AST-SafeSec: Adaptive Stress Testing for Safety and Security Co-Analysis of Cyber-Physical Systems

Cyber-physical systems are becoming more intelligent with the adoption of heterogeneous sensor networks and machine learning capabilities that deal with an increasing amount of input data. While this complexity aims to solve problems in various domains, it adds new challenges for the system assurance. One issue is the rise in the number of abnormal behaviors that affect system performance due to possible sensor faults and attacks. The combination of safety risks, which are usually caused by random sensor faults and security risks that can happen during any random system state, makes the full coverage testing of the cyber-physical system challenging. Existing techniques are inadequate to deal with complex safety and security co-risks against cyber-physical systems. In this paper, we propose AST-SafeSec, an analysis methodology for both safety and security aspects that utilizes reinforcement learning to identify the most likely adversarial paths at various normal or failure states of a cyber-physical system that can influence system behavior through its sensor data. The methodology is evaluated using an autonomous vehicle scenario by incorporating a security attack into the stochastic sensor elements of a vehicle. Evaluation results show that the methodology analyzes the interaction of malicious attacks with random faults and identifies the incident caused by the interactions and the most likely path that leads to the incident.