-aware anomaly detection (AAAD). Our approach takes an existing anomaly detector and configures it to minimize the impact of detection errors. The configuration of the detectors is chosen so that application performance in the presence of detection errors is as close as possible to the performance that could have been obtained if there were no detection errors. We evaluate our result using a case study of real-time control of traffic signals, and show that the approach outperforms significantly several baseline detectors.

Amin Ghafouri, Xenofon Koutsoukos, Yevgeniy Vorobeychik.  2018.  Adversarial Regression for Detecting Attacks in Cyber-Physical Systems. Twenty-Seventh International Joint Conference on Artificial Intelligence.

Attacks in cyber-physical systems (CPS) which manipulate sensor readings can cause enormous physical damage if undetected. Detection of attacks on sensors is crucial to mitigate this issue. We study supervised regression as a means to detect anoma- lous sensor readings, where each sensor’s measure- ment is predicted as a function of other sensors. We show that several common learning approaches in this context are still vulnerable to stealthy at- tacks, which carefully modify readings of compro- mised sensors to cause desired damage while re- maining undetected. Next, we model the interac- tion between the CPS defender and attacker as a Stackelberg game in which the defender chooses detection thresholds, while the attacker deploys a stealthy attack in response. We present a heuris- tic algorithm for finding an approximately optimal threshold for the defender in this game, and show that it increases system resilience to attacks without significantly increasing the false alarm rate.

2017
Bradley Potteiger, William Emfinger, Himanshu Neema, Xenofon Koutsoukos, CheeYee Tang, Keith Stouffer.  2017.  Evaluating the effects of cyber-attacks on cyber physical systems using a hardware-in-the-loop simulation testbed. Resilience Week (RWS). :177-183.

Cyber-Physical Systems (CPS) consist of embedded computers with sensing and actuation capability, and are integrated into and tightly coupled with a physical system. Because the physical and cyber components of the system are tightly coupled, cyber-security is important for ensuring the system functions properly and safely. However, the effects of a cyberattack on the whole system may be difficult to determine, analyze, and therefore detect and mitigate. This work presents a model based software development framework integrated with a hardware-in-the-loop (HIL) testbed for rapidly deploying CPS attack experiments. The framework provides the ability to emulate low level attacks and obtain platform specific performance measurements that are difficult to obtain in a traditional simulation environment. The framework improves the cybersecurity design process which can become more informed and customized to the production environment of a CPS. The developed framework is illustrated with a case study of a railway transportation system.

Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos.  2017.  Improving Network Connectivity Using Trusted Nodes and Edges. American Control Conference (ACC 2017).

Network connectivity is a primary attribute and a characteristic phenomenon of any networked system. A high connectivity is often desired within networks; for instance to increase robustness to failures, and resilience against attacks. A typical approach to increasing network connectivity is to strategically add links; however, adding links is not always the most suitable option. In this paper, we propose an alternative approach to improving network connectivity, that is by making a small subset of nodes and edges “trusted,” which means that such nodes and edges remain intact at all times and are insusceptible to failures. We then show that by controlling the number of trusted nodes and edges, any desired level of network connectivity can be obtained. Along with characterizing network connectivity with trusted nodes and edges, we present heuristics to compute a small number of such nodes and edges. Finally, we illustrate our results on various networks.

Suli Zou, Ian Hiskens, Zhongjing Ma, Xiangdong Liu.  2017.  Consensus-Based Coordination of Electric Vehicle Charging. IFAC World Congress.
As the population of electric vehicles (EVs) grows, coordinating their charging over a finite time horizon will become increasingly important. Recent work established a framework for EV charging coordination where a central node broadcast a price signal that facilitated the tradeoff between the total generation cost and local costs associated with battery degradation and distribution network overloading. This paper considers a completely distributed protocol where the central node is eliminated. Instead, a consensus algorithm is used to fully distribute the price update mechanism. Each EV computes a local price through its estimate of the total EV charging demand, and exchanges this information with its neighbours. A consensus algorithm establishes the average over all the EV-based prices. It is shown that under a reasonable assumption, the price update mechanism is a Krasnoselskij iteration, and this iteration is guaranteed to converge to a fixed point. Furthermore, this iterative process converges to the unique and efficient solution.
Suli Zou, Ian Hiskens, Zhongjing Ma.  2017.  Decentralized Coordination of Controlled Loads and Transformers in a Hierarchical Structure. IFAC World Congress.
This paper considers the coordination of controlled loads in a framework that loads connect to the distribution network through transformers. Our objective is designing a decentralized control method that can motivate selfish loads to achieve global benefits. We formulate this problem as a hierarchical model. In the lower level, each transformer broadcasts a price signal to the loads connect to it, under which loads implement individual best strategies. While in the upper level, transformers communicate with the distribution network and obtain a price reflecting the system generation cost. Each transformer determines a price including this price and another part reflecting individual characteristics. By proposing a dynamic update algorithm, our results build that the system converges to the unique and efficient solution with fast convergence speed.
Salman Nazir, Ian Hiskens.  2017.  Load Synchronization and Sustained Oscillations Induced by Transactive Control. IEEE Power and Energy Society General Meeting.
Transactive or market-based coordination strategies have recently been proposed to control the aggregate demand of a large number of electric loads. While several operational benefits can be achieved, such as reducing the demand below distribution feeder capacity limits and providing users with flexibility to consume energy based on the price they are willing to pay, our work focuses on studying the impact of market based coordination mechanisms on load synchronization and power oscillations. We adopt the transactive energy framework and apply it to a population of thermostatically controlled loads (TCLs). We present a modified TCL switching logic that takes into account market coordination signals, alongside the natural switching conditions. Our studies suggest that several factors, in a market-based coordination mechanism, could contribute to load synchronism, including sharp changes in market prices broadcast to loads, lack of diversity in user specified bid curves, feeder limits being encountered periodically and being set too low, and the form of user bid curves. All these factors can contribute in various ways to synchronization of TCL behavior and lead to power oscillations. The case studies provide novel insights into challenges associated with market-based coordination strategies, thereby providing a basis for modifications that address those issues.
Salman Nazir, Ian Hiskens.  2017.  Noise and Parameter Heterogeneity in Aggregate Models of Thermostatically Controlled Loads. IFAC World Congress.
Aggregate models are used in the analysis and control of large populations of thermostatically controlled loads (TCLs), such as air-conditioners and water heaters. The fidelity of such models is studied by analyzing the influences of noise and parameter heterogeneity on TCL aggregate dynamics. While TCLs can provide valuable services to the power systems, control may cause their temperatures to synchronize, which may then lead to undesirable power oscillations. Recent works have shown that the aggregate dynamics of TCLs can be modeled by tracking the evolution of probability densities over discrete temperature ranges or bins. To accurately capture oscillations in aggregate power, such bin-based models require a large number of bins. The process of obtaining the Markov state transition matrix that governs the dynamics can be computationally intensive when using Monte Carlo based system identification techniques. Existing analytical techniques are further limited as noise and heterogeneity in several thermal parameters are difficult to incorporate. These challenges are addressed by developing a fast analytical technique that incorporates noise and heterogeneity into bin-based aggregate models. Results show the identified and the analytical models match very closely. Studies consider the influence of model error, noise and parameter heterogeneity on the damping of oscillations. Results demonstrate that for a specific bin width, the model can be invariant to quantifiable levels of noise and parameter heterogeneity. Finally, a discussion is provided of cases where existing bin models may face challenges in capturing the influence of heterogeneity.
Aron Laszka, Yevgeniy Vorobeychik, Xenofon Koutsoukos.  2017.  A game-theoretic approach for integrity assurance in resource-bounded systems. International Journal of Information Security.

Assuring communication integrity is a central problem in security. However, overhead costs associated with cryptographic primitives used towards this end introduce significant practical implementation challenges for resource-bounded systems, such as cyberphysical systems. For example, many control systems are built on legacy components which are computationally limited but have strict timing constraints. If integrity protection is a binary decision, it may simply be infeasible to introduce into such systems; without it, however, an adversary can forge malicious messages, which can cause significant physical or financial harm. To bridge the gap between such binary decisions, we propose a stochastic message authentication approach that can explicitly trade computational cost off for security. We introduce a formal game-theoretic framework for optimal stochastic message authentication, providing provable guarantees for resource-bounded systems based on an existing message authentication scheme. We use our framework to investigate attacker deterrence, as well as optimal stochastic message authentication when deterrence is impossible, in both short-term and long-term equilibria. Additionally, we propose two schemes for implementing stochastic message authentication in practice, one for saving computation only at the receiver and one for saving computation at both ends, and demonstrate the associated computational savings using an actual implementation.

Aron Laszka, Yevgeniy Vorobeychik, Daniel Fabbri, Chao Yan, Bradley Malin.  2017.  A Game-Theoretic Approach for Alert Prioritization. AAAI-17 Workshop on Artificial Intelligence for Cyber Security (AICS).
The quantity of information that is collected and stored in computer systems continues to grow rapidly. At the same time, the sensitivity of such information (e.g., detailed medical records) often makes such information valuable to both external attackers, who may obtain information by compromising a system, and malicious insiders, who may misuse information by exercising their authorization. To mitigate compromises and deter misuse, the security administrators of these resources often deploy various types of intrusion and misuse detection systems, which provide alerts of suspicious events that are worthy of follow-up review. However, in practice, these systems may generate a large number of false alerts, wasting the time of investigators. Given that security administrators have limited budget for investigating alerts, they must prioritize certain types of alerts over others. An important challenge in alert prioritization is that adversaries may take advantage of such behavior to evade detection - specifically by mounting attacks that trigger alerts that are less likely to be investigated. In this paper, we model alert prioritization with adaptive adversaries using a Stackelberg game and introduce an approach to compute the optimal prioritization of alert types. We evaluate our approach using both synthetic data and a real-world dataset of alerts generated from the audit logs of an electronic medical record system in use at a large academic medical center.
Nika Haghtalab, Aron Laszka, Ariel Procaccia, Yevgeniy Vorobeychik, Xenofon Koutsoukos.  2017.  Monitoring Stealthy Diffusion. Knowledge and Information Systems.
(No abstract.)
Waseem Abbas, Aron Laszka, Xenofon Koutsoukos.  2017.  Graph-Theoretic Approach for Increasing Participation in Social Sensing. 2nd International Workshop on Social Sensing (SocialSens 2017).
Participatory sensing enables individuals, each with limited sensing capability, to share measurements and contribute towards developing a complete knowledge of their environment. The success of a participatory sensing application is often measured in terms of the number of users participating. In most cases, an individual’s eagerness to participate depends on the group of users who already participate. For instance, when users share data with their peers in a social network, the engagement of an individual depends on its peers. Such engagement rules have been studied in the context of social networks using the concept of k-core, which assumes that participation is determined solely by network topology. However, in participatory sensing, engagement rules must also consider user heterogeneity, such as differences in sensing capabilities and physical location. To account for heterogeneity, we introduce the concept of (r,s)-core to model the set of participating users. We formulate the problem of maximizing the size of the (r,s)-core using 1) anchor users, who are incentivized to participate regardless of their peers, and by 2) assigning capabilities to users. Since these problems are computationally challenging, we study heuristic algorithms for solving them. Based on real-world social networks as well as random graphs, we provide numerical results showing significant improvement compared to random selection of anchor nodes and label assignments.
Amin Ghafouri, Aron Laszka, Abhishek Dubey, Xenofon Koutsoukos.  2017.  Optimal Detection of Fault Traffic Sensors Used in Route Planning. 2nd International Workshop on Science of Smart City Operations and Platforms Engineering (SCOPE).

In a smart city, real-time traffic sensors may be deployed for various applications, such as route planning. Unfortunately, sensors are prone to failures, which result in erroneous traffic data. Erroneous data can adversely affect applications such as route planning, and can cause increased travel time and environmental impact. To minimize the impact of sensor failures, we must detect them promptly and with high accuracy. However, typical detection algorithms may lead to a large number of false positives (i.e., false alarms) and false negatives (i.e., missed detections), which can result in suboptimal route planning. In this paper, we devise an effective detector for identifying faulty traffic sensors using a prediction model based on Gaussian Processes. Further, we present an approach for computing the optimal parameters of the detector which minimize losses due to falsepositive and false-negative errors. We also characterize critical sensors, whose failure can have high impact on the route planning application. Finally, we implement our method and evaluate it numerically using a real-world dataset and the route planning platform OpenTripPlanner.

Lina Sela Perelman, Waseem Abbas, Saurabh Amin, Xenofon Koutsoukos.  2017.  Resilient Sensor Placement for Fault Localization in Water Distribution Networks. 8th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2017).

In this paper, we study the sensor placement problem in urban water networks that maximizes the localization of pipe failures given that some sensors give incorrect outputs. False output of a sensor might be the result of degradation in sensor's hardware, software fault, or might be due to a cyber-attack on the sensor. Incorrect outputs from such sensors can have any possible values which could lead to an inaccurate localization of a failure event. We formulate the optimal sensor placement problem with erroneous sensors as a set multicover problem, which is NP-hard, and then discuss a polynomial time heuristic to obtain efficient solutions. In this direction, we first examine the physical model of the disturbance propagating in the network as a result of a failure event, and outline the multi-level sensing model that captures several event features. Second, using a combinatorial approach, we solve the problem of sensor placement that maximizes the localization of pipe failures by selecting $m$ sensors out of which at most $e$ give incorrect outputs. We propose various localization performance metrics, and numerically evaluate our approach on a benchmark and a real water distribution network. Finally, using computational experiments, we study relationships between design parameters such as the total number of sensors, the number of sensors with errors, and extracted signal features.