LQG Reference Tracking with Safety and Reachability Guarantees under False Data Injection Attacks

Control systems are increasingly targeted by malicious adversaries, who may inject spurious sensor measurements in order to bias the controller behavior and cause suboptimal performance or safety violations. This paper investigates the problem of tracking a reference trajectory while satisfying safety and reachability constraints in the presence of such false data injection attacks. We consider a linear, time-invariant system with additive Gaussian noise in which a subset of sensors can be compromised by an attacker, while the remaining sensors are regarded as secure. We propose a control policy in which two estimates of the system state are maintained, one based on all sensors and one based on only the secure sensors. The optimal control action based on the secure sensors alone is then computed at each time step, and the chosen control action is constrained to lie within a given distance of this value. We show that this policy can be implemented by solving a quadratically-constrained quadratic program at each time step. We develop a barrier function approach to choosing the parameters of our scheme in order to provide provable guarantees on safety and reachability, and derive bounds on the probability that our control policies deviate from the optimal policy when no attacker is present. Our framework is validated through numerical study.

[1]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[2]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[3]  Ruochi Zhang,et al.  A game theoretic approach to analyze false data injection and detection in LQG system , 2017, 2017 IEEE Conference on Communications and Network Security (CNS).

[4]  Andrew Clark,et al.  Linear Quadratic Gaussian Control Under False Data Injection Attacks , 2018, 2018 Annual American Control Conference (ACC).

[5]  B. Anderson,et al.  Optimal control: linear quadratic methods , 1990 .

[6]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[7]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[8]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[9]  Roberto Di Pietro,et al.  Emergent properties: detection of the node-capture attack in mobile wireless sensor networks , 2008, WiSec '08.

[10]  Todd E. Humphreys,et al.  Unmanned Aircraft Capture and Control Via GPS Spoofing , 2014, J. Field Robotics.

[11]  Steven E. Shladover,et al.  Potential Cyberattacks on Automated Vehicles , 2015, IEEE Transactions on Intelligent Transportation Systems.

[12]  Paulo Tabuada,et al.  SMT-Based Observer Design for Cyber-Physical Systems under Sensor Attacks , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[13]  Insup Lee,et al.  Attack-Resilient State Estimation for Noisy Dynamical Systems , 2017, IEEE Transactions on Control of Network Systems.

[14]  Ali Jadbabaie,et al.  Safety Verification of Hybrid Systems Using Barrier Certificates , 2004, HSCC.

[15]  Ioannis Karatzas,et al.  Brownian Motion and Stochastic Calculus , 1987 .

[16]  George J. Pappas,et al.  Stochastic safety verification using barrier certificates , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[17]  Ilya V. Kolmanovsky,et al.  Nonlinear tracking control in the presence of state and control constraints: a generalized reference governor , 2002, Autom..

[18]  João Pedro Hespanha,et al.  Performance limitations in reference tracking and path following for nonlinear systems , 2008, Autom..

[19]  R. Unbehauen,et al.  Stochastic stability of the continuous-time extended Kalman filter , 2000 .