On the Confidentiality of Linear Anomaly Detector States

A malicious attacker with access to the sensor channel in a feedback control system can severely affect the physical system under control, while simultaneously being hard to detect. A properly designed anomaly detector can restrict the impact of such attacks, however. Anomaly detectors with an internal state (stateful detectors) have gained popularity because they seem to be able to mitigate these attacks more than detectors without a state (stateless detectors). In the analysis of attacks against control systems with anomaly detectors, it has been assumed that the attacker has access to the detector's internal state, or designs its attack such that it is not detected regardless of the detector's state. In this paper, we show how an attacker can realize the first case by breaking the confidentiality of a stateful detector state evolving with linear dynamics, while remaining undetected and imitating the statistics of the detector under nominal conditions. The realization of the attack is posed in a convex optimization framework using the notion of Kullback-Leibler divergence. Further, the attack is designed such that the maximum mean estimation error of the Kalman filter is maximized at each time step by exploiting dual norms. A numerical example is given to illustrate the results.

[1]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[2]  Inseok Hwang,et al.  A Survey of Fault Detection, Isolation, and Reconfiguration Methods , 2010, IEEE Transactions on Control Systems Technology.

[3]  R. A. Leibler,et al.  On Information and Sufficiency , 1951 .

[4]  Zheng Wang,et al.  Conflict-driven Hybrid Observer-based Anomaly Detection , 2017, 2018 Annual American Control Conference (ACC).

[5]  Bijan Samali,et al.  Benchmark Problem for Response Control of Wind-Excited Tall Buildings , 2004 .

[6]  Douglas M. Hawkins,et al.  A General Multivariate Exponentially Weighted Moving-Average Control Chart , 2007 .

[7]  Riccardo M. G. Ferrari,et al.  Detection and Isolation of Replay Attacks through Sensor Watermarking , 2017 .

[8]  Charles W. Champ,et al.  A multivariate exponentially weighted moving average control chart , 1992 .

[9]  Carlos Murguia,et al.  CUSUM and chi-squared attack detection of compromised sensors , 2016, 2016 IEEE Conference on Control Applications (CCA).

[10]  Karl Henrik Johansson,et al.  Quantifying the Impact of Cyber-Attack Strategies for Control Systems Equipped With an Anomaly Detector , 2018, 2018 European Control Conference (ECC).

[11]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[12]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[13]  Henrik Sandberg,et al.  Anomaly Detector Metrics for Sensor Data Attacks in Control Systems , 2018, 2018 Annual American Control Conference (ACC).

[14]  Francesco Bullo,et al.  Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[15]  Ram Vasudevan,et al.  Statistical Watermarking for Networked Control Systems , 2017, 2018 Annual American Control Conference (ACC).