Over the past few decades, important innovations in different fields such as aerospace, automotive, energy or healthcare, were made possible by the integration of the physical and digital worlds. However, the proliferation of Cyber-Physical Systems (CPSs) in our daily lives introduces new vulnerabilities and security threats. In response, cyber-security has emerged as a critical challenge that we aim at investigating in this thesis. We focus specifically on Networked Control Systems (NCSs) and we analyze them in a scenario in which there are replay attacks threatening their integrity. Among the possible mitigation strategies against this type of cyber-attack, we provide two different approaches to their detection. For the first one we adopt a system-theoretic perspective and implement a detection mechanism based on the knowledge of the system under attack. The resulting anomaly detector, implemented for replay attack detection, is programmed to recognize any behavior of the system that deviates from the expected one. Conversely, the second approach is entirely data-driven, requiring no prior knowledge of the system dynamics. Here we employ for attack detection a machine learning model that is not explicitly programmed but continuously refines its structure by learning essential information from available data sources. Our study culminates in a comprehensive comparative analysis of these two methodologies, assessing their effectiveness in detecting replay attacks.
Over the past few decades, important innovations in different fields such as aerospace, automotive, energy or healthcare, were made possible by the integration of the physical and digital worlds. However, the proliferation of Cyber-Physical Systems (CPSs) in our daily lives introduces new vulnerabilities and security threats. In response, cyber-security has emerged as a critical challenge that we aim at investigating in this thesis. We focus specifically on Networked Control Systems (NCSs) and we analyze them in a scenario in which there are replay attacks threatening their integrity. Among the possible mitigation strategies against this type of cyber-attack, we provide two different approaches to their detection. For the first one we adopt a system-theoretic perspective and implement a detection mechanism based on the knowledge of the system under attack. The resulting anomaly detector, implemented for replay attack detection, is programmed to recognize any behavior of the system that deviates from the expected one. Conversely, the second approach is entirely data-driven, requiring no prior knowledge of the system dynamics. Here we employ for attack detection a machine learning model that is not explicitly programmed but continuously refines its structure by learning essential information from available data sources. Our study culminates in a comprehensive comparative analysis of these two methodologies, assessing their effectiveness in detecting replay attacks.
Model-based vs data-driven approaches to the detection of cyber-attacks
MEROI, LAURA
2022/2023
Abstract
Over the past few decades, important innovations in different fields such as aerospace, automotive, energy or healthcare, were made possible by the integration of the physical and digital worlds. However, the proliferation of Cyber-Physical Systems (CPSs) in our daily lives introduces new vulnerabilities and security threats. In response, cyber-security has emerged as a critical challenge that we aim at investigating in this thesis. We focus specifically on Networked Control Systems (NCSs) and we analyze them in a scenario in which there are replay attacks threatening their integrity. Among the possible mitigation strategies against this type of cyber-attack, we provide two different approaches to their detection. For the first one we adopt a system-theoretic perspective and implement a detection mechanism based on the knowledge of the system under attack. The resulting anomaly detector, implemented for replay attack detection, is programmed to recognize any behavior of the system that deviates from the expected one. Conversely, the second approach is entirely data-driven, requiring no prior knowledge of the system dynamics. Here we employ for attack detection a machine learning model that is not explicitly programmed but continuously refines its structure by learning essential information from available data sources. Our study culminates in a comprehensive comparative analysis of these two methodologies, assessing their effectiveness in detecting replay attacks.File | Dimensione | Formato | |
---|---|---|---|
Master_thesis_Laura_final_pdfA.pdf
accesso riservato
Dimensione
7.01 MB
Formato
Adobe PDF
|
7.01 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/55462