Cyber-Physical Attack Detector for Buildings

Project Overview

Malicious actors continuously seek sophisticated ways to attack Industrial Control Systems, as demonstrated by high-profile incidents such as Stuxnet and the Ukraine power-grid cyberattack. Traditional Network Traffic Analysis methods struggle to detect these threats because attackers can manipulate sensor readings while maintaining control of connected devices. This project, funded through a GCHQ fellowship, develops a secondary low-cost IoT sensor network that uses multi-sensor data and deep learning to identify anomalies based on physical behaviour observations. CASPER for buildings equips facilities with an independent IoT sensor kit that observes temperature, vibration, motion, and other environmental cues. The secondary network operates on separate protocols such as Bluetooth and ZigBee, creating an air-gapped layer of protection that is isolated from the primary control infrastructure.

By keeping the sensing network separate from primary control channels, the system can flag suspicious activity even when attackers spoof original telemetry or silence smart plugs. This independent layer adds a resilient protection mechanism to smart building infrastructure, ensuring that physical anomalies are detected regardless of whether the primary network has been compromised.

The project has produced open datasets, anomaly detection pipelines, and reconfigurable sensor toolkits. These resources enable researchers and building operators to deploy context-aware cyber-physical monitoring in diverse built environments, advancing the state of the art in layered security for smart buildings and industrial facilities.

Team

Charith Perera

Funding

Government Communications Headquarters (GCHQ) Provides signals intelligence and information assurance for the UK government and armed forces.

Partners

The Landing MediaCityUK technology incubator offering labs, maker spaces, and community support.

Outcomes