AI cyber threat in cyber physical systems.

Abstract

Modern societies have become increasingly reliant on information technology, where networked infrastructure constitutes a core component for enterprise operation. Moreover, cloud service providers have become prominent by offering inexpensive and reliable computation and storage resources on-demand. The conjunction of wirelessly-connected cyber-physical systems with powerful edge and cloud applications brings along a novel perspective for digitalization. Unfortunately, the criticality of these computation, communication, and storage platforms has also attracted cyber-criminals. Advances in artificial intelligence (AI) have even elevated the threat by increasing the attacker’s ability to perform more complex analyses. Understanding the behavior and ability of attackers will considerably improve the cyber defense strategies. In this dissertation, we investigate the impact of intelligent cyberattack and categorize them into: data privacy violation, security primitives modeling, vulnerability exploitation in data-driven security provisions, and inference of contextual information. We then devise a library of countermeasures that suit a variety of applications. The dissertation makes the following contributions: - We consider the exploitation of machine learning (ML) to violate privacy in wireless communication. Specifically, we assess the adversary’s ability to identify the critical network entities and perform traffic analysis through RF fingerprinting of the involved devices. We mitigate the threat using adversarial machine learning (AML) techniques that exploit protocol switching and beamforming to mislead the adversary. - We point out the potential use of ML techniques to model hardware security primitives. As a case study, we focus on a physically unclonable function (PUF) that enables lightweight device authentication. By modeling the PUF, an adversary can launch impersonation attacks. To counter such a threat, we develop an AML mechanism to introduce implicit uncertainty in the PUF output. - We highlight AI vulnerability exploitation in cybersecurity and focus on privacy preserving intrusion detection systems (IDS). We propose a robust collaborative IDS using federated learning to mitigate collusive malicious participants. - We show the adversary’s ability to perform critical measurement analysis in cyber physical systems. We develop a distributed ML-based mechanism to mitigate the state estimation inference and the possibility of unobservable attacks in smart grid systems. - In tele-health applications, an adversary may be able to infer critical patient’s data. We develop a framework for remote patient monitoring that supports authentication and non-repudiation. It incorporates both a data driven encryption key generation mechanism and Blockchain to allow secure caregiver and patient communication. - We demonstrate the ability of attackers to defeat firewalls and exploit cloud sessions. We promote a novel defense strategy through multi-observable analysis using continual trust monitoring to flag suspicious user sessions. - Finally, we consider collusive attack scenarios, where multiple malicious nodes collaborate to defeat the employed authentication mechanism and exploit vulnerabilities in intrusion detection systems.