首页 > 最新文献

ACM Transactions on Cyber-Physical Systems最新文献

英文 中文
Formal Specification, Verification and Repair of Contiki’s Scheduler Contiki调度程序的正式规范、验证和修复
IF 2.3 Q1 Mathematics Pub Date : 2023-07-04 DOI: 10.1145/3605948
Hassan Mousavi, Ali Ebnenasir, E. Mahmoudzadeh
This paper presents an approach for model extraction, formal specification, verification and repair of the scheduler of Contiki, which is an event-driven lightweight Operating System for the Internet of Things (IoT). We first derive a state machine-based abstraction of the scheduler’s modes of operation along with the control flow abstractions of the scheduler’s most important functions. We then use a set of transformation rules to formally specify the scheduler and all its internal functions in Promela. Additional contributions with respect to the conference version of this article include (1) modeling nested function calls in the Promela model of the scheduler using a novel technique amenable to model checking in SPIN; (2) modeling protothreads in Promela; (3) specifying and formally verifying twelve critical requirements of the scheduler; (4) detecting new design flaws in Contiki’s scheduler, for the first time (to the best of our knowledge); (5) repairing the model and the source code of Contiki’s scheduler towards fixing the flaws detected through verification, as well as regression verification of the entire model of the scheduler, and (6) experimentally analyzing the time and space costs of verification before and after repair. The proposed formal model of Contiki’s scheduler along with novel modeling techniques enhance our knowledge regarding the most critical components of Contiki, and provide reusable methods for formal specification and verification of other event-driven operating systems used in Cyber Physical Systems (CPS) and IoT.
本文提出了一种用于物联网(IoT)的事件驱动轻量级操作系统Contiki调度器的模型提取、形式化规范、验证和修复方法。我们首先推导了调度器操作模式的基于状态机的抽象,以及调度器最重要功能的控制流抽象。然后,我们使用一组转换规则来正式指定Promela中的调度器及其所有内部函数。关于本文的会议版本的其他贡献包括:(1)使用一种适用于SPIN中模型检查的新技术,在调度器的Promela模型中建模嵌套函数调用;(2) 在Promela中建模原线程;(3) 规定并正式验证调度器的十二个关键需求;(4) 首次在Contiki的调度器中检测到新的设计缺陷(据我们所知);(5) 修复Contiki调度器的模型和源代码,以修复通过验证检测到的缺陷,以及对调度器的整个模型进行回归验证,以及(6)实验分析修复前后验证的时间和空间成本。所提出的Contiki调度器的正式模型以及新颖的建模技术增强了我们对Contiki最关键组件的了解,并为网络物理系统(CPS)和物联网中使用的其他事件驱动操作系统的正式规范和验证提供了可重用的方法。
{"title":"Formal Specification, Verification and Repair of Contiki’s Scheduler","authors":"Hassan Mousavi, Ali Ebnenasir, E. Mahmoudzadeh","doi":"10.1145/3605948","DOIUrl":"https://doi.org/10.1145/3605948","url":null,"abstract":"This paper presents an approach for model extraction, formal specification, verification and repair of the scheduler of Contiki, which is an event-driven lightweight Operating System for the Internet of Things (IoT). We first derive a state machine-based abstraction of the scheduler’s modes of operation along with the control flow abstractions of the scheduler’s most important functions. We then use a set of transformation rules to formally specify the scheduler and all its internal functions in Promela. Additional contributions with respect to the conference version of this article include (1) modeling nested function calls in the Promela model of the scheduler using a novel technique amenable to model checking in SPIN; (2) modeling protothreads in Promela; (3) specifying and formally verifying twelve critical requirements of the scheduler; (4) detecting new design flaws in Contiki’s scheduler, for the first time (to the best of our knowledge); (5) repairing the model and the source code of Contiki’s scheduler towards fixing the flaws detected through verification, as well as regression verification of the entire model of the scheduler, and (6) experimentally analyzing the time and space costs of verification before and after repair. The proposed formal model of Contiki’s scheduler along with novel modeling techniques enhance our knowledge regarding the most critical components of Contiki, and provide reusable methods for formal specification and verification of other event-driven operating systems used in Cyber Physical Systems (CPS) and IoT.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47497163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Performance comparison of timing-based anomaly detectors for Controller Area Network: a reproducible study 控制器局域网中基于定时的异常检测器的性能比较:一项可重复的研究
IF 2.3 Q1 Mathematics Pub Date : 2023-06-15 DOI: 10.1145/3604913
Francesco Pollicino, Dario Stabili, Mirco Marchetti
This work presents an experimental evaluation of the detection performance of eight different algorithms for anomaly detection on the Controller Area Network (CAN) bus of modern vehicles based on the analysis of the timing or frequency of CAN messages. This work solves the current limitations of related scientific literature, that is based on private dataset, lacks of open implementations, and detailed description of the detection algorithms. These drawback prevent the reproducibility of published results, and makes it impossible to compare a novel proposal against related work, thus hindering the advancement of science. This paper solves these issues by publicly releasing implementations, labeled datasets and by describing an unbiased experimental comparisons.
本工作基于对CAN消息的时间或频率的分析,对现代车辆控制器局域网(CAN)总线上八种不同的异常检测算法的检测性能进行了实验评估。这项工作解决了相关科学文献目前的局限性,即基于私人数据集,缺乏开放的实现,以及对检测算法的详细描述。这些缺点阻碍了已发表结果的再现性,并使其无法将新的提案与相关工作进行比较,从而阻碍了科学的进步。本文通过公开发布实现、标记数据集和描述无偏的实验比较来解决这些问题。
{"title":"Performance comparison of timing-based anomaly detectors for Controller Area Network: a reproducible study","authors":"Francesco Pollicino, Dario Stabili, Mirco Marchetti","doi":"10.1145/3604913","DOIUrl":"https://doi.org/10.1145/3604913","url":null,"abstract":"This work presents an experimental evaluation of the detection performance of eight different algorithms for anomaly detection on the Controller Area Network (CAN) bus of modern vehicles based on the analysis of the timing or frequency of CAN messages. This work solves the current limitations of related scientific literature, that is based on private dataset, lacks of open implementations, and detailed description of the detection algorithms. These drawback prevent the reproducibility of published results, and makes it impossible to compare a novel proposal against related work, thus hindering the advancement of science. This paper solves these issues by publicly releasing implementations, labeled datasets and by describing an unbiased experimental comparisons.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49426904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Scalable Pythagorean Mean based Incident Detection in Smart Transportation Systems 基于可扩展毕达哥拉斯均值的智能交通系统事件检测
IF 2.3 Q1 Mathematics Pub Date : 2023-06-05 DOI: 10.1145/3603381
Md. Jaminur Islam, J. P. Talusan, Shameek Bhattacharjee, F. Tiausas, Abhishek Dubey, K. Yasumoto, Sajal K. Das
Modern smart cities need smart transportation solutions to quickly detect various traffic emergencies and incidents in the city to avoid cascading traffic disruptions. To materialize this, roadside units and ambient transportation sensors are being deployed to collect speed data that enables the monitoring of traffic conditions on each road segment. In this paper, we first propose a scalable data-driven anomaly-based traffic incident detection framework for a city-scale smart transportation system. Specifically, we propose an incremental region growing approximation algorithm for optimal Spatio-temporal clustering of road segments and their data; such that road segments are strategically divided into highly correlated clusters. The highly correlated clusters enable identifying a Pythagorean Mean-based invariant as an anomaly detection metric that is highly stable under no incidents but shows a deviation in the presence of incidents. We learn the bounds of the invariants in a robust manner such that anomaly detection can generalize to unseen events, even when learning from real noisy data. Second, using cluster-level detection, we propose a folded Gaussian classifier to pinpoint the particular segment in a cluster where the incident happened in an automated manner. We perform extensive experimental validation using mobility data collected from four cities in Tennessee, compare with the state-of-the-art ML methods, to prove that our method can detect incidents within each cluster in real-time and outperforms known ML methods.
现代智慧城市需要智能交通解决方案来快速检测城市中的各种交通突发事件和事件,以避免连锁交通中断。为了实现这一目标,正在部署路边单元和周围交通传感器来收集速度数据,以便监测每个路段的交通状况。在本文中,我们首先为城市规模的智能交通系统提出了一个可扩展的数据驱动的基于异常的交通事件检测框架。具体而言,我们提出了一种增量区域增长近似算法,用于道路段及其数据的最优时空聚类;这样,路段被战略性地划分为高度相关的集群。高度相关的聚类可以识别基于毕达哥拉斯均值的不变量作为异常检测指标,该指标在没有事件的情况下高度稳定,但在事件存在时显示偏差。我们以鲁棒的方式学习不变量的边界,使得异常检测可以推广到看不见的事件,即使从真实的噪声数据中学习。其次,使用聚类级检测,我们提出了一个折叠高斯分类器,以自动方式精确定位事件发生的聚类中的特定片段。我们使用从田纳西州四个城市收集的移动数据进行了广泛的实验验证,并与最先进的ML方法进行了比较,以证明我们的方法可以实时检测每个集群中的事件,并且优于已知的ML方法。
{"title":"Scalable Pythagorean Mean based Incident Detection in Smart Transportation Systems","authors":"Md. Jaminur Islam, J. P. Talusan, Shameek Bhattacharjee, F. Tiausas, Abhishek Dubey, K. Yasumoto, Sajal K. Das","doi":"10.1145/3603381","DOIUrl":"https://doi.org/10.1145/3603381","url":null,"abstract":"Modern smart cities need smart transportation solutions to quickly detect various traffic emergencies and incidents in the city to avoid cascading traffic disruptions. To materialize this, roadside units and ambient transportation sensors are being deployed to collect speed data that enables the monitoring of traffic conditions on each road segment. In this paper, we first propose a scalable data-driven anomaly-based traffic incident detection framework for a city-scale smart transportation system. Specifically, we propose an incremental region growing approximation algorithm for optimal Spatio-temporal clustering of road segments and their data; such that road segments are strategically divided into highly correlated clusters. The highly correlated clusters enable identifying a Pythagorean Mean-based invariant as an anomaly detection metric that is highly stable under no incidents but shows a deviation in the presence of incidents. We learn the bounds of the invariants in a robust manner such that anomaly detection can generalize to unseen events, even when learning from real noisy data. Second, using cluster-level detection, we propose a folded Gaussian classifier to pinpoint the particular segment in a cluster where the incident happened in an automated manner. We perform extensive experimental validation using mobility data collected from four cities in Tennessee, compare with the state-of-the-art ML methods, to prove that our method can detect incidents within each cluster in real-time and outperforms known ML methods.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43904763","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
System Verification and Runtime Monitoring with Multiple Weakly-Hard Constraints 基于多个弱硬约束的系统验证和运行时监控
IF 2.3 Q1 Mathematics Pub Date : 2023-06-05 DOI: 10.1145/3603380
Yi-Ting Hsieh, Tzu-Tao Chang, Chen-Jun Tsai, Shih-Lun Wu, C. Bai, Kai-Chieh Chang, Chung-Wei Lin, Eunsuk Kang, Chao Huang, Qi Zhu
A weakly-hard fault model can be captured by an (m,k) constraint, where 0≤ m≤ k, meaning that there are at most m bad events (faults) among any k consecutive events. In this article, we use a weakly-hard fault model to constrain the occurrences of faults in system inputs. We develop approaches to verify properties for all possible values of (m,k), where k is smaller than or equal to a given K, in an exact and efficient manner. By verifying all possible values of (m,k), we define weakly-hard requirements for the system environment and design a runtime monitor based on counting the number of faults in system inputs. If the system environment satisfies the weakly-hard requirements, then the satisfaction of desired properties is guaranteed; otherwise, the runtime monitor can notify the system to switch to a safe mode. This is especially essential for cyber-physical systems that need to provide guarantees with limited resources and the existence of faults. Experimental results with discrete second-order control, network routing, vehicle following, and lane changing demonstrate the generality and the efficiency of the proposed approaches.
弱硬故障模型可以由(m,k)约束捕获,其中0≤m≤k,这意味着在任何k个连续事件中最多有m个坏事件(故障)。在本文中,我们使用弱硬故障模型来约束系统输入中故障的发生。我们开发了一种方法来以精确有效的方式验证(m,k)的所有可能值的性质,其中k小于或等于给定的k。通过验证(m,k)的所有可能值,我们定义了系统环境的弱硬需求,并根据系统输入中的故障数量设计了运行时监视器。如果系统环境满足弱硬性要求,则保证所需属性的满足;否则,运行时监视器可以通知系统切换到安全模式。这对于需要在有限资源和存在故障的情况下提供保证的网络物理系统来说尤其重要。离散二阶控制、网络路由、车辆跟驰和变道的实验结果证明了所提出方法的通用性和有效性。
{"title":"System Verification and Runtime Monitoring with Multiple Weakly-Hard Constraints","authors":"Yi-Ting Hsieh, Tzu-Tao Chang, Chen-Jun Tsai, Shih-Lun Wu, C. Bai, Kai-Chieh Chang, Chung-Wei Lin, Eunsuk Kang, Chao Huang, Qi Zhu","doi":"10.1145/3603380","DOIUrl":"https://doi.org/10.1145/3603380","url":null,"abstract":"A weakly-hard fault model can be captured by an (m,k) constraint, where 0≤ m≤ k, meaning that there are at most m bad events (faults) among any k consecutive events. In this article, we use a weakly-hard fault model to constrain the occurrences of faults in system inputs. We develop approaches to verify properties for all possible values of (m,k), where k is smaller than or equal to a given K, in an exact and efficient manner. By verifying all possible values of (m,k), we define weakly-hard requirements for the system environment and design a runtime monitor based on counting the number of faults in system inputs. If the system environment satisfies the weakly-hard requirements, then the satisfaction of desired properties is guaranteed; otherwise, the runtime monitor can notify the system to switch to a safe mode. This is especially essential for cyber-physical systems that need to provide guarantees with limited resources and the existence of faults. Experimental results with discrete second-order control, network routing, vehicle following, and lane changing demonstrate the generality and the efficiency of the proposed approaches.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47068232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated Adversary-in-the-Loop Cyber-Physical Defense Planning 自动循环中的对手网络物理防御计划
IF 2.3 Q1 Mathematics Pub Date : 2023-05-18 DOI: 10.1145/3596222
Sandeep Banik, Thiagarajan Ramachandran, A. Bhattacharya, S. D. Bopardikar
Security of cyber-physical systems (CPS) continues to pose new challenges due to the tight integration and operational complexity of the cyber and physical components. To address these challenges, this article presents a domain-aware, optimization-based approach to determine an effective defense strategy for CPS in an automated fashion—by emulating a strategic adversary in the loop that exploits system vulnerabilities, interconnection of the CPS, and the dynamics of the physical components. Our approach builds on an adversarial decision-making model based on a Markov Decision Process (MDP) that determines the optimal cyber (discrete) and physical (continuous) attack actions over a CPS attack graph. The defense planning problem is modeled as a non-zero-sum game between the adversary and defender. We use a model-free reinforcement learning method to solve the adversary’s problem as a function of the defense strategy. We then employ Bayesian optimization (BO) to find an approximate best-response for the defender to harden the network against the resulting adversary policy. This process is iterated multiple times to improve the strategy for both players. We demonstrate the effectiveness of our approach on a ransomware-inspired graph with a smart building system as the physical process. Numerical studies show that our method converges to a Nash equilibrium for various defender-specific costs of network hardening.
由于网络和物理组件的紧密集成和操作复杂性,网络物理系统(CPS)的安全性继续带来新的挑战。为了应对这些挑战,本文提出了一种领域感知、基于优化的方法,以自动方式确定CPS的有效防御策略——通过模拟循环中利用系统漏洞、CPS互连和物理组件动态的战略对手。我们的方法建立在基于马尔可夫决策过程(MDP)的对抗性决策模型之上,该模型确定了CPS攻击图上的最佳网络(离散)和物理(连续)攻击行为。防御计划问题被建模为对手和防御者之间的非零和博弈。我们使用无模型强化学习方法来解决作为防御策略函数的对手问题。然后,我们使用贝叶斯优化(BO)来为防御者找到近似的最佳响应,以针对由此产生的对手策略强化网络。这个过程被重复多次,以改进两个参与者的策略。我们在一个受勒索软件启发的图上展示了我们的方法的有效性,该图以智能建筑系统为物理过程。数值研究表明,对于网络强化的各种防御者特定成本,我们的方法收敛于纳什均衡。
{"title":"Automated Adversary-in-the-Loop Cyber-Physical Defense Planning","authors":"Sandeep Banik, Thiagarajan Ramachandran, A. Bhattacharya, S. D. Bopardikar","doi":"10.1145/3596222","DOIUrl":"https://doi.org/10.1145/3596222","url":null,"abstract":"Security of cyber-physical systems (CPS) continues to pose new challenges due to the tight integration and operational complexity of the cyber and physical components. To address these challenges, this article presents a domain-aware, optimization-based approach to determine an effective defense strategy for CPS in an automated fashion—by emulating a strategic adversary in the loop that exploits system vulnerabilities, interconnection of the CPS, and the dynamics of the physical components. Our approach builds on an adversarial decision-making model based on a Markov Decision Process (MDP) that determines the optimal cyber (discrete) and physical (continuous) attack actions over a CPS attack graph. The defense planning problem is modeled as a non-zero-sum game between the adversary and defender. We use a model-free reinforcement learning method to solve the adversary’s problem as a function of the defense strategy. We then employ Bayesian optimization (BO) to find an approximate best-response for the defender to harden the network against the resulting adversary policy. This process is iterated multiple times to improve the strategy for both players. We demonstrate the effectiveness of our approach on a ransomware-inspired graph with a smart building system as the physical process. Numerical studies show that our method converges to a Nash equilibrium for various defender-specific costs of network hardening.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-05-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"44954583","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Self-triggered Control with Energy Harvesting Sensor Nodes 能量收集传感器节点的自触发控制
IF 2.3 Q1 Mathematics Pub Date : 2023-05-17 DOI: 10.1145/3597311
Naomi Stricker, Yingzhao Lian, Yuning Jiang, Colin N. Jones, L. Thiele
Distributed embedded systems are pervasive components jointly operating in a wide range of applications. Moving toward energy harvesting powered systems enables their long-term, sustainable, scalable, and maintenance-free operation. When these systems are used as components of an automatic control system to sense a control plant, energy availability limits when and how often sensed data are obtainable and therefore when and how often control updates can be performed. The time-varying and non-deterministic availability of harvested energy and the necessity to plan the energy usage of the energy harvesting sensor nodes ahead of time, on the one hand, have to be balanced with the dynamically changing and complex demand for control updates from the automatic control plant and thus energy usage, on the other hand. We propose a hierarchical approach with which the resources of the energy harvesting sensor nodes are managed on a long time horizon and on a faster timescale, self-triggered model predictive control controls the plant. The controller of the harvesting-based nodes’ resources schedules the future energy usage ahead of time and the self-triggered model predictive control incorporates these time-varying energy constraints. For this novel combination of energy harvesting and automatic control systems, we derive provable properties in terms of correctness, feasibility, and performance. We evaluate the approach on a double integrator and demonstrate its usability and performance in a room temperature and air quality control case study.
分布式嵌入式系统是在广泛的应用中共同运行的普遍组件。朝着能量收集供电系统的方向发展,可以实现其长期、可持续、可扩展和免维护的运行。当这些系统用作自动控制系统的组件来感知控制工厂时,能源可用性限制了何时和多久可以获得感测数据,从而限制了何时和多久可以执行控制更新。一方面,收集能量的时变和不确定性可用性,以及提前规划能量收集传感器节点的能量使用的必要性,必须与自动控制装置对控制更新的动态变化和复杂需求以及能源使用进行平衡,另一方面。我们提出了一种分层方法,该方法可以在较长的时间范围内管理能量收集传感器节点的资源,并且在更快的时间尺度上,自触发模型预测控制可以控制工厂。基于收获的节点资源控制器提前调度未来的能源使用,自触发模型预测控制将这些时变的能源约束纳入其中。对于这种能量收集和自动控制系统的新组合,我们在正确性、可行性和性能方面得出了可证明的性质。我们在双积分器上评估了该方法,并在室温和空气质量控制案例研究中展示了其可用性和性能。
{"title":"Self-triggered Control with Energy Harvesting Sensor Nodes","authors":"Naomi Stricker, Yingzhao Lian, Yuning Jiang, Colin N. Jones, L. Thiele","doi":"10.1145/3597311","DOIUrl":"https://doi.org/10.1145/3597311","url":null,"abstract":"Distributed embedded systems are pervasive components jointly operating in a wide range of applications. Moving toward energy harvesting powered systems enables their long-term, sustainable, scalable, and maintenance-free operation. When these systems are used as components of an automatic control system to sense a control plant, energy availability limits when and how often sensed data are obtainable and therefore when and how often control updates can be performed. The time-varying and non-deterministic availability of harvested energy and the necessity to plan the energy usage of the energy harvesting sensor nodes ahead of time, on the one hand, have to be balanced with the dynamically changing and complex demand for control updates from the automatic control plant and thus energy usage, on the other hand. We propose a hierarchical approach with which the resources of the energy harvesting sensor nodes are managed on a long time horizon and on a faster timescale, self-triggered model predictive control controls the plant. The controller of the harvesting-based nodes’ resources schedules the future energy usage ahead of time and the self-triggered model predictive control incorporates these time-varying energy constraints. For this novel combination of energy harvesting and automatic control systems, we derive provable properties in terms of correctness, feasibility, and performance. We evaluate the approach on a double integrator and demonstrate its usability and performance in a room temperature and air quality control case study.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46026757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Remote Perception Attacks against Camera-based Object Recognition Systems and Countermeasures 基于摄像头的目标识别系统的远程感知攻击及对策
IF 2.3 Q1 Mathematics Pub Date : 2023-05-17 DOI: 10.1145/3596221
Yanmao Man, Ming Li, Ryan M. Gerdes
In vision-based object recognition systems imaging sensors perceive the environment and then objects are detected and classified for decision-making purposes; e.g., to maneuver an automated vehicle around an obstacle or to raise alarms for intruders in surveillance settings. In this work we demonstrate how camera-based perception can be unobtrusively manipulated to enable an attacker to create spurious objects or alter an existing object, by remotely projecting adversarial patterns into cameras, exploiting two common effects in optical imaging systems, viz., lens flare/ghost effects and auto-exposure control. To improve the robustness of the attack, we generate optimal patterns by integrating adversarial machine learning techniques with a trained end-to-end channel model. We experimentally demonstrate our attacks using a low-cost projector on three different cameras, and under different environments. Results show that, depending on the attack distance, attack success rates can reach as high as 100%, including under targeted conditions. We develop a countermeasure that reduces the problem of detecting ghost-based attacks into verifying whether there is a ghost overlapping with a detected object. We leverage spatiotemporal consistency to eliminate false positives. Evaluation on experimental data provides a worst-case equal error rate of 5%.
在基于视觉的物体识别系统中,成像传感器感知环境,然后出于决策目的对物体进行检测和分类;例如在障碍物周围操纵自动车辆或在监视设置中对入侵者发出警报。在这项工作中,我们展示了如何通过将对抗性图案远程投影到相机中,利用光学成像系统中的两种常见效果,即镜头闪光/重影效果和自动曝光控制,不引人注目地操纵基于相机的感知,使攻击者能够创建虚假对象或更改现有对象。为了提高攻击的鲁棒性,我们通过将对抗性机器学习技术与经过训练的端到端信道模型相结合来生成最优模式。我们在三个不同的相机上,在不同的环境下,使用低成本的投影仪,通过实验演示我们的攻击。结果表明,根据攻击距离的不同,包括在有针对性的条件下,攻击成功率可以高达100%。我们开发了一种对策,将检测基于重影的攻击的问题减少到验证是否存在与检测到的对象重叠的重影。我们利用时空一致性来消除误报。对实验数据的评估提供了5%的最坏情况等误差率。
{"title":"Remote Perception Attacks against Camera-based Object Recognition Systems and Countermeasures","authors":"Yanmao Man, Ming Li, Ryan M. Gerdes","doi":"10.1145/3596221","DOIUrl":"https://doi.org/10.1145/3596221","url":null,"abstract":"In vision-based object recognition systems imaging sensors perceive the environment and then objects are detected and classified for decision-making purposes; e.g., to maneuver an automated vehicle around an obstacle or to raise alarms for intruders in surveillance settings. In this work we demonstrate how camera-based perception can be unobtrusively manipulated to enable an attacker to create spurious objects or alter an existing object, by remotely projecting adversarial patterns into cameras, exploiting two common effects in optical imaging systems, viz., lens flare/ghost effects and auto-exposure control. To improve the robustness of the attack, we generate optimal patterns by integrating adversarial machine learning techniques with a trained end-to-end channel model. We experimentally demonstrate our attacks using a low-cost projector on three different cameras, and under different environments. Results show that, depending on the attack distance, attack success rates can reach as high as 100%, including under targeted conditions. We develop a countermeasure that reduces the problem of detecting ghost-based attacks into verifying whether there is a ghost overlapping with a detected object. We leverage spatiotemporal consistency to eliminate false positives. Evaluation on experimental data provides a worst-case equal error rate of 5%.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49484259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences 基于模型的安全与安保分析中的最小关键序列:共性与差异
IF 2.3 Q1 Mathematics Pub Date : 2023-05-02 DOI: 10.1145/3593811
Théo Serru, Nga Nguyen, M. Batteux, A. Rauzy
Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria. In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.
离散事件系统越来越多地被用作评估复杂系统的安全性和网络安全性的建模工具。在这两种情况下,分析都依赖于关键序列的提取。事实证明,这种方法非常强大。然而,它受到了序列数量组合爆炸的影响。为了在合理的计算资源下突破可行的极限,提取算法使用了截断和最小性标准。在本文中,我们回顾了提取算法的原理,并表明在安全分析背景下提取的关键序列与在网络安全分析背景中提取的关键顺序之间存在重要差异。基于这种彻底的比较,我们引入了一种新的截止标准,即所谓的足迹,旨在捕捉入侵者实施网络攻击的故意性。我们通过三个案例研究来说明我们的陈述,一个侧重于故障分析,两个侧重于网络攻击及其对安全的影响分析。我们通过实验证明了足迹准则的重要性。
{"title":"Minimal Critical Sequences in Model-based Safety and Security Analyses: Commonalities and Differences","authors":"Théo Serru, Nga Nguyen, M. Batteux, A. Rauzy","doi":"10.1145/3593811","DOIUrl":"https://doi.org/10.1145/3593811","url":null,"abstract":"Discrete event systems are increasingly used as a modeling tool to assess safety and cybersecurity of complex systems. In both cases, the analysis relies on the extraction of critical sequences. This approach proves to be very powerful. It suffers, however, from the combinatorial explosion of the number of sequences to look at. To push the limits of what is feasible with reasonable computational resources, extraction algorithms use cutoffs and minimality criteria. In this article, we review the principles of extraction algorithms, and we show that there are important differences between critical sequences extracted in the context of safety analyses and those extracted in the context of cybersecurity analyses. Based on this thorough comparison, we introduce a new cutoff criterion, so-called footprint, that aims at capturing the willfulness of an intruder performing a cyberattack. We illustrate our presentation by means of three case studies, one focused on the analysis of failures and two focused on the analysis of cyberattacks and their effects on safety. We show experimentally the interest of the footprint criterion.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49085060","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Toward a Distributed Trust Management System for Misbehavior Detection in the Internet of Vehicles 基于分布式信任管理的车联网故障检测系统研究
IF 2.3 Q1 Mathematics Pub Date : 2023-05-02 DOI: 10.1145/3594637
A. Mahmood, Quan Z. Sheng, W. Zhang, Yan Wang, S. Sagar
Recent considerable state-of-the-art advancements within the automotive sector, coupled with an evolution of the promising paradigms of vehicle-to-everything communication and the Internet of Vehicles (IoV), have facilitated vehicles to generate and, accordingly, disseminate an enormous amount of safety-critical and non-safety infotainment data in a bid to guarantee a highly safe, convenient, and congestion-aware road transport. These dynamic networks require intelligent security measures to ensure that the malicious messages, along with the vehicles that disseminate them, are identified and subsequently eliminated in a timely manner so that they are not in a position to harm other vehicles. Failing to do so could jeopardize the entire network, leading to fatalities and injuries amongst road users. Several researchers, over the years, have envisaged conventional cryptographic-based solutions employing certificates and the public key infrastructure for enhancing the security of vehicular networks. Nevertheless, cryptographic-based solutions are not optimum for an IoV network primarily, since the cryptographic schemes could be susceptible to compromised trust authorities and insider attacks that are highly deceptive in nature and cannot be noticed immediately and are, therefore, capable of causing catastrophic damage. Accordingly, in this article, a distributed trust management system has been proposed that ascertains the trust of all the reputation segments within an IoV network. The envisaged system takes into consideration the salient characteristics of familiarity, i.e., assessed via a subjective logic approach, similarity, and timeliness to ascertain the weights of all the reputation segments. Furthermore, an intelligent trust threshold mechanism has been developed for the identification and eviction of the misbehaving vehicles. The experimental results suggest the advantages of our proposed IoV-based trust management system in terms of optimizing the misbehavior detection and its resilience to various sorts of attacks.
汽车行业最近取得了相当大的最先进的进步,加上车对物通信和车联网(IoV)这一有前景的模式的演变,促进了车辆生成并传播大量安全关键和非安全的信息娱乐数据,以确保高度安全、方便、,以及有拥堵意识的道路运输。这些动态网络需要智能安全措施,以确保恶意信息以及传播这些信息的车辆得到识别,并随后及时消除,从而使它们不会伤害其他车辆。如果不这样做,可能会危及整个网络,导致道路使用者伤亡。多年来,一些研究人员设想了使用证书和公钥基础设施的传统密码解决方案,以增强车辆网络的安全性。然而,基于密码的解决方案主要不适用于IoV网络,因为密码方案可能容易受到信任机构受损和内部攻击的影响,这些攻击具有高度欺骗性,无法立即被注意到,因此能够造成灾难性的损害。因此,在本文中,已经提出了一种分布式信任管理系统,该系统确定IoV网络内所有信誉段的信任。设想的系统考虑了熟悉度的显著特征,即通过主观逻辑方法、相似性和及时性进行评估,以确定所有声誉细分的权重。此外,还开发了一种智能信任阈值机制,用于识别和驱逐行为不端的车辆。实验结果表明,我们提出的基于IoV的信任管理系统在优化不当行为检测及其对各种攻击的弹性方面具有优势。
{"title":"Toward a Distributed Trust Management System for Misbehavior Detection in the Internet of Vehicles","authors":"A. Mahmood, Quan Z. Sheng, W. Zhang, Yan Wang, S. Sagar","doi":"10.1145/3594637","DOIUrl":"https://doi.org/10.1145/3594637","url":null,"abstract":"Recent considerable state-of-the-art advancements within the automotive sector, coupled with an evolution of the promising paradigms of vehicle-to-everything communication and the Internet of Vehicles (IoV), have facilitated vehicles to generate and, accordingly, disseminate an enormous amount of safety-critical and non-safety infotainment data in a bid to guarantee a highly safe, convenient, and congestion-aware road transport. These dynamic networks require intelligent security measures to ensure that the malicious messages, along with the vehicles that disseminate them, are identified and subsequently eliminated in a timely manner so that they are not in a position to harm other vehicles. Failing to do so could jeopardize the entire network, leading to fatalities and injuries amongst road users. Several researchers, over the years, have envisaged conventional cryptographic-based solutions employing certificates and the public key infrastructure for enhancing the security of vehicular networks. Nevertheless, cryptographic-based solutions are not optimum for an IoV network primarily, since the cryptographic schemes could be susceptible to compromised trust authorities and insider attacks that are highly deceptive in nature and cannot be noticed immediately and are, therefore, capable of causing catastrophic damage. Accordingly, in this article, a distributed trust management system has been proposed that ascertains the trust of all the reputation segments within an IoV network. The envisaged system takes into consideration the salient characteristics of familiarity, i.e., assessed via a subjective logic approach, similarity, and timeliness to ascertain the weights of all the reputation segments. Furthermore, an intelligent trust threshold mechanism has been developed for the identification and eviction of the misbehaving vehicles. The experimental results suggest the advantages of our proposed IoV-based trust management system in terms of optimizing the misbehavior detection and its resilience to various sorts of attacks.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43775819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective 从安全角度理解工业控制系统中的网络攻击妥协指标
IF 2.3 Q1 Mathematics Pub Date : 2023-03-14 DOI: 10.1145/3587255
Mohammed Asiri, N. Saxena, Rigel Gjomemo, P. Burnap
Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment, and only limited information is provided in research articles. In this article, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally, we highlight the lessons to be learned from the literature and the future problems in the domain along with the approaches that might be taken.
近年来,针对工业控制系统(ics)的复杂和民族国家攻击有所增加,例如Stuxnet和乌克兰电网。事件发生后采取的措施对于减少损害、恢复控制和识别涉及的攻击行为者至关重要。通过监控入侵指标(ioc),事件响应器可以检测恶意活动触发器,并在较早阶段快速响应类似入侵。然而,要在关键基础设施中实现ioc,我们需要了解它们的背景和需求。遗憾的是,在ICS环境中没有关于IOC的调查论文,研究文章中提供的信息也很有限。在本文中,我们描述了IOC表示的不同标准,并讨论了限制安全调查人员在工业部门开发IOC的相关挑战。我们还讨论了ICS系统中针对网络攻击的潜在ioc。此外,我们对这个空间中的现有作品和可用工具进行了批判性分析。我们通过将这些指标映射到ICS环境中最常见的目标攻击来评估已识别ioc的有效性。最后,我们强调了从文献中吸取的教训和该领域未来的问题以及可能采取的方法。
{"title":"Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective","authors":"Mohammed Asiri, N. Saxena, Rigel Gjomemo, P. Burnap","doi":"10.1145/3587255","DOIUrl":"https://doi.org/10.1145/3587255","url":null,"abstract":"Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment, and only limited information is provided in research articles. In this article, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally, we highlight the lessons to be learned from the literature and the future problems in the domain along with the approaches that might be taken.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2023-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47967497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
期刊
ACM Transactions on Cyber-Physical Systems
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1