
TuA06 Invited Session, PA 1.4 
Add to My Program 
Systems and Control Methods for Cybersecurity 


Chair: Paschalidis, Ioannis  Boston Univ. 
CoChair: Cassandras, Christos G.  Boston Univ. 
Organizer: Paschalidis, Ioannis  Boston Univ. 
Organizer: Cassandras, Christos G.  Boston Univ. 

10:0010:20, Paper TuA06.1  Add to My Program 
Network Anomaly Detection: A Survey and Comparative Analysis of Stochastic and Deterministic Methods (I) 
Wang, Jing  Boston Univ. 
Rossell, Daniel  Boston Univ. 
Cassandras, Christos G.  Boston Univ. 
Paschalidis, Ioannis  Boston Univ. 
Keywords: Computer networks, Optimization, Machine learning
Abstract: We present five methods to the problem of network anomaly detection. These methods cover most of the common techniques in the anomaly detection field, including Statistical Hypothesis Tests (SHT), Support Vector Machines (SVM) and clustering analysis. We evaluate all methods in a simulated network that consists of nominal data, three flowlevel anomalies and one packetlevel attack. Through analyzing the results, we point out the advantages and disadvantages of each method and conclude that combining the results of the individual methods can yield improved anomaly detection results.


10:2010:40, Paper TuA06.2  Add to My Program 
Hybrid Robust Controller Design: Cyber Attack Attenuation for CyberPhysical Systems 
Kwon, Cheolhyeon  Purdue Univ. 
Hwang, Inseok  Purdue Univ. 
Keywords: Robust adaptive control, Hybrid systems, Switched systems
Abstract: This paper considers controller design for CyberPhysical Systems (CPSs) that are robust to various types of cyber attacks. While the previous studies have investigated a secure control by assuming a specific attack strategy, in this paper we propose a hybrid robust control scheme that contains multiple subcontrollers, each matched to a specific type of cyber attacks. Then the system can be adapted to various cyber attacks (including those that are not assumed for subcontroller design) by switching its subcontrollers to achieve the best performance. We propose a method for designing the secure switching logic to counter all possible cyber attacks and mathematically verify the system's performance and stability as well. The performance of the proposed control scheme is demonstrated by an example with the hybrid H 2  H infinity controller applied to an Unmanned Aerial System (UAS).


10:4011:00, Paper TuA06.3  Add to My Program 
Fault Detection with DiscreteTime Measurements: An Application for the Cyber Security of Power Networks 
Tiniou, Erasmia Evangelia  ETH, Zurich 
Mohajerin Esfahani, Peyman  ETH Zurich 
Lygeros, John  ETH Zurich 
Keywords: Electrical power systems, Fault detection, Optimization algorithms
Abstract: This article concerns an application of a modelbased fault detection and isolation (FDI) method for the cyber security of power systems in a realistic framework, where the system dynamics are expressed in continuoustime, whilst system measurements are applied to an FDI filter in discretetime samples. Towards the development of a tractable approach for high dimensional nonlinear systems, an existing optimizationbased technique for residual generator design is reviewed. However, this requires that both system dynamics and measurements are in the same time scale, i.e., either continuous or discrete. To this end, we investigate different variants of discretetime modeling approaches for statespace systems, specifically tailored to meet the needs of the existing FDI filter design methodology. Finally,the efficiency and limitations of the presented scheme are illustrated through simulation results for a twoarea power system network, in which the objective is the diagnosis of a cyber attack at the Automatic Generation Control signal.


11:0011:20, Paper TuA06.4  Add to My Program 
Fundamental Limits of CyberPhysical Security in Smart Power Grids 
Zhao, Yue  Princeton Univ. 
Goldsmith, Andrea  Stanford Univ. 
Poor, H. Vincent  Princeton Univ. 
Keywords: Electrical power systems, Network analysis and control, Optimization
Abstract: Cyberphysical security of power systems under power injection attacks that alter generation and loads is studied. The system operator employs Phasor Measurement Units (PMUs) for detecting such attacks, while attackers devise attacks that are unobservable by such PMU networks. For the NPhard problem of finding the sparsest unobservable attacks, it is shown that the solution has a simple form with probability one, namely, min(k,M)+1, where k is the vertex connectivity of an augmented graph, and M is the number of PMUs. The constructive proof allows one to find the entire set of the sparsest unobservable attacks in polynomial time. Furthermore, the geometric interpretation of unobservable attacks leads to a natural characterization of their potential impacts. With optimized PMU deployment, the sparsest unobservable attacks and their potential impact as functions of the number of PMUs are evaluated numerically for IEEE 30, 57, 118, 300bus systems and Polish 2383, 2737, 3012bus systems. It is observed that, as more PMUs are added, the maximum potential impact among all the sparsest unobservable attacks drops quickly until it reaches the minimum sparsity.


11:2011:40, Paper TuA06.5  Add to My Program 
PerSe Privacy Preserving Solution Methods Based on Optimization (I) 
Weeraddana, Pradeep Chathuranga  KTH, Royal Inst. of Tech. 
Athanasiou, George  KTH Royal Inst. of Tech. 
Fischione, Carlo  Royal Inst. of Tech. 
Baras, John S.  Univ. of Maryland 
Keywords: Emerging control applications, Optimization, Distributed control
Abstract: Ensuring privacy is an essential requirement in various contexts, such as social networks, healthcare data, ecommerce, banks, and government services. Here, different entities coordinate to address specific problems where the sensitive problem data are distributed among the involved entities and no entity wants to publish its data during the solution procedure. Existing privacy preserving solution methods are mostly based on cryptographic procedures and thus have the drawback of substantial computational complexity. Surprisingly, little attention has been devoted thus far to exploit mathematical optimization techniques and their inherent properties for preserving privacy. Yet, optimization based approaches to privacy require much less computational effort compared to cryptographic variants, which is certainly desirable in practice. In this paper, a unified framework for transformation based optimization methods that ensure privacy is developed. A general definition for the privacy in the context of transformation methods is proposed. A number of examples are provided to illustrate the ideas. It is concluded that the theory is still in its infancy and that huge benefits can be achieved by a substantial development.


11:4012:00, Paper TuA06.6  Add to My Program 
Deployment and Exploitation of Deceptive Honeybots in Social Networks (I) 
Zhu, Quanyan  Univ. of Illinois, UrbanaChampaign 
Clark, Andrew  Univ. of Washington 
Poovendran, Radha  Univ. of Washington, Seattle 
Basar, Tamer  Univ. of Illinois, UrbanaChampaign 
Keywords: Optimization, Emerging control applications, Communication networks
Abstract: As social networking sites such as Facebook and Twitter are becoming increasingly popular, a growing number of malicious attacks, such as phishing and malware, are exploiting them. Among these attacks, social botnets have sophisticated infrastructure that leverages compromised user accounts, known as bots, to automate the creation of new social networking accounts for spamming and malware propagation. Traditional defense mechanisms are often passive and reactive to nonzeroday attacks. In this paper, we adopt a proactive approach for enhancing security in social networks by infiltrating botnets with honeybots. We propose an integrated system named SODEXO which can be interfaced with social networking sites for creating deceptive honeybots and leveraging them for gaining information from botnets. We establish a Stackelberg game framework to capture strategic interactions between honeybots and botnets, and use quantitative methods to understand the tradeoffs of honeybots for their deployment and exploitation in social networks. We design a protection and alert system that integrates both microscopic and macroscopic models of honeybots and optimally determines the security strategies for honeybots. We corroborate the proposed mechanism with extensive simulations and comparisons with passive defenses.
