Award Abstract # 1505664
Breakthrough: CPS-Security: Towards Provably Correct Distributed Attack-Resilient Control of Unmanned-Vehicle-Operator Networks

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: THE PENNSYLVANIA STATE UNIVERSITY
Initial Amendment Date: July 20, 2015
Latest Amendment Date: July 20, 2015
Award Number: 1505664
Award Instrument: Standard Grant
Program Manager: Ralph Wachter
rwachter@nsf.gov  (703)292-8950
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: July 15, 2015
End Date: June 30, 2019 (Estimated)
Total Intended Award Amount: $500,000.00
Total Awarded Amount to Date: $500,000.00
Funds Obligated to Date: FY 2015 = $500,000.00
History of Investigator:
  • Minghui Zhu (Principal Investigator)
  • Peng Liu (Co-Principal Investigator)
Recipient Sponsored Research Office: Pennsylvania State Univ University Park
 201 OLD MAIN
 UNIVERSITY PARK
 PA  US  16802-1503
(814)865-1372
Sponsor Congressional District: 15
Primary Place of Performance: Pennsylvania State Univ University Park
 PA  US  16802-7000
Primary Place of Performance
Congressional District:
Unique Entity Identifier (UEI): NPM2J7MSCF61
Parent UEI:
NSF Program(s): CPS-Cyber-Physical Systems,
Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7434, 8225, 8234
Program Element Code(s): 791800, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Inherent vulnerabilities of information and communication technology systems to cyber-attacks (e.g., malware) impose significant security risks to Cyber-Physical Systems (CPS). This is evidenced by a number of recent accidents. Noticeably, current distributed control of CPS is not really attack-resilient (ensuring task completion despite attacks). Although provable resilience would significantly lift the trustworthiness of CPS, existing defenses are rather ad-hoc and mainly focus on attack detection. In addition, while network attacks have been extensively studied, resilient-to-malware distributed control has been rarely investigated.

This project aims to bridge the gap. It aims to investigate provably correct distributed attack-resilient control of CPS. The project will focus on a representative class of CPS, namely unmanned-vehicle-operator networks, and its four main research thrusts are: (1) The development of a distributed attack-resilient control framework to ensure task completion of multiple vehicles despite network attacks and malware attacks, (2) The synthesis of novel distributed attack-resilient control algorithms to deal with network attacks, (3) The design of estimation algorithms to detect malware attacks on vehicles, and computationally efficient algorithms which allow clean vehicles to avoid the collision with the vehicles compromised by malware, and (4) The validation of the cost-effectiveness of the proposed distributed attack-resilient control framework via a principled systematic evaluation plan.

The research findings profoundly impact CPS security of a variety of engineering disciplines beyond unmanned-vehicle-operator networks, including smart grid, smart buildings and intelligent transportation systems. The proposed research is interdisciplinary and involves interactions among security, control, distributed algorithms and robotics. This will lead to educational and training opportunities that cross traditional disciplinary boundaries for high-school, undergraduate and graduate students in STEM.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 47)
C. Cao, L. Guan, N. Zhang, N. Gao, J. Lin, B. Luo, P. Liu, J. Xiang, and W. Lou "CryptMe: Data leakage prevention for unmodified programs on ARM devices" International Symposium on Research in Attacks, Intrusions and Defenses , 2018
C. Tian, Y. Wang, P. Liu, Q. Zhou and C. Zhang "IM-Visor: A Pre-IME Guard to Prevent IME Apps from Stealing Sensitive Keystrokes" Cybersecurity , v.1 , 2018
C. Zhang, Y. Wang, P. Liu, T. Lin, L. Luo, Z. Yu, and X. Zhuo "PMViewer: A Crowdsourcing Approach to Fine-Grained Urban PM2.5 Monitoring in China" IEEE International Conference on Mobile Ad Hoc and Sensor Systems , 2017
D. Jha, M. Zhu and A. Ray "Game theoretic controller synthesis for multi-robot motion planning - Part II : Policy based algorithms" The 5th IFAC Workshop on Distributed Estimation and Control in Networked Systems , 2015
D. Jha, M. Zhu, Y. Wang and A. Ray "Data-driven anytime algorithms for motion planning with safety guarantees" American Control Conference , 2016
D. Liang, P. Liu, J. Xu, P. Chen, and Q. Zeng "Dancing with Wolves: Towards Practical Event-driven VMM Monitoring" ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments , 2017
D. Tian, X. Xiong, C. Hu and P. Liu "A Policy-Centric Approach to Protecting OS Kernel from Vulnerable LKMs" Software: Practice and Experience Journal , 2018
H. Huang, C. Zheng, J. Zeng, W. Zhou, S. Zhu, P. Liu, S. Chari, and C. Zhang "Android Malware Development on Public Malware Scanning Platforms: A Large-scale Data-driven Study" IEEE International Conference on Big Data , 2016
H. Kim, P. Guo, M. Zhu and P. Liu "On attack-resilient estimation of switched nonlinear cyber-physical systems" American Control Conference , 2017
J. Huang, J. Xu, X. Xing, P. Liu and K. Qureshi "FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware" ACM Conference on Computer and Communications Security , 2017
J. Ming, F. Zhang, D. Wu, P. Liu, and S. Zhu "Deviation-Based Obfuscation-Resilient Program Equivalence Checking with Application to Software Plagiarism Detection" IEEE Transactions on Reliability , 2016
(Showing: 1 - 10 of 47)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Cyber-physical systems (CPS) integrate information and communications technology (ICT) systems into physical systems. Inherent vulnerabilities of ICT systems impose significant security threats on CPS. Existing cyber defenses alone are not sufficient to secure CPS. For example, existing intrusion detection systems (IDS) cannot detect attacks launched from physical channels; e.g., GPS spoofing, since no abnormal cyberspace behavior is triggered and captured. In addition, existing cyber defenses do not provide intrusion responses for physical systems against cyberattacks.

 

In this project, we developed control-theoretic approaches to complement existing cyber defenses. In particular, we developed a set of algorithms for intrusion detection of linear and nonlinear dynamic systems subject to sensor attacks, actuator attacks and switching attacks. The proposed algorithms can detect occurrence of attacks, localize the attacks and further correctly estimate states and mode of dynamic systems as well as actions of attackers. Estimation errors and stability were formally analyzed using Lyapunov theory and information theory.

 

We implemented the developed control-theoretic IDS on two types of mobile robots and evaluated detection performance against various misbehavior scenarios, including signal interference, sensor spoofing, logic bomb and physical jamming. Both evaluations showed less than 3% of false positive rate and less than 1% of false negative detection rate on average. Detection delays remained within an average of 0.40s. In addition, we developed a collaborative IDS for detection of sensor and actuator attacks in connected urban vehicles. The IDS fuses local sensing information and that from nearby vehicles to enhance detection capabilities. We implemented a prototype detection system on a scaled autonomous vehicle testbed and evaluated the system regarding the effectiveness under different attacks launched through multiple attack channels. The experimental results demonstrated detection capabilities under destructive attack cases when all sensors in a vehicle were compromised.

 

Besides IDS, we developed attack-resilient distributed formation control algorithms for vehicle-operator networks against denial-of-service attacks and replay attacks. We showed that input and state constraints were always enforced, and desired formation can be asymptotically achieved provided that the union of communication graphs between operators satisfied certain connectivity assumption.

 

To summarize, this project leveraged control theory to develop holistic and provably correct algorithms for intrusion detection and response against cyberattacks on CPS. The developed results are applicable to many engineering systems, including self-driving cars, mobile robots, smart grid, smart buildings and intelligent transportation systems.


Last Modified: 09/28/2019
Modified by: Minghui Zhu

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top