Aditya Mathur

Aditya Mathur
Purdue University, and Singapore University of Technology and Design · Purdue: Computer Science. SUTD: Information Systems Technology and Design

PhD

About

268
Publications
106,018
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
10,187
Citations
Additional affiliations
June 2012 - present
Purdue University and SUTD
Position
  • Professor (Full)
Description
  • Courses taught and teaching evaluations since 1985, visit: http://www.cs.purdue.edu/homes/apm/Vita.pdf

Publications

Publications (268)
Conference Paper
The detection of process anomalies is a critical step in defending a physical plant against cyber-attacks. We propose a framework named DRACE that includes a set of metrics to evaluate the effectiveness of anomaly detectors, referred to as Intrusion Detection Systems (IDS). Different from those used in the literature, the proposed metrics are desig...
Article
Full-text available
Extended Abstract: GURU is an integrated platform for instructors to help them deliver an engaging active learning experience for students either in an in-person lab environment or via a remote online classroom. A subset of GURU, called GURU CPS, is applied in the field of Operational Technology (OT) cyber-physical systems (CPS) with the help of sp...
Chapter
We recommend three architectural choices which should contribute to a more effective defense of cyber-physical systems in general and industrial control systems in particular: mixed reality solutions for a more effective control and response, a zero trust architecture that mitigates human fallacies, and automated defense systems based on a security...
Article
A digital twin is a virtual system designed to reproduce the operation of a physical object. This work describes the architecture, deployment, and use of a reconfigurable digital twin to support research, education, and training in cybersecurity in the context of Industrial Control Systems.
Conference Paper
This paper explores the objectives, tactics, and strategies for identifying, planning, conducting, and evaluating an international cyber-physical exercise (CPX). The goal of a CPX is to improve defense capabilities for defending national critical infrastructure via global coordination. Lessons about CPX have been derived from a series of annual cyb...
Preprint
Full-text available
Methods from machine learning are being applied to design Industrial Control Systems resilient to cyber-attacks. Such methods focus on two major areas: the detection of intrusions at the network-level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physi...
Article
Industrial Control Systems (ICS) in public infrastructure, such as water treatment and distribution plants, have become a target of sophisticated cyber-attacks. Given the ever-present insider and other threats in such systems, there is a need to deploy mechanisms for defense and incidence response beyond the traditional. In this work we present AIC...
Article
Methods from machine learning are used in the design of secure Industrial Control Systems. Such methods focus on two major areas: detection of intrusions at the network level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physical behavior of the system...
Article
The rise in attacks on Industrial Control Systems (ICS) makes it imperative for the anomaly detection mechanisms (ADMs) to be complete with respect to a set of attacks. In this work, a method is proposed to create and launch simulated attacks on ICS. In the proposed method, referred to as ICS Resilience (ICSRes), attacks are generated using a tool...
Article
A method referred to as PbNN is proposed to detect cyber-physical attacks through the identification of resulting anomalies in the process dynamics of the underlying ICS. Unlike existing anomaly detectors based on an abstract knowledge acquired from operational data, PbNN utilizes the design knowledge of ICS to learn the complex relationships among...
Article
Full-text available
Modern critical infrastructure, such as a water treatment plant, water distribution system, and power grid, are representative of Cyber Physical Systems (CPSs) in which the physical processes are monitored and controlled in real time. One source of complexity in such systems is due to the intra-system interactions and inter-dependencies. Consequent...
Article
Full-text available
Gradual increase in the number of successful attacks against Industrial Control Systems (ICS) has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies. Towards this end, a class of anomaly detectors, created using data-centric approaches, are gaining attention. Using machine learnin...
Conference Paper
Adversarial learning is used to test the robustness of machine learning algorithms under attack and create attacks that deceive the anomaly detection methods in Industrial Control System (ICS). Given that security assessment of an ICS demands that an exhaustive set of possible attack patterns is studied, in this work, we propose an association rule...
Article
There exist several process-based anomaly detectors for Industrial Control Systems (ICS). Often such detectors are built using Machine learning (ML) algorithms that do not take explicit advantage of the design knowledge of the plant under control. Such detectors are considered as physics unaware. In this paper, we present the outcome of a series of...
Preprint
Full-text available
Adversarial learning is used to test the robustness of machine learning algorithms under attack and create attacks that deceive the anomaly detection methods in Industrial Control System (ICS). Given that security assessment of an ICS demands that an exhaustive set of possible attack patterns is studied, in this work, we propose an association rule...
Chapter
Critical Infrastructure (CI), such as electric power generation and water treatment plants, are susceptible to attacks that lead the underlying physical process to deviate from its expected behaviour. Such deviations create process anomalies that may result in undesirable consequences. Anomaly detectors are installed in CI to detect process anomali...
Article
A cyber attack on a water or power system may lead to a process anomaly. Several methods have been proposed to detect such anomalies. An obvious and implicit assumption that underlies anomaly detection is that the detection occurs after the process moves into an anomalous state. While such detection is necessary during plant operation, it may not b...
Preprint
Full-text available
Programmable Logic Controllers (PLCs) are a core component of an Industrial Control System (ICS). However, if a PLC is compromised or the commands sent across a network from the PLCs are spoofed, consequences could be catastrophic. In this work, a novel technique to authenticate PLCs is proposed that aims at raising the bar against powerful attacke...
Chapter
Industrial Control Systems encompass supervisory systems (SCADA) and cyber-physical components (sensors/actuators), which are typically deployed in critical infrastructure to control physical processes. Their interconnectedness and controllability leaves them vulnerable to cyber-physical attacks which could have detrimental impacts on the safety, s...
Article
Full-text available
Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-components in an ICS leads to ease of operations and maintenance, it renders the system under control...
Article
Industrial Control Systems (ICS) are found in critical infrastructure, such as, water treatment plants and oil refineries. ICS are often the target of cyber-attacks leading to undesirable consequences. It is essential to detect process anomalies resulting from such attacks before appropriate defensive actions are considered. In this work, a deep au...
Article
Early and accurate anomaly detection in critical infrastructure (CI), such as water treatment plants and electric power grid, is necessary to avoid plant damage and service disruption. Several machine learning techniques have been employed for the design of an effective anomaly detector in such systems. However, threats such as from insiders and st...
Chapter
A Cyber Physical System (CPS) consists of cyber components for computation and communication, and physical components such as sensors and actuators for process control. These components are networked and interact in a feedback loop. CPS are found in critical infrastructure such as water distribution, power grid, and mass transportation. Often these...
Article
Full-text available
For our everyday life, we are dependent on critical infrastructures, for example, water treatment systems, waste management plants, energy systems, autonomous transport, and communication systems. These systems are much more connected with each other, with people, and with the devices on the internet, than they used to be in the past. If not enough...
Conference Paper
Full-text available
The rise in attacks on Industrial Control Systems (ICS) make it imperative for the anomaly detection mechanisms (ADMs) to be robust and complete. We propose a novel approach, ICS Resilience (ICSRes), to generate and model attacks on ICS with the implementation of the A6 attack launch tool suite to assess the robustness and completeness of ADMs. The...
Article
Full-text available
Electric power supply is an essential component for several sectors including manufacturing, healthcare, building management, water distribution, and transportation systems. Hence, any interruption in electric power is likely to have an undesirable impact on the overall operation of any residential or commercial ecosystem. The serious impacts of po...
Article
A cyber attack launched on a critical infrastructure (CI), such as a power grid or a water treatment plant, could lead to anomalous behavior. There exist several methods to detect such behavior. This paper reports on a study conducted to compare two methods for detecting anomalies in CI. One of these methods, referred to as design-centric, generate...
Chapter
Full-text available
The availability of high-quality benchmark datasets is an important prerequisite for research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test novel models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. In this p...
Chapter
Supervisory Control and Data Acquisition (SCADA) systems forms a vital part of any critical infrastructure. Such systems are network integrated for remote monitoring and control making them vulnerable to intrusions by malicious actors. Such intrusions may lead to anomalous behavior of the underlying physical process. This work presents a Probabilis...
Article
Distributed anomaly detectors are deployed in critical infrastructure to raise alerts when the underlying plant deviates from its expected behaviour. A novel method, referred to as SCM, that uses well defined state and command mutation operators, is proposed to test such detectors prior to their deployment. Cyber-attacks, each modelled as a timed-a...
Conference Paper
Full-text available
The availability of high-quality benchmark datasets is an important prerequisite for both research and education in the cyber security domain. Datasets from realistic systems offer a platform for researchers to develop and test advanced models and algorithms. Such datasets also offer students opportunities for active and project-centric learning. I...
Article
Industrial Control Systems (ICS) are the backbone of critical infrastructure found in power, water, manufacturing and other industries. An ICS controls a physical plant through the use of sensors and actuators. A Historian sits on a plant network and receives, parses, and saves data and commands transmitted over the network, across the Programmable...
Preprint
Full-text available
Electric power supply is an essential component for several sectors including manufacturing, healthcare, building management, water distribution, and transportation systems. Hence, any interruption in electric power is likely to have an undesirable impact on the overall operation of any residential or commercial ecosystem. The serious impacts of po...
Preprint
Full-text available
A Cyber Physical System (CPS) consists of cyber components for computation and communication, and physical components such as sensors and actuators for process control. These components are networked and interact in a feedback loop. CPS are found in critical infrastructure such as water distribution, power grid, and mass transportation. Often these...
Article
A particularly good software testing strategy is to achieve the underlying testing goal while solving the problems of tradeoffs between testing effectiveness and efficiency. To improve the fault detection effectiveness of software testing, the principle of feedback control theory was adopted, which motivated the proposal of dynamic random testing (...
Article
Critical infrastructure (CI), such as systems for water treatment, water distribution, power generation and distribution, is vital for the well being of a society. Such systems are typically large, complex, and interconnected. A cyber-attack on one such system could affect the other. In this work, a generic agent-based framework is proposed to aid...
Chapter
Testbeds that realistically mimic the operation of critical infrastructure are of significant value to researchers. One such testbed, named Electrical Power and Intelligent Control (EPIC), is described in this paper together with examples of its use for research in the design of secure smart-grids. EPIC includes generation, transmission, smart home...
Conference Paper
Full-text available
Testbeds that realistically mimic the operation of critical infrastructure are of signi�cant value to researchers. One such testbed, named Electrical Power and Intelligent Control (EPIC), is described in this paper together with examples of its use for research in the design of secure smart-grids. EPIC includes generation, transmission, smart home,...
Article
The rise in attempted and successful attacks on critical infrastructure, such as power grid and water treatment plants, has led to an urgent need for the creation and adoption of methods for detecting such attacks often launched either by insiders or state actors. This paper focuses on one such method that aims at the detection of attacks that comp...
Preprint
Full-text available
The rise in attempted and successful attacks on critical infrastructure, such as power grid and water treatment plants, has led to an urgent need for the creation and adoption of methods for detecting such attacks often launched either by insiders or state actors. This paper focuses on one such method that aims at the detection of attacks that comp...
Preprint
Full-text available
A hackfest named SWaT Security Showdown (S3) has been organized consecutively for two years. S3 has enabled researchers and practitioners to assess the effectiveness of methods and products aimed at detecting cyber attacks launched in real-time on an operational water treatment plant, namely, Secure Water Treatment (SWaT). In S3 independent attack...
Conference Paper
Full-text available
Industrial Control Systems (ICS) such as water and power are critical to any society. Process anomaly detection mechanisms have been proposed to protect such systems to minimize the risk of damage or loss of resources. In this paper, a graphical model-based approach is proposed for profiling normal operational behavior of an operational ICS referre...
Conference Paper
An attack detection scheme is proposed to detect data integrity attacks on sensors in Cyber-Physical Systems (CPSs). A combined fingerprint for sensor and process noise is created during the normal operation of the system. Under sensor spoofing attack, noise pattern deviates from the fingerprinted pattern enabling the proposed scheme to detect atta...
Conference Paper
Critical infrastructure are Cyber-Physical Systems that provide essential services to the society. Such infrastructure includes plants for power generation and distribution and for water treatment and distribution. Several such plants operate under a high availability constraint. In the presence of ever increasing cyber attacks, as demonstrated by...
Article
Full-text available
A hackfest named SWaT Security Showdown (S 3) has been organized consecutively for two years. S 3 has enabled researchers and practitioners to assess the effectiveness of methods and products aimed at detecting cyber attacks launched in real-time on an operational water treatment plant, namely, Secure Water Treatment (SWaT). In S 3 independent atta...
Article
Full-text available
An Orthogonal Defense Mechanism (ODM) was designed and implemented to improve the detection of cyber attacks on an operational water treatment plant (WTreat). Successive design iterations led to an architecture that was prototyped and experimentally evaluated. ODM unobtrusively monitors WTreat using an independent network and gathers data from mult...
Article
Full-text available
In recent years fingerprinting of various physical and logical devices has been proposed with the goal of uniquely identifying users or devices of mainstream IT systems such as PCs, Laptops and smart phones. On the other hand, the application of such techniques in Cyber-Physical Systems (CPS) is less explored due to various reasons, such as difficu...
Conference Paper
This paper presents a dataset to support research in the design of secure Cyber Physical Systems (CPS). The data collection process was implemented on a six-stage Secure Water Treatment (SWaT) testbed. SWaT represents a scaled down version of a real-world industrial water treatment plant producing 5 gallons per minute of water filtered via membrane...
Conference Paper
A Six-Step Model (SSM) is proposed for modeling and analysis of Cyber-Physical System (CPS) safety and security. SSM incorporates six dimensions (hierarchies) of a CPS, namely, functions, structure, failures, safety countermeasures, cyber-attacks, and security countermeasures. The inter-dependencies between these dimensions are defined using a set...
Conference Paper
Process anomaly is used for detecting cyber-physical attacks on critical infrastructure such as plants for water treatment and electric power generation. Identification of process anomaly is possible using rules that govern the physical and chemical behavior of the process within a plant. These rules, often referred to as invariants, can be derived...
Article
Several methods have been proposed by researchers to detect cyber attacks in Cyber-Physical Systems (CPSs). This paper proposes a comprehensive approach for conducting experiments to assess the effectiveness of such methods in the context of a robot (Amigobot) that includes both cyber and physical components. The proposed approach includes a method...
Conference Paper
Full-text available
An experiment was conducted to investigate network jamming attacks on an Industrial Control Systems. The Secure Water Treatment (SWaT) system was chosen to perform the experiments. Jamming attacks were launched on SWaT using software defined radio. Attacks were designed to meet attacker objectives selected from a Cyber Physical Systems specific att...
Conference Paper
The architecture of a water distribution testbed (WADI), and on-going research in the design of secure water distribution system is presented. WADI consists of three stages controlled by Programmable Logic Controllers (PLCs) and two stages controlled via Remote Terminal Units (RTUs). Each PLC and RTU uses sensors to estimate the system state and th...
Conference Paper
A framework (SecWater) to assist in the design of secure water treatment plants is presented. SecWater enables plant designers to secure the entire Supervisory Control and Data Acquisition (SCADA) infrastructure using multi-layer security. The framework consists of seven layers labeled SL0 through SL6. Layer SL0 provides the first line of defense a...
Conference Paper
Full-text available
Effectiveness of seven methods for detecting stealthy attacks on Cyber Physical Systems (CPS) was investigated using an experimental study. The Amigobot robot was used as the CPS. The experiments were conducted in simulation as well as on the physical robot. Three types of stealthy attacks were implemented: surge, bias, and geometric. Two variation...
Conference Paper
A Six-Step Model (SSM) is proposed for modeling and analysis of Cyber-Physical System (CPS) safety and security. SSM incorporates six dimensions (hierarchies) of a CPS, namely, functions, structure, failures, safety countermeasures, cyber-attacks, and security countermeasures. The inter-dependencies between these dimensions are de�ned using a set o...
Conference Paper
Full-text available
This paper presents a dataset to support research in the design of secure Cyber Physical Systems (CPS). The data collection process was implemented on a six-stage Secure Water Treatment (SWaT) testbed. SWaT represents a scaled down version of a real-world industrial water treatment plant producing 5 gallons per minute of water filtered via membrane...
Article
Argus, a framework for defending a public utility against cyber-physical attacks, contains intelligent checkers that use invariants derived from the physical and chemical interactions among various components and products of a utility. An Argus implementation is independent of the traditional layered defense that employs firewalls and other network...
Conference Paper
An attacker model is proposed for Cyber Physical Systems (CPS). The attack models derived from the attacker model are used to generate parameterized attack procedures and functions that target a specific CPS. The proposed models capture both physical and cyber attacks and unify a number of existing attack models into a common framework useful for r...
Conference Paper
An experimental investigation was undertaken to assess the e�effectiveness of process invariants in detecting cyber-attacks on an Industrial Control System (ICS). An invariant was derived from one selected sub-process and coded into the corresponding controller. Experiments were performed each with an attack selected from a set of three stealthy at...
Conference Paper
Full-text available
A distributed detection method is proposed to detect single stage multi-point attacks on a Cyber Physical System (CPS). Such attacks aims at compromising two or more sensors or actuators at any one stage of a CPS and could totally compromise a controller and disable it from detecting the attack. However, as demonstrated in this work, using the flow...
Conference Paper
An approach to analyzing the security of a cyber-physical system (CPS) is proposed, where the behavior of a physical plant and its controller are captured in approximate models, and their interaction is rigorously checked to discover potential attacks that involve a varying number of compromised sensors and actuators. As a preliminary study, this a...
Article
An approach to analyzing the security of a cyber-physical system (CPS) is proposed, where the behavior of a physical plant and its controller are captured in approximate models, and their interaction is rigorously checked to discover potential attacks that involve a varying number of compromised sensors and actuators. As a preliminary study, this a...
Conference Paper
This paper presents the SWaT testbed, a modern industrial control system (ICS) for security research and training. SWaT is currently in use to (a) understand the impact of cyber and physical attacks on a water treatment system, (b) assess the effectiveness of attack detection algorithms, (c) assess the effectiveness of defense mechanisms when the s...
Conference Paper
An experiment was conducted on a water treatment plant to investigate the effectiveness of using Kalman filter based attack detection schemes in a Cyber Physical System (CPS). Kalman filter was implemented with Chi-Square detector. Random, stealthy bias, and replay attacks were launched and results analysed. Analysis indicates that stealthy false d...
Conference Paper
Existing methodologies for the design of complex public infrastructure are effective in creating efficient systems such as for water treatment, electric power grid, and transportation. While such methodologies and the associated design tools account for potential component and subsystem failures, they generally ignore the cyber threats; such threat...
Chapter
Existing methodologies for the design of complex public infrastructure are effective in creating efficient systems such as for water treatment, electric power grid, and transportation. While such methodologies and the associated design tools account for potential component and subsystem failures, they generally ignore the cyber threats; such threat...
Conference Paper
A novel technique for detecting multi-point attacks on an Industrial Control System (ICS) is described. The technique, referred to as Intermittent Control Actions (ICA), sends control signals intermittently to selected components to monitor the system using a process invariant. ICA was assessed experimentally for its effectiveness in an operational...
Conference Paper
An experimental investigation was undertaken to understand the impact of single-point cyber attacks on a Secure Water Treatment (SWaT) system. Cyber attacks were launched on SWaT through its SCADA server that connects to the Programmable Logic Controllers (PLCs) that in turn are connected to sensors and actuators. Attacks were designed to meet atta...
Conference Paper
Full-text available
An agent-based framework is presented to model and analyze physical and cyber attacks on Cyber Physical Systems (CPS). In the first phase of a two phase procedure embedded in the framework, a CPS is modelled using State Condition Graphs (SCGs) representing the structural relations among various cyber and physical components. In the second phase, SC...