Stealthy Actuator Signal Attacks in Stochastic Control Systems: Performance and Limitations

In this technical note, the tradeoff between the attack detectability and the performance degradation in stochastic cyber-physical systems is investigated. We consider a linear time-invariant system in which the attack detector performs a hypothesis test on the innovation of the Kalman filter to detect malicious tampering with the actuator signals. We adopt a notion of attack stealthiness to quantify the degree of stealth by limiting the maximum achievable exponents of both false alarm probability and detection probability below certain thresholds. And the conditions for any actuator attack to have a specific level of stealthiness are derived. Additionally, we characterize the upper bound of the performance degradation induced by attacks with a given extent of stealthiness that produces independent and identically distributed Gaussian innovations, and design the attack, which achieves the stated upper bound for right-invertible systems. Finally, our results are illustrated via numerical examples.

[1]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[2]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[3]  Evgueni A. Haroutunian,et al.  Information Theory and Statistics , 2011, International Encyclopedia of Statistical Science.

[4]  Jianwei Huang,et al.  Monotonic Optimization in Communication and Networking Systems , 2013 .

[5]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[6]  Ling Shi,et al.  Worst-case stealthy innovation-based linear attack on remote state estimation , 2018, Autom..

[7]  Vijay Gupta,et al.  On Kalman Filtering with Compromised Sensors: Attack Stealthiness and Performance Bounds , 2017, IEEE Transactions on Automatic Control.

[8]  Petros G. Voulgaris,et al.  On optimal ℓ∞ to ℓ∞ filtering , 1995, Autom..

[9]  Soummya Kar,et al.  Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems , 2016, IEEE Transactions on Control of Network Systems.

[10]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[11]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[12]  Bruno Sinopoli,et al.  Integrity attacks on cyber-physical systems , 2012, HiCoNS '12.

[13]  Osama A. Mohammed,et al.  Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit , 2017, NDSS.

[14]  Qian Wang,et al.  A Canonical Decomposition of the Right Invertible System with Applications , 2010, SIAM J. Matrix Anal. Appl..

[15]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[16]  H. Vincent Poor,et al.  An Introduction to Signal Detection and Estimation , 1994, Springer Texts in Electrical Engineering.

[17]  Soummya Kar,et al.  Cyber-Physical Attacks With Control Objectives , 2016, IEEE Transactions on Automatic Control.

[18]  Vijay Gupta,et al.  Security in stochastic control systems: Fundamental limitations and performance bounds , 2015, 2015 American Control Conference (ACC).

[19]  Vijay Gupta,et al.  Data-injection attacks in stochastic control systems: Detectability and performance tradeoffs , 2017, Autom..

[20]  Shreyas Sundaram,et al.  Distributed Function Calculation via Linear Iterative Strategies in the Presence of Malicious Agents , 2011, IEEE Transactions on Automatic Control.

[21]  Ruochi Zhang,et al.  Stealthy Control Signal Attacks in Linear Quadratic Gaussian Control Systems: Detectability Reward Tradeoff , 2017, IEEE Transactions on Information Forensics and Security.