Cyber-Physical Attack Detector for Buildings
Project Overview
Malicious actors continuously seek sophisticated ways to attack Industrial Control Systems, as demonstrated by high-profile incidents such as Stuxnet and the Ukraine power-grid cyberattack. Traditional Network Traffic Analysis methods struggle to detect these threats because attackers can manipulate sensor readings while maintaining control of connected devices. This project, funded through a GCHQ fellowship, develops a secondary low-cost IoT sensor network that uses multi-sensor data and deep learning to identify anomalies based on physical behaviour observations. CASPER for buildings equips facilities with an independent IoT sensor kit that observes temperature, vibration, motion, and other environmental cues. The secondary network operates on separate protocols such as Bluetooth and ZigBee, creating an air-gapped layer of protection that is isolated from the primary control infrastructure.
By keeping the sensing network separate from primary control channels, the system can flag suspicious activity even when attackers spoof original telemetry or silence smart plugs. This independent layer adds a resilient protection mechanism to smart building infrastructure, ensuring that physical anomalies are detected regardless of whether the primary network has been compromised.
The project has produced open datasets, anomaly detection pipelines, and reconfigurable sensor toolkits. These resources enable researchers and building operators to deploy context-aware cyber-physical monitoring in diverse built environments, advancing the state of the art in layered security for smart buildings and industrial facilities.
Team
Funding
Repositories
cyphy-radar
Toolkit for detecting cyber attacks in smart buildings using secondary IoT sensors. Offers time-series conversion, multi-device data extraction, cleaning, scaling and reduction utilities, visualization, and model training with CNNs, RNNs, One-Class SVM and Isolation Forest.
casper-shield-research
CasperShield: Cyber-Physical Behavioural Anomaly Detection in Smart Homes — Research Monorepo
casper-shield-app
CasperShield: Smart Home Security Mobile App (Flutter) + Simulator
trace-loom
Context-aware pattern capability platform for discovering, comparing, annotating, compiling, and deploying pattern-of-life intelligence from temporal data streams. Full-stack pipeline with 15 algorithms, edge compilation (Pi/ESP32/Cloud), and interactive pattern registry. FastAPI, React, D3.js, PyTorch, Docker.
node-red-contrib-ble-sense
Node-RED nodes for Bluetooth Low Energy devices. Offers BLE Scanner to discover peripherals and BLE Connect to subscribe to their services. Works with boards like Arduino Nano 33 BLE Sense. Includes example sketch and Node-RED flows.