Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

This paper studies an attacker against a cyber-physical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker's probability of being detected is related to the non-negative bias induced by his or her attack on the CPS's detection statistic. We formulate a linear quadratic cost function that captures the attacker's control goal and establish constraints on the induced bias that reflect the attacker's detection-avoidance objectives. When the attacker is constrained to be detected at the false alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker's state estimate. In the case that the attacker's bias is upper bounded by a positive constant, we provide two algorithms—an optimal algorithm and a suboptimal, less computationally intensive algorithm—to find suitable attack sequences. Finally, we illustrate our attack strategies in numerical examples based on a remotely controlled helicopter under attack.

[1]  Agus Budiyono,et al.  State space identification and implementation of H∞ control design for small‐scale helicopter , 2010 .

[2]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[3]  Soummya Kar,et al.  Cyber-physical systems: Dynamic sensor attacks and strong observability , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[4]  Jason L. Speyer,et al.  Stochastic Processes, Estimation, and Control , 2008, Advances in design and control.

[5]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[6]  Soummya Kar,et al.  Cyber-Physical Attacks With Control Objectives , 2016, IEEE Transactions on Automatic Control.

[7]  James B. Rawlings,et al.  Constrained linear quadratic regulation , 1998, IEEE Trans. Autom. Control..

[8]  Soummya Kar,et al.  Cyber physical attacks constrained by control objectives , 2016, 2016 American Control Conference (ACC).

[9]  Johan Löfberg,et al.  Oops! I cannot do it again: Testing for recursive feasibility in MPC , 2012, Autom..

[10]  Alberto Bemporad,et al.  The explicit linear quadratic regulator for constrained systems , 2003, Autom..

[11]  Soummya Kar,et al.  Dynamic Attack Detection in Cyber-Physical Systems With Side Initial State Information , 2015, IEEE Transactions on Automatic Control.

[12]  Paulo Tabuada,et al.  Attack-resilient state estimation in the presence of noise , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[13]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[14]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[15]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[16]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[17]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[18]  Bruno Sinopoli,et al.  Integrity attacks on cyber-physical systems , 2012, HiCoNS '12.

[19]  Paulo Tabuada,et al.  Event-Triggered State Observers for Sparse Sensor Noise/Attacks , 2013, IEEE Transactions on Automatic Control.

[20]  Yilin Mo,et al.  False Data Injection Attacks in Control Systems , 2010 .

[21]  Paulo Tabuada,et al.  Robustness of attack-resilient state estimators , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[22]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[23]  L. Silverman,et al.  Structure and stability of discrete-time optimal systems , 1971 .

[24]  Ruochi Zhang,et al.  Stealthy control signal attacks in scalar LQG systems , 2015, 2015 IEEE Global Conference on Signal and Information Processing (GlobalSIP).

[25]  Bruno Sinopoli,et al.  On the Performance Degradation of Cyber-Physical Systems Under Stealthy Integrity Attacks , 2016, IEEE Transactions on Automatic Control.

[26]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[27]  Athanasios Sideris,et al.  A Riccati approach for constrained linear quadratic optimal control , 2011, Int. J. Control.

[28]  Soummya Kar,et al.  Cyber physical attacks with control objectives and detection constraints , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[29]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[30]  Alan S. Willsky,et al.  A survey of design methods for failure detection in dynamic systems , 1976, Autom..