Stealthy Control Signal Attacks in Linear Quadratic Gaussian Control Systems: Detectability Reward Tradeoff

The problem of false data injection through compromised cyber links to a physical control system modeled by linear quadratic Gaussian dynamics is studied in this paper. The control input stream is compromised by an attacker who modifies the (cyber) control signals transmitted with the objective of increasing the quadratic cost incurred by the (physical) controller whilst maintaining a degree of stealthiness. The tradeoff between the increase in quadratic cost and the stealthiness (or detectability), are measured by the Kullback–Leibler distance between legitimate and falsified state dynamics is characterized analytically. It is shown that the optimal adversarial strategy is a sequence of independent Gaussian noise signals with carefully chosen variances whose eigenvalues align with those of the legitimate noise covariance with the scaling reflecting the desired quadratic cost increase. As the stealthiness decreases, the optimal tradeoff is shown to be linear with slope inversely proportional to the maximal of maximal eigenvalue of modified reward matrices. Numerical simulations are presented that showcase the optimal tradeoff and the comparison of the legitimate and falsified dynamics under different requirements on detectability.

[1]  Evgueni A. Haroutunian,et al.  Information Theory and Statistics , 2011, International Encyclopedia of Statistical Science.

[2]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[3]  Zuyi Li,et al.  Masking Transmission Line Outages via False Data Injection Attacks , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Rick S. Blum,et al.  Attacks on Sensor Network Parameter Estimation With Quantization: Performance and Asymptotically Optimum Processing , 2015, IEEE Transactions on Signal Processing.

[5]  Ruochi Zhang,et al.  Stealthy control signal attacks in vector LQG systems , 2016, 2016 American Control Conference (ACC).

[6]  Xinyu Yang,et al.  On False Data Injection Attacks against Distributed Energy Routing in Smart Grid , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[7]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[8]  Ling Shi,et al.  Optimal Denial-of-Service Attack Scheduling With Energy Constraint , 2015, IEEE Transactions on Automatic Control.

[9]  Alejandro D. Domínguez-García,et al.  Detection of impulsive effects in switched DAEs with applications to power electronics reliability analysis , 2010, 49th IEEE Conference on Decision and Control (CDC).

[10]  Yunghsiang Sam Han,et al.  Optimal distributed detection in the presence of Byzantines , 2013, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing.

[11]  Lang Tong,et al.  Malicious Data Attacks on the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[12]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[13]  Rick S. Blum,et al.  Asymptotically Optimum Distributed Estimation in the Presence of Attacks , 2015, IEEE Transactions on Signal Processing.

[14]  Solomon Kullback,et al.  Information Theory and Statistics , 1970, The Mathematical Gazette.

[15]  Vir V. Phoha,et al.  Transforming animals in a cyber-behavioral biometric menagerie with Frog-Boiling attacks , 2012, 2012 IEEE Fifth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[16]  Aditya Ashok,et al.  Online Detection of Stealthy False Data Injection Attacks in Power System State Estimation , 2018, IEEE Transactions on Smart Grid.

[17]  Yongdae Kim,et al.  The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems , 2009, SecureComm.

[18]  Haiyun Luo,et al.  Statistical en-route filtering of injected false data in sensor networks , 2004, IEEE INFOCOM 2004.

[19]  Quanyan Zhu,et al.  Coding Schemes for Securing Cyber-Physical Systems Against Stealthy Data Injection Attacks , 2016, IEEE Transactions on Control of Network Systems.

[20]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[21]  André Teixeira,et al.  Networked control systems under cyber attacks with applications to power networks , 2010, Proceedings of the 2010 American Control Conference.

[22]  Paulo Tabuada,et al.  Secure state-estimation for dynamical systems under active adversaries , 2011, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[23]  F. Bullo,et al.  A graph-theoretical characterization of power network vulnerabilities , 2011, Proceedings of the 2011 American Control Conference.

[24]  Bruno Sinopoli,et al.  Integrity Data Attacks in Power Market Operations , 2011, IEEE Transactions on Smart Grid.

[25]  Janos J. Gertler,et al.  Analytical Redundancy Methods in Fault Detection and Isolation , 1991 .

[26]  Shusen Yang,et al.  Detection of false data injection attacks in smart-grid systems , 2015, IEEE Communications Magazine.

[27]  H. Vincent Poor,et al.  An Introduction to Signal Detection and Estimation , 1994, Springer Texts in Electrical Engineering.

[28]  H. Vincent Poor,et al.  An introduction to signal detection and estimation (2nd ed.) , 1994 .

[29]  Donghua Zhou,et al.  Two-Channel False Data Injection Attacks Against Output Tracking Control of Networked Systems , 2016, IEEE Transactions on Industrial Electronics.

[30]  Parv Venkitasubramaniam,et al.  Stealthy Attacks in Dynamical Systems: Tradeoffs Between Utility and Detectability With Application in Anonymous Systems , 2017, IEEE Transactions on Information Forensics and Security.

[31]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[32]  L. Tong,et al.  Malicious Data Attacks on Smart Grid State Estimation: Attack Strategies and Countermeasures , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[33]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[34]  Zhu Han,et al.  Coordinated data-injection attack and detection in the smart grid: A detailed look at enriching detection solutions , 2012, IEEE Signal Processing Magazine.

[35]  Adnan Anwar,et al.  Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements , 2016, J. Comput. Syst. Sci..

[36]  Ling Shi,et al.  Optimal DoS Attack Scheduling in Wireless Networked Control System , 2016, IEEE Transactions on Control Systems Technology.

[37]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control, Two Volume Set , 1995 .

[38]  Vijay Gupta,et al.  On Kalman filtering in the presence of a compromised sensor: Fundamental performance bounds , 2014, 2014 American Control Conference.

[39]  Bruno Sinopoli,et al.  A set-theoretic approach for secure and resilient control of Cyber-Physical Systems subject to false data injection attacks , 2016, 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS).