Internet of Things Garage

Cyber-Physical Attack Detector for Buildings

Detecting Cyber Attacks Using Secondary IoT Sensors in Smart Buildings

Most Common Approach: Cyber-attacks on Industrial Control Systems (ICS) are monitored through traditional techniques such as Network Traffic Analysis (NTA). While we acknowledge the merit of NTA, more sophisticated attacks (example below) will evade NTA approaches by spoofing the readings from the sensors making ICS significantly vulnerable. Let us consider a scenario: if an attacker intends to overheat a system, they could alter the fan behaviour (e.g., speed). At the same time, the attacker may also maliciously control the connected temperature sensors to prevent reporting increased temperatures back to the control system, which leads to overheating.

To detect such sophisticated attacks, I propose to develop a secondary low-cost IoT sensor network which combines sensors data and state-of-the-art deep learning techniques to detect anomalies. Further, this secondary IoT sensors would use a secondary network (e.g., Bluetooth, ZigBee) and stay as an air-gapped system to reduced potential parallel attacks. For example, an unexpected fan shutdown might be detected through changes in temperature, or absence of noise where all parameters can be captured through sensors (i.e., physical observations).

This fellowship aims to explore how can we use low-cost multi-sensors (e.g., temperature, vibration, motion, etc.) to detect anomalies in a given environment to detect potential cyber attacks against ICS. Malicious actors always try to find sophisticated ways to carry-out attacks (e.g.Stuxnet, Ukraine, power-grid cyberattack). To prevent attacks that evade NTA, we aim to develop a secondary layer of protection based on physical behaviour to mitigate the weaknesses of NTA. It is important to note that our intention is not to ignore NTA based techniques. Instead, our objective is to add more resilient to BMS network by adding a secondary protection layer of security.


Team


Funding

Government Communications Headquarters (GCHQ)

Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom.


Partners

The Landing

The Landing @ MediaCity UK is workspace, community, business support, user testing labs, maker lab and events. The Landing is the technology enterprise incubator for high-growth companies at the heart of MediaCityUK.


Outcomes