Digital Twin Based Topology Fingerprinting for Detecting False Data Injection Attacks in Cyber-Physical Systems

Abstract

A Cyber-Physical System (CPS) employs interconnected sensing and actuation modules and applies distributed control strategies. With the major advances in communication technology, the CPS design methodology is getting broadly adopted, including in safety and mission-critical applications. The incorporation of digital twins within a CPS facilitates localized decision-making by the individual control modules within the system in a timely manner without risking stability and performance. However, cyberattacks could be detrimental when false data is injected to degrade the accuracy of the underlying digital twins so that a CPS module takes non-optimal or even risky action that causes application failure. This paper proposes a novel approach for detecting such an attack scenario through a combination of a predictive data model and a topology fingerprinting scheme. Specifically, we employ a recurrent neural network (RNN) to predict the next state (data) for the individual modules and use it to reason about the periodic updates provided by these modules. Then, we apply a data-driven fingerprinting scheme that characterizes the inter-module interaction to infer and classify anomalies based on the module-provided data. The validation results using a dataset of a smart power grid application demonstrate the effectiveness of our approach.