A joint project of the Graduate School, Peabody College, and the Jean & Alexander Heard Library

Title page for ETD etd-02152018-170153

Type of Document Dissertation
Author Ghafouri, Amin
Author's Email Address amin.ghafouri@vanderbilt.edu
URN etd-02152018-170153
Title Resilient Anomaly Detection in Cyber-Physical Systems
Degree PhD
Department Computer Science
Advisory Committee
Advisor Name Title
Xenofon Koutsoukos Committee Chair
Abhishek Dubey Committee Member
Gabor Karsai Committee Member
Gautam Biswas Committee Member
Yevgeniy Vorobeychik Committee Member
  • anomaly detection
  • cyber-physical systems
  • resilient systems
  • game theory
  • regression-based detectors
  • machine learning
Date of Defense 2017-11-22
Availability unrestricted
Cyber-physical systems (CPS), such as autonomous automobile systems and process control systems, are mechanisms that deeply intertwine physical and software components. A resilient CPS is one that maintains an accepted level of operational normalcy in response to system faults and threats of unexpected and malicious nature. The focus of this dissertation is on improving resilience of CPS through design and evaluation of resilient anomaly detectors, which guarantee satisfactory performance even in the presence of worst-case faults and attacks. The contributions of the thesis address challenges in the design of resilient anomaly detectors by taking into consideration features of the physical system and the control and monitoring algorithms.

Detection thresholds of resilient anomaly detectors need to be configured properly to ensure detection performance while minimizing false alarms. Using a game-theoretic approach, our work formulates the problem of computing optimal detection thresholds which minimize both the number of false alarms and the probability of missing attacks. An efficient algorithm based on dynamic programming for solving the game and finding optimal detection thresholds is developed and analyzed. The approach is evaluated using a case study of contamination attacks in water networks.

To increase resilience against detection errors, a framework for application-aware anomaly detection is presented. The main objective is to configure an anomaly detector so that the performance loss of the application in the presence of detection errors is minimized. An efficient algorithm for finding the application-aware detector is proposed and analyzed. The results are evaluated using a case study of real-time control of traffic signals.

To improve resilience against malicious attackers, the problem of adversarial regression in CPS is investigated, where an adversary capable of perturbing the values of sensors attempts to drive a CPS to an unsafe state while remaining undetected. The problem is solved considering linear regression- and neural network regression-based detectors. Then, a resilient detector is presented that mitigates the impact of stealthy attacks through configuration of thresholds. The proposed approach is numerically evaluated using a case study of a process control system.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  ghafouri.pdf 3.42 Mb 00:15:49 00:08:08 00:07:07 00:03:33 00:00:18

Browse All Available ETDs by ( Author | Department )

If you have more questions or technical problems, please Contact LITS.