Cyber-Physical Attacks With Control Objectives

This paper studies attackers with control objectives against cyber-physical systems (CPSs). The goal of the attacker is to counteract the CPS's controller and move the system to a target state while evading detection. We formulate a cost function that reflects the attacker's goals, and, using dynamic programming, we show that the optimal attack strategy reduces to a linear feedback of the attacker's state estimate. By changing the parameters of the cost function, we show how an attacker can design optimal attacks to balance the control objective and the detection avoidance objective. Finally, we provide a numerical illustration based on a remotely controlled helicopter under attack.

[1]  Soummya Kar,et al.  Cyber-physical systems: Dynamic sensor attacks and strong observability , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[2]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[3]  Karl Henrik Johansson,et al.  Revealing stealthy attacks in control systems , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  Lang Tong,et al.  Subspace Methods for Data Attack on State Estimation: A Data Driven Approach , 2014, IEEE Transactions on Signal Processing.

[5]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using a moving target approach , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[6]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[7]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[8]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[9]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[10]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[11]  Agus Budiyono,et al.  State space identification and implementation of H∞ control design for small‐scale helicopter , 2010 .

[12]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[13]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[14]  Ling Shi,et al.  Optimal Linear Cyber-Attack on Remote State Estimation , 2017, IEEE Transactions on Control of Network Systems.

[15]  Yilin Mo,et al.  False Data Injection Attacks in Control Systems , 2010 .

[16]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[17]  Paulo Tabuada,et al.  Attack-resilient state estimation in the presence of noise , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[18]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[19]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[20]  Jason L. Speyer,et al.  Stochastic Processes, Estimation, and Control , 2008, Advances in design and control.

[21]  Soummya Kar,et al.  Cyber physical attacks constrained by control objectives , 2016, 2016 American Control Conference (ACC).

[22]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[23]  Alan S. Willsky,et al.  A survey of design methods for failure detection in dynamic systems , 1976, Autom..

[24]  Soummya Kar,et al.  Dynamic Attack Detection in Cyber-Physical Systems With Side Initial State Information , 2015, IEEE Transactions on Automatic Control.

[25]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[26]  Bruno Sinopoli,et al.  Integrity attacks on cyber-physical systems , 2012, HiCoNS '12.

[27]  Soummya Kar,et al.  Cyber physical attacks with control objectives and detection constraints , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).