George, Sunitha (2025) Design of Multi-Sine Watermark using Power Spectral Analysis for Replay Attack Detection. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
7MBGeorge_MASc_F2025.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
Design of multi-sine watermark using power spectral analysis for replay attack detection
Sunitha George
Replay attacks are a critical security concern in cyber-physical systems (CPS), where adversaries record legitimate data transmissions and maliciously retransmit them later to disrupt normal system operations. These attacks are particularly dangerous because they often replay legitimate data, making them difficult to detect using traditional intrusion detection systems. As CPS continue to integrate deeper into critical infrastructure such as power systems, industrial automation, and transportation networks, the need for better safety measures becomes increasingly urgent.
One promising line of defense involves watermarking techniques, in particular, using multi-sine watermarks with switching frequencies. This thesis studies the problem of choosing the parameters of multi-sine watermarks to achieve replay attack detection with desired level of confidence. The proposed method is derived from a power spectral analysis of the output of the plant in both normal (no attack) and during attack operation.
A flow control process involving a tank is utilized as an illustrative example. Through this example, the effectiveness of the proposed method is validated, showing its capability to design a watermark that can successfully detect replay attacks and thus enhance the security of the control system.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Electrical and Computer Engineering |
|---|---|
| Item Type: | Thesis (Masters) |
| Authors: | George, Sunitha |
| Institution: | Concordia University |
| Degree Name: | M.A. Sc. |
| Program: | Electrical and Computer Engineering |
| Date: | 2 June 2025 |
| Thesis Supervisor(s): | Zad, Shahin Hashtrudi |
| ID Code: | 995668 |
| Deposited By: | Sunitha George |
| Deposited On: | 04 Nov 2025 16:07 |
| Last Modified: | 04 Nov 2025 16:07 |
References:
[1] A. A. Cardenas, S. Amin and S, Sastry, “Research Challenges for the Security of Control Systems,” 3rd USENIX Workshop on Hot Topics in Security, 2008.[2] M. Asiri, N. Saxena, R. Gjomemo and P. Burnap, “Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective,” ACM Transactions on Cyber-Physical Systems, vol. 7, no. 2, pp. 1-33, 2023, doi: 10.1145/3587255.
[3] S. M. Dibaji, M. Pirani, D. B. Flamholz, A. M. Annaswamy, K. H. Johansson and A. Chakrabortty, "A Systems and Control Perspective of CPS Security," Annual Reviews in Control, vol. 47, pp. 394-411, 2019, doi: 10.1016/j.arcontrol.2019.04.011.
[4] J. Li, Z. Wang, Y. Shen and L. Xie, “Attack Detection for Cyber-Physical Systems: A Zonotopic Approach,” IEEE Transactions on Automatic Control, vol. 68, no. 11, pp. 6828-6835, 2023, doi: 10.1109/TAC.2023.3240383.
[5] S. Karnouskos, "Stuxnet worm impact on industrial cyber-physical system security," IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society, Melbourne, VIC, Australia, pp. 4490-4494, 2011, doi: 10.1109/IECON.2011.6120048.
[6] M. A. Ferrag, I. Kantzavelou, L. Maglaras, and H. Janicke, Hybrid Threats, Cyberterrorism and Cyberwarfare, 1st ed., CRC Press, 2024, doi: 10.1201/9781003314721.
[7] Y. Mekdad, G. Bernieri, M. Conti, and A. E. Fergougui, “A threat model method for ICS malware: the TRISIS case,” Proceedings of the 18th ACM International Conference on Computing Frontiers (CF '21), Association for Computing Machinery, New York, NY, USA, pp. 221–228, 2021, doi: 10.1145/3457388.3458868.
[8] A. Amin, A. A. Cardenas and S. Sastry, “Safe and secure networked control systems under denial-of-service attacks,” Proceedings of the Hybrid Systems: Computation and Control, LNCS 5496, Springer-Verlag, pp. 31-45, 2009, doi: 10.1007/978-3-642-00602-9_3
[9] Y. Mo and B. Sinopoli, “False data injection attacks in control systems,” Proceedings of the 1st Workshop Secure Control Systems, Stockholm, Sweden, 2010.
[10] D. Bhamare, M. Zolanvari, A. Erbad, R. Jain, K. Khan and N. Meskin, “Cybersecurity for industrial control systems: A Survey,” Computers & Security, vol. 89, 2020, doi: 10.1016/j.cose.2019.101677.
[11] T. Alladi, V. Chamola and S. Zeadally, “Industrial Control Systems: Cyberattack trends and countermeasures,” Computer Communications, vol. 155, pp. 1-8, 2020, doi: 10.1016/j.comcom.2020.03.007.
[12] T. Miller, A. Staves, S. Maesschalck, M. Sturdee and B. Green, “Looking back to look forward: Lessons learnt from cyber-attacks on Industrial Control Systems” International Journal of Critical Infrastructure and Protection, vol. 35, 2021, doi: 10.1016/j.ijcip.2021.100464.
[13] Z. Drias, A. Serhrouchni and O. Vogel, "Analysis of cyber security for industrial control systems," 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China, pp. 1-8, 2015, doi: 10.1109/SSIC.2015.7245330.
[14] X. Fan, K. Fan, Y. Wang and R. Zhou, "Overview of cyber-security of industrial control system," International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China, pp. 1-7, 2015, doi: 10.1109/SSIC.2015.7245324.
[15] S. McLaughlin, C. Konstantinou, X. Wang, L. Davi, A. R. Sadeghi, M. Maniatakos and R. Karri, "The Cybersecurity Landscape in Industrial Control Systems," in Proceedings of the IEEE, vol. 104, no. 5, pp. 1039-1057, 2016, doi: 10.1109/JPROC.2015.2512235.
[16] Y. Mo, S. Weerakkody and B. Sinopoli, “Physical authentication of control systems: de-signing watermarked control inputs to detect counterfeit sensor outputs, ” IEEE Control Systems Magazine, vol. 35, no. 1, pp. 93-109, 2015, doi: 10.1109/MCS.2014.2364724.
[17] A. Khazraei, H. Kebriaei and F. R. Salmasi, “A New Watermarking Approach for Replay Attack Detection in LQG Systems,” 56th IEEE Annual Conference on Decision and Control, 2017, doi: 10.1109/CDC.2017.8264421.
[18] C. Trapiello and V. Puig, “Set-based replay attack detection in closed-loop systems using a plug & play watermarking approach,” 4th Conference on Control and Fault Tolerant Systems, 2019, doi: 10.1109/SYSTOL.2019.8864790.
[19] S. Weerakkody, Y. Mo and B. Sinopoli, “Detecting Integrity Attacks on Control Systems using Robust Physical Watermarking,” 53rd IEEE Conference on Decision and Control, 2014, doi: 10.1109/CDC.2014.7039974.
[20] R. Romagnoli. S. Weerakkody and B. Sinopoli, “A Model Inversion Based Watermark for Replay Attack Detection with Output Tracking,” American Control Conference, 2019, doi: 10.23919/ACC.2019.8814483.
[21] H. Liu, Y. Mo, J. Yan, L. Xie and K. H. Johansson, “An on-line approach to physical watermark design,” IEEE Transactions on Automatic Control, vol. 65, no. 9, pp. 3895-3902, 2020, doi: 10.1109/TAC.2020.2971994.
[22] C. M. Ahmed, V. R. Palleti and V. K. Mishra, “A practical physical watermarking approach to detect replay attacks in a CPS,” Journal of Process Control, vol. 116, pp. 136-146, 2022, doi: 10.1016/j.jprocont.2022.06.002.
[23] C. Trapiello and V. Puig, “Optimal Finite-time Watermark Signal Design got Replay Attack Detection using Zonotopes,” IFAC-PapersOnLine, vol. 55, no. 6, pp. 292-297, 2022, doi: 10.1016/j.ifacol.2022.07.144.
[24] C. Trapiello and V. Puig, “A Zonotopic-Based Watermarking Design to Detect Replay Attacks,” IEEE/CAA Journal of Automatica Sinica, vol. 9, no. 11, pp. 1924-1938, 2022, doi: 10.1109/JAS.2022.105944.
[25] R. Goyal, C. Somarakis, E. Noorani and S. Rane, “Co-Design of Watermarking and Robust Control for Security in Cyber-Physical Systems,” 61st IEEE Conference on Decision and Control, 2022, doi: 10.1109/CDC51059.2022.9992339.
[26] X. Q. Xie, H. H. Zhou and Y. H. Jin, “Strong tracking filter based adaptive generic model control,” Journal of Process Control, vol. 9, pp. 337-350, 1999, doi: 10.1016/S0959-1524(98)00052-3.
[27] R. Smith, “A decoupled feedback structure for covertly appropriating networked control systems,” Proceedings of the 18th IFAC World Congress, Milano, ITlau, pp. 90-95, 2011, doi: 10.3182/20110828-6-IT-1002.01721.
[28] A. Teixeira, D. Perez, H. Sandberg and K. H. Johansson, “Attack models and scenarios for networked control systems,” Proceedings of the 1st International Conference on High Confidence Networked Systems, Beijing, China, pp. 55-64, 2012, doi: 10.1145/2185505.2185515.
[29] F. Miao, M. Pajic and G. J. Pappas, “Stochastic game approach for replay attack detection,” 52nd IEEE Conference on Decision and Control, Florence, Italy, pp. 1854-1859, 2013, doi: 10.1109/CDC.2013.6760152.
[30] Y. Mo and B. Sinopoli, "Secure control against replay attacks," Proceedings of the 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911-918, 2009, doi: 10.1109/ALLERTON.2009.5394956.
[31] A. Khazraei, H. Kebriaei and F. R. Salmasi, “Replay attack detection in a multi agent system using stability analysis and loss effective watermarking,” American Control Conference, 2017, doi: 10.23919/ACC.2017.7963694.
[32] R. M. G. Ferrari and A. M. H. Teixeira, “Detection and isolation of replay attacks through sensor watermarking,” Proceedings of the IFAC World Congress, Toulouse, France, pp. 7363-7368, 2017, doi: 10.1016/j.ifacol.2017.08.1502.
[33] C. Bhowmick and S. Jagannathan, “Detection of Sensor Attacks in Uncertain Stochastic Linear Systems,” IEEE Conference on Control Technology and Applications, pp. 706-711, 2019 doi: 10.1109/CCTA.2019.8920410.
[34] C. Bhowmick and S. Jagannathan, “Detection and Mitigation of Attacks in Nonlinear Stochastic System Using Modified χ^2 Detector,” 58th IEEE Conference on Decision and Control, pp. 139-144, 2019, doi: 10.1109/CDC40024.2019.9029553.
[35] H. S. Sanchez, D. Rotondo, T. Escobet, V. Puig, J. Saludes and J. Quevedo, “Detection of replay attacks in cyber-physical systems using a frequency-based signature,” Journal of the Franklin Institute, vol. 356, no. 5, pp. 2798-2824, 2019, doi: 10.1016/j.jfranklin.2019.01.005.
[36] C. Trapiello and V. Puig, “Replay attack detection using a zonotopic KF and LQ approach,” IEEE International Conference on Systems, Man and Cybernetics, 2020, doi: 10.1109/SMC42975.2020.9282865.
[37] M. Porter, S. Dey, A. Joshi, P. Hespanhol, A. Aswani, M. J. Roberson and R. Vasudevan, “Detecting Deception Attacks on Autonomous Vehicles via Linear Time-Varying Dynamic Watermarking,” IEEE Conference on Control Technology and Applications, Montreal, Canada, 2020, doi: 10.1109/CCTA41146.2020.9206278.
[38] M. Porter, P. Hespanhol, A. Aswani, M. J. Roberson and R. Vasudevan, “Detecting Generalized Replay Attacks via Time-Varying Dynamic Watermarking,” IEEE Transactions on Automatic Control, vol. 66, no. 8, pp. 3502-17, 2021, doi: 10.1109/TAC.2020.3022756.
[39] L. Wu, D. Du, C. Zhang, M. Fei and I. Popovic, “An Active Detection Method for Generalized Replay Attacks Using Multiplicative Watermarking” 41st Chinese Control Conference, Heifei, China, 2022, doi: 10.23919/CCC55666.2022.9901662.
[40] W. Li, H. Qian, M. Zhang, S. Wang, F. Wang and X. Zhu, “Stealthy replay attack detection of 3-DOF helicopter benchmark system using dynamic watermarking approach,” Transactions of the Institute of Measurement and Control - Advances in measurement and control for unmanned systems, pp. 1-11, 2022, doi: 10.1177/01423312221134326.
[41] R. Zhang, “Watermarking-based Discrete LQG Systems for Detecting Replay Attacks,” 35th Chinese Control and Decision Conference, 2023, doi: 10.1109/CCDC58219.2023.10326524.
[42] A. Naha, A. Teixeira, A. Ahlen and S. Dey, “Sequential Detection of Replay Attacks,” IEEE Transactions on Automatic Control, vol. 68, no. 3, pp. 1941-48, 2023, doi: 10.1109/TAC.2022.3174004.
[43] A. Naha, A. Teixeira, A. Ahlen and S. Dey, “Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy,” American Control Conference, 2022, doi: 10.23919/ACC53348.2022.9867703.
[44] A. Ghamarilangroudi, S. Hashtrudi Zad and Y. Zhang, "Replay attack
detection using switching multi-sine watermarking," Proceedings of the 33rd Mediterranean Conference on Control and Automation (MED' 2025),
Tangier, Morocco, June 2025.
[45] S. M. Kay, Modern Spectral Estimation, Prentice Hall, Englewood Cliffs, NJ, 1988.
[46] G. M. Jenkins and D. G. Watts, Spectral Analysis and its Applications, Holden-Day, San Francisco, 1968.
[47] T. T. Tran, O. S. Shin and J. H. Lee, "Detection of replay attacks in smart grid systems," International Conference on Computing, Management and Telecommunications, Ho Chi Minh City, Vietnam, pp. 298-302, 2013, doi: 10.1109/ComManTel.2013.6482409.
[48] M. Ma, P. Zhou, D. Du, C. Peng, M. Fei and H. M. AlBuflasa, “Detecting Replay Attacks in Power Systems: A Data-Driven Approach,” Advanced Computational Methods in Energy, Power, Electric Vehicles, and Their Integration, vol 763, 2017, doi: 10.1007/978-981-10-6364-0_45.
[49] P. Ramanan, D. Li and N. Gebraeel, "Blockchain-Based Decentralized Replay Attack Detection for Large-Scale Power Systems," in IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 52, no. 8, pp. 4727-4739, 2022, doi: 10.1109/TSMC.2021.3104087.
[50] M. Bouslimani, F. B. S. Tayeb, Y. Amirat and M. Benbouzid, "Replay Attacks on Smart Grids: A Comprehensive Review on Countermeasures," IECON 2024 - 50th Annual Conference of the IEEE Industrial Electronics Society, Chicago, USA, 2024, pp. 1-6, doi: 10.1109/IECON55916.2024.10905194.
[51] H. R. Patel, "Replay Attack Detection in Smart Grids using Switching Multi-Sine Watermarking," M.S. thesis, Dept. of Electrical and Computer Engineering, Concordia University, Montreal, QC, Canada, 2023, https://spectrum.library.concordia.ca/id/eprint/992969/1/Patel_MASc_F2023.pdf.
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.
Repository Staff Only: item control page
Download Statistics
Download Statistics