A Survey of Network Attacks on Cyber-Physical Systems

A cyber-physical system (CPS) typically consists of the plant, sensors, actuators, the controller and a communication network. The communication network connects the individual components to achieve the computing and communication in the CPS. It also makes the CPS vulnerable to network attacks. How to deal with the network attacks in CPSs has become a research hotspot. This paper surveys the types of network attacks in CPSs, the intrusion detection methods and the attack defense strategies. The future research directions of CPSs network security are also presented.

communication network makes CPSs more vulnerable to network attacks. Some behaviors of a CPS may be changed due to network attacks, and then the CPS will reach an unsafe state that damages the system. The unsafe state will affect production processes and pose a threat to economic and society [17]- [19].
Recently, the problem of network attacks in CPSs has become a research hotspot. The problem of intrusion detection [20]- [22] and defense strategies in CPSs are reviewed in this paper. There are many works developing intrusion detection methods and defense strategies for specific types of network attacks [20], [21], [23]- [25], such as deception attacks, covert attacks and so on. The key point of defense strategies is to detect intrusions on-line and protect the system from damages by initiating a security module once an intrusion is detected.
In this paper, we classify network attacks in CPSs and review the work on intrusion detection and defense strategies. The content of the paper is organized as follows. In section 2, we talk about the classification of network attacks in CPSs. In Section 3, the development and classification of intrusion detection technologies are introduced. In section 4, several different network attack defense strategies are summarized and section 5 concludes this paper and gives the research directions in the future work.

II. CLASSIFICATION OF NETWORK ATTACKS
Typically, there are three types of network attacks on CPSs based on the framework in Fig. 1, i.e., network attacks on the perception execution layer, network attacks on the data transmission layer, and network attacks on the application control layer [15]. We introduce them in this section one after another.

A. NETWORK ATTACKS ON THE PERCEPTION EXECUTION LAYER
Perception execution layer is composed of various nodes like sensors and actuators, where the data from the physical components are collected and the commands from the control center are communicated. Most nodes at this layer are deployed in an unsupervised environment. Thus, they are easy to be the targets of an intruder.
The research on network attacks on the perception execution layer mainly focuses on the security issues of sensors and actuators. There are basically four types of network attacks on the perceptual execution layer, i.e., Actuator Enablement attacks (AE-attacks), Actuator Disablement attacks (AD-attacks), Sensor Erasure attacks (SE-attacks), and Sensor Insertion attacks (SI-attacks) [24]. Once a sensor or an actuator is attacked, the information from the plant or the instruction to be executed on the plant may be tampered with. As a result, an unsafe state may be reached that damages the system. There are other common attacks such as deception attacks, robust pole-dynamics attacks, covert attacks and robust attacks.

B. NETWORK ATTACKS ON THE DATA TRANSMISSION LAYER
Data transmission layer connects the perception execution layer and the application control layer to realize the goal of conveying information between these two layers. A communication network is the core bearer network of the data transmission layer. It mainly transmits data through communication networks such as the Internet, a private network, and a local area network. The diversity of communication network access methods and the complexity of network equipment and architecture will bring certain security threats to CPSs.
The layer also has the ability to process and manage massive information. Networks may be congested with a large number of data to be transmitted in the data transmission layer and then CPSs will be vulnerable to network attacks.
Although it is the most difficult for intruders to attack data transmission layer, after data transmission layer was successfully intruded, the intruder can freely change the information transmitted in attacked network channel. The Man-in-the-Middle Attack [26], as one of the most powerful network attacks on the data transmission layer, can observe, hide, create, and even change the information transmitted from one device to another in the communication channel [20]. In other words, for the attack to send fake data to any party, and then CPS will be driven into an unsafe state that damages the system.
The denial-of-service (DoS) [27]- [29] attack is a kind of resource depletion attack, which takes the advantage of the network protocols/software defects or sends a lot of useless requests to exhaust the resources of the attacked object. Finally, it makes the server or the communication networks fail to provide services [30].
In CPSs, a DoS attack uses the malicious program to consume the communication bandwidth to prevent the interaction of information between controllers and actuators. DoS attacks are mainly caused by malicious attacks. These attacks will cut off the connection between the actuator and the controller, then the controller cannot get the feedback information in time, thus the system will be out of control. A large number of invalid service requests will occupy routing and server resources [31], finally the performance becomes bad, even collapse. During a DoS attack, no messages are sent or received on the channel.

C. NETWORK ATTACKS ON THE APPLICATION CONTROL LAYER
Application control layer is made up of controllers and user applications. After receiving the information transmitted from the data transmission layer, the application control layer generates execution control commands after judgments, and feeds back them to the underlying physical unit of the perception execution layer through the data transmission layer, and then the actuators perform related operations.
Some applications in this layer will storage a large amount of user privacy data, such as the personal information and 44220 VOLUME 8, 2020 consumption habits of users. An intruder injects a script into the system maliciously or attacks a database, obtaining unauthorized access to the system and then making a serious impact on the application control layer. Once the application control layer is attacked, a lot of user privacy information can be leaked. At the same time, because a single defense strategy is difficult to meet requirements of multiple application systems, application control layer security faces huge challenges.
To our best knowledge, the research in the literature mainly focuses on network attacks at the perception execution layer and the data transmission layer. Thus, in the following two sections, we review intrusion detection methods and defense strategies for network attacks at the perception execution layer and the data transmission layer only.

III. INTRUSION DETECTION
Intrusion detection [32] is an important technology to guarantee the security of networks so that illegal operations launched by intruders such as attackers and hackers can be avoided via authentication identification.
The concepts of intrusion and intrusion detection were proposed by Anderson for the first time [33]. Denning [34] put forward the concept of real-time detection and a host-based intrusion detection model named Intrusion Detection Expert Systems (IDES). Lunt and Jagannathan [35] further improved the intrusion detection model proposing the idea of real-time detection independent system platform based on IDES.
Houbeilein et al. [36] developed a network-based intrusion detection system named Network Security Monitor (NSM), which directly used Network flows as the source of audit data for the first time. Since then, intrusion detection methods were divided into two types: host-based Intrusion Detection Systems (IDS) and network-based IDS. Some host-based IDS used the detection sequence of the server operating system as the main input source to detect intrusion behaviors; while most network-based IDS used monitoring network faults as the detection mechanism, but some used server-based detection modes and typical IDS static anomaly detection algorithm.
In the following two subsections, intrusion detection methods for network attacks at the perception execution layer and the data transmission layer are introduced in detail.

A. INTRUSION DETECTION ON PERCEPTION EXECUTION LAYER
Hoehn and Zhang [42] proposed a new method to detect cover attacks and zero dynamic attacks on CPSs. The previous attack strategies were very complex and required relying on sound system knowledge. In addition, the attack signals were completely invisible in sensor readings. As a result, common fault diagnosis systems had been unable to detect such attacks and trigger alerts. Hoehn et al. introduced a modulation matrix to the path of the control variable. The input behavior of the system was changed by modulation matrix, so the intruder lost sound knowledge of the system, and then cover attacks and zero dynamic attacks can be detected.
Carvalho et al. [24] adopted a model-based approach to accurately capture the impact of vulnerabilities and attacks on control systems. The model-based approach describes the unsafe behavior that is possibly induced by attackers and the resilience that the system defender wants to achieve. This method also allows the monitoring deviations of the attacked system from the normal system conduct. Their work complements the work on anomaly/intrusion detection [43]- [46].
Teng et al. [47] proposed a self-adaptive collaboration intrusion detection method based on 2-class support vector machines and decision trees. The collaborative and adaptive intrusion detection model was created and implemented using the Environments-classes, agents, roles, groups, and objects (E-CARGO) model and adaptive scheduling mechanisms are developed. The feasibility and efficiency of their proposed method are validated by experimental results.
When a CPS suffers from a stealthy attack, state estimation may be changed by injecting biased values into sensorcollected measurements. Acosta et al. [48] presented an approach of intrusion detection to detect stealthy attacks. The approach is based on an extremely randomized tree algorithm and kernel principal component analysis. It reduces the computational cost by dimensionality reduction but guarantees the feature of high accuracy.

B. INTRUSION DETECTION ON DATA TRANSMISSION LAYER
Zhengbing et al. [49] proposed a lightweight intrusion detection system that can detect intrusions in real time, efficiently and effectively. In their study, behavior profiles and data mining techniques were tools to detect coordinated attacks.
Lima et al. [20] developed an intrusion detection module that can detect man-in-the middle attacks. This module can prevent the system from arriving in an unsafe state by forcing managers to disable all controllable events of CPS after detecting the intrusion that would definitely lead system to lose resources.
By injecting spoofed null data or a power save-poll (PS-Poll) frame to a system, attacker who launches a power save denial of service (PS-Dos) attack to 802.11 networks will gain the buffered frames of the sleeping stations. Agarwal et al. [50] proposed a method based on real-time discrete event systems to detect PS-Dos attacks of 802.11 networks. This method has the characteristics of high accuracy and fast detection rate and overcomes the drawbacks of 802.11 networks. VOLUME 8, 2020

IV. DEFENSE STRATEGIES
Defense strategies are of great importance to the security of CPSs. Generally, we first detect network attacks in a CPS and then activate a corresponding defense strategy once a specific attack is detected.
The research on CPS network attacks is mostly based on the framework of discrete event systems (DESs). Some works use Petri nets to model and analyze CPSs. Petri nets as a mathematical tool has been used to handle many problems [51]- [60] in DESs. Others use finite state automata to model and analyze CPS, such as [61], [62]. Thorsley and Teneketzis [22] studied the intrusion detection of network attacks under DES framework and how to mitigate the damage caused by attacks. Attackers totally changed the set of enabled events ordered by the monitor. The main goal of the research was to design a monitor that can meet the specifications after abnormal operations and attacks.
This section introduces defense strategies against the attacks at the perception execution layer and the data transmission layer. Little research is about the defense strategies at the application control layer, which is thereby not detailed in this paper.

A. DEFENSE STRATEGIES AGAINST PERCEPTION EXECUTION LAYER ATTACKS 1) ATTACK ON SENSORS
Goes et al. [63] studied the security of CPSs. A general model to detect deception attacks was proposed. Deception attacks can change sensor readings and mislead the controller, with the purpose of inducing the CPS into an undesirable state. A new bipartite transfer structure was introduced, called the insertion-deletion structure (IDA), to capture the interaction between the system and the attacker. The IDA was a discrete transformation system and the foundation of the attack strategy synthesis problem. It can predict all possible actions of an attacker including some steady behaviors, and can predict which state the system will reach when the attacker toke different actions.
Meira-Goes et al. [64] also studied the synthesis of deception attacks by stealth sensors. The work [64] was based on the framework of a random DES, resulting in a broader class of attack strategies. Goes et al. studied the problem from the attacker's perspective and modeled the attack strategy as probabilistic automata. According to the possibility of the system reaching an unsafe state, they presented an optimal attack strategy.
Su [19] studied deception attacks under the framework of DES. After intercepting sensor readings from a target system, an attacker can arbitrarily alter them. The changed sensor readings would induce a given supervisor to issue an incorrect control command, which can drive the system to an undesirable state. First, a new concept of attack ability and attack under bounded sensor reading alterations (ABSRA) were presented. The system was modeled as a finite automaton. As long as the system model and a given supervisor can be modeled by a finite-state automaton, it was then shown that the optimal (or least restrictive) ABSRA existed and can be computed by a specific composition algorithm called ABSRA synthesis algorithm. Based on this algorithm, Su proposed a supervisor synthesis algorithm to ensure that the non-empty synthesized supervisor would remain ''robust'' to any ABSRA. A supervisor that is ABSRA-robust in the sense that any ABSRA will either be detectable or inflict no damage to the system. Jeon and Eun [65] studied a sensor attack named Robust Pole-dynamics Attack (RPDA) of CPSs. The RPDA can be built with limited knowledge of a target system and can stay stealthy until the attack succeeds. Specifically, the attack manifested itself by injecting faulty data into the sensor to undermine the stability of the feedback controller. The feedback controller instability would make the system unstable. When a unique nominal model of target dynamics was known, stealth can be retained by deploying a mechanism similar to the disturbance observer (DOB), which can be designed to absorb the effects of mismatches between nominal and actual dynamics until the attack was successful. The success of the attack depended on whether the system state exceeded the threshold. Sensor attacks using the dynamics of unstable systems had been studied before, and the generation of such attacks needed an accurate understanding of the stealth of the target system, in other words, the attack must completely eliminate the effects of instability at the sensor to avoid being detected. If not, the attack would be detected anomaly detection. In their work, the DOB mechanism was used to absorb the attack mismatch and the degree of absorption was selected to delay detection until the attack was successful. Therefore, this attack posed a more serious threat to the CPS than a conventional attack.
Yin [62] considered the problem of network attacks defense under the framework of Mealy automata. Under this framework, observable events can be observed only when the relevant sensors were working normally. Without any restrictive assumptions, the problem of monitor synthesis was addressed for security and non-blocking specifications. Yin proposed an approach based on mode-transformation method, which consisted of two stages. First, a transformation algorithm was proposed that transformed the non-blocking supervisor synthesis problem of Mealy automata into a conventional supervisor synthesis problem under partial observation. Then it was proved that a comprehensive supervisor for the converting problems can indeed solve the original problem.
Wakaiki et al. [66] considered the supervisory control problem of DES with multiple intruders. The goal of the supervisor was to enforce a specific language on the plant without knowing which the intruder was, regardless of the behavior of the intruder. They proposed a new concept of observability under attacks, which took into account the ability of attacker to change symbols. For replacement-removal attacks, a supervisor was constructed by a robust product automaton. Product automata were also used to test the observability under replacement-removal attacks. 44222 VOLUME 8, 2020 Two algorithms were proposed to reconstruct state by sensor measurements. The first algorithm reconstructed the state from a batch of sensor measurements while the other was able to incorporate new measurements as they become available, in the spirit of a Luenberger observer [67]. However, these two algorithms would be damaged by noise imposed by attackers. Shoukry and Tabuada introduced the notion of sparse observability to describe how to solve this problem. An event-triggered method was used to verify timing performance of these two algorithms.

2) ATTACK ON ACTUATORS
Carvalho et al. [21] considered the AE-attacks. In the case of the AE-attacks, some actuators were vulnerable to attacks. The problem that the authors address was to protect a system from a predefined set of unsafe states after an attack. The specific approach was as follows: firstly, they modeled the system under AE-attacks as a deterministic finite state automaton. Next, a model-based approach was adopted to accurately capture the vulnerabilities and attacks of the control system. The unsafe behavior that an attacker was trying to induce and the resiliency that the system defender was hoping to achieve can be described by the model-based methods.
In addition, the model-based methods can monitor deviations of the attacked system from normal system. Finally, based on the results of supervisory control and fault diagnosis of DES, they proposed a defense strategy that can detect attacks and disable all controllable actuator events immediately once an attack was detected. The new concept of AE-security controllability was defined, which represented the ability to use the proposed defense strategy to avoid the system entering an unsafe state after an attack, which was a variant of safe controllability in [68]. Finally, an algorithm was proposed to verify whether the system can automatically control security.

3) ATTACKS ON SENSORS AND ACTUATORS
Carvalho et al. [24] considered the intrusion detection and mitigation problems of supervisory control systems under AE-attacks, SE-attacks and SI-attacks. Attackers can intrude some vulnerable sensors and then erase real sensor readings or insert false ones. It may lead the system to enter an unsafe state. First, their work presented deterministic finite-state automata for these classes of attacks. Then, a defense strategy was proposed to detect such attacks online and disable all controllable events after detection. Finally, an algorithmic program was developed to verify whether the system can be protected from damages caused by attacks, where the damages were modeled as the accessibility of a predefined set of unsafe system states. The approach was similar to the work in [68], which proposed a strategy of fault detection on-line and reconfiguration of control law when faults are detected. In this case, the sufficient and necessary condition to be concerned with is ''General Form of safe controllability (GF-safe controllability)'', which was a property to be satisfied if the system was successfully satisfied to prevent damage caused by AE, SE or SI attacks and a General Form of attack (GF-attack) variant of safe controllability in [68]. At the same time, a test was developed to verify ''GF-safe controllability''.
Lima et al. [23] proposed a defense strategy involving security module that can prevent network attacks on sensors and/or actuators. When the system was not attacked, this strategy would not change the behavior of the closed-loop system, that is, the security module only disabled controlled events when an intrusion event caused the system to enter an unsafe state. In addition, they introduced undetectable network attack (DNA) security and detectable network attack (UNA) security to verify some properties of this strategy and gave necessary and sufficient conditions of these two definitions. For sake of implement the security module, it is necessary to ensure that it would not run counter to the designed supervisory control system. In the last, they also presented the necessary and sufficient conditions for the UNA and DNA security of the system.
Teixeira et al. [69] studied the typical control structure of control systems under network attacks. On this basis, a general antagonism model was discussed that was suitable for many attack scenarios, and the attack resources were mapped to the corresponding dimension of the attack space. By the detailed discussion of replay attacks, zero dynamic attacks and bias injection attacks, the concept of confrontation model and attack space were illustrated. Subsequently, the work [70] mainly considered the case where an attacker performed the zero dynamic attack on the system. Firstly, the stealth characteristics of the attack were characterized and analyzed, and then the system structure was modified to detect such attacks. Finally, the zero dynamic attack was solved by modifying the input, output and dynamic characteristics of the system.
Pasqualetti et al. [71] modeled CPS under attacks as a descriptor system whose constraints were unknown inputs that affected state and measurement. Firstly, based on the established model, the concepts of attack detectability and recognizability were defined by the impact of attacks on the output measurement. Then, the limitations of a class of monitors were pointed out from two aspects of system theory and graph theory. The main performance is as follows: 1) the monitor can detect the network physical attack if and only if the signal of the attacker triggers zero dynamics of the input/output system; 2) the monitor can carry out undetectable or unrecognized attacks if the monitoring signal was not clear, the monitor cannot detect or recognize attacks. Finally, a graph theory description of undetectable attack was proposed.
Park et al. [72] solved the problem of designing a robust attack for the opponent to break through the uncertain CPS without being detected. First they reinterpreted the zero-dynamics attack in terms of the normal representation. Then, a new zero dynamic attack method was proposed for uncertain systems [9], [70], [71]. The alternative method used a disturbance observer and did not need perfect system knowledge to stay stealthy. A robust zero-dynamics attack required a nominal model of a plant as well as the input and VOLUME 8, 2020 output signals of the system. The presented attack illustrated how the attackers can use disclosure resources of CPSs rather than perfect model knowledge.
Hoehn and Zhang [42] inserted the modulation matrix into the actuator signal path to alter the output behavior of system and detect attacks, and Fritz and Zhang [73] extended this method to all actuator and sensor channels to detect replay attacks and covert attacks, and adapted it to meet the requirements of DES. They accomplished attack detection by comparing the received signals from the CPS with the expected behavior of the model. Fritz and Zhang mainly contributed to the attack model for covert attacks and replay attacks of CPS modeled by DES, as well as detection methods for such network attacks. On the basis of altering the input and output behavior, the proposed approach can be easily achieved by a permutation matrix. In addition, it didn't limit the vulnerability of sensor and actuator channels. Therefore, an attacker can access all sensor and actuator data, that is, all sensor and actuator signals can be observed and changed.

B. DEFENSE STRATEGIES AGAINST DATA TRANSMISSION LAYER ATTACKS 1) MAN-IN-THE-MIDDLE ATTACKS
Man-in-the-middle attacks are one of the most powerful network attacks of CPSs. Once a CPS suffered from a man-inthe-middle attack, the intruder can observe, hide, create or change information in the attacked sensor or control communication channel [20], [25].
Lima et al. [20] studied the man-in-the-middle attack. They built a deterministic model of systems under sensor channel attacks and actuator channel attacks, and proposed a defense strategy that detected intrusions and protected the system from damages caused by man-in-the-middle attacks on communication networks channels in CPS. In addition, they defined a safe controllability under network attacks, called NA-safe controllability, which can detect attacks in the network and prevented the system from reaching an unsafe state, and an algorithm was presented to verify this attribute. Finally, a kind of computing device was developed to detect the attack that led to an unsafe state, which was called intrusion detection module.
Lima et al. [25] extended the work [20]. First, they proved that correctness of the NA-safe controllability verification algorithm in [20]. They showed how to use a security module against attacks in the communication network channel of CPS, and finally proved that NA-safe controllability was a sufficient and necessary condition for the security module.

2) DENIAL-OF-SERVICE ATTACKS
At present, mathematical models such as Queuing model [67], Bernoulli model [74] and Markov model [75] have been applied to the study of CPSs performance under DoS attacks.
Befekadu et al. [75] studied a finite-horizon risk-sensitive control problem of DoS attacks under a Markov modulated model. Attackers would use a hidden Markov model, randomly injected the control packets in the system. Befekadu et al. introduced a new equivalent probability measure to characterize all properties of a stochastic process. Then a hidden Markov model was extended by a memoryless Bernoulli process to get a perfect risk-sensitive control strategy.
Amin et al. [76] studied the effects of DoS attacks on the performance of linear quadratic gaussian (LQG) control. They aimed to design a control strategy to minimize system cost function in DoS attack environment and proposed an optimal solution based on positive semidefinite programming.
Foroush and Martinez [77] presented an plant-jammeroperator control strategy for periodic DoS attacks with limited power in the control system. They proposed an event-triggering time-sequence to reduce communication. In addition, they proved this triggering time-sequence can resist DoS attack and ensure the stability of the system state under some circumstances.
De Persis and Tesi [78] presented a general DoS attack model that only constrains the attacker action in time by posing limitations on the frequency of DoS attacks and their duration. It is possible to capture many different types of DoS attacks, including trivial, periodic, random and protocolaware jamming attacks. Later, based on the DoS attack model in [78], Feng and Tesi [79] studied maximally robust controllers under DoS attacks. They aimed to maximize frequency and continuance of DoS attacks without undamaging closed-loop stability. And Dolk et al. [80] studied a framework for output-based dynamic event-triggered control (ETC) systems under DoS attacks.
While advanced controllers were exchanging information, a DoS attack may analyze the transmitted information and find vulnerabilities. Once a vulnerability of system was discovered, the system can be intruded by the DoS attack, which caused a (Direct current) DC microgrid to enter an unsafe state. A framework was proposed to study the fault ridethrough capability of DC microgrids in DoS attacks [81]. In the last, two simulation case studies showed the effectiveness of that framework.

V. CONCLUSION AND FUTURE WORK
With the advent of the 5G era, information systems and physical systems are undergoing tremendous changes. CPSs have become prevalent in a vast range of applications, including industrial control systems, advanced communication, smart power grids and transportation networks. However, people cannot ignore the serious threats to CPSs caused by network attacks while considering saving production costs and improving production efficiency. Therefore, it is increasingly important to improve the safety and performance of CPSs. In recent years, more and more cases of network attacks on CPSs show that the destructiveness and pertinence of network attacks have been improved than before. Attackers can use the network to launch attacks on public infrastructures such as smart grids, smart transportation, and large hydropower stations, which have seriously threatened national security, social stability, and economic development. Therefore, it is urgent to quickly and effectively improve the CPS defense capability. This paper reviews the types of network attacks in CPS, intrusion detection methods and defense strategies in the literature.
CPSs in the future may no longer face a single attack only but face multiple attacks. It could happen that a CPS is attacked by multiple intruders at the same time or the intruder is capable of launching multiple network attacks simultaneously on the system. For example, a system may be subjected to replay attacks and covert attacks simultaneously. Obviously, the existing detection methods and defense strategies for a single attack are not enough to ensure the security of CPSs in this case. An important object of our future work is thus detecting each of the multiple attacks quickly and designing a comprehensive defense strategy to make the system run normally. Wakaiki et al. [66] first studied multiple attacks and Gao et al. [82] recently studied how to detect multiple attacks on DESs but did not provide corresponding defense strategies. In summary, the current research on intrusion detection and defense strategy design for multiple attacks is still in its infancy. How to deal with multiple network attacks in CPSs should be investigated in the future work. On the other hand, the attack issues in the future work may be studied by generalizing the problem setting on the considered CPSs. We may consider the case that we do not know for sure the initial state of the system or we can only get the partial observation of the behavior of the considered system. Besides, since almost all studies in the literature use automata to model CPSs when dealing with attack issues, we may try to use Petri nets as a modelling tool to solve the problem to see if we can gain some advantages in computational complexity.