LQG control under Denial-of-Service attacks: An experimental study

Recently, the industrial wireless protocols have been widely used around the world. However, the unreliable communication media between the sensors and the central controller renders the wireless signal channel vulnerable to many attacks. Various efforts have been devoted to study the influence of specific malicious attacks from the aspect of theoretical investigation based on different assumptions. This paper focuses on verifying the optimal Denial-of-Service (DoS) jamming attack strategy on a class of wireless industrial control system from the view of experiments. We first introduce typical control system model and DoS attack model, and an optimal DoS attack schedule against LQG control based on these models. Then, we establish a semi-physical security testbed which consists of virtual plant, physical controller and communication process. We also realize wireless DoS attacks by exploiting the USRP device. Through extensive experiments and analysis, we investigate the performance of different DoS attack strategies on the LQG control system over an inverted pendulum.

[1]  S. Shankar Sastry,et al.  Security of interdependent and identical networked control systems , 2013, Autom..

[2]  Sushil Jajodia,et al.  Interleaved hop-by-hop authentication against false data injection attacks in sensor networks , 2007, TOSN.

[3]  Xiaoqiang Ren,et al.  Optimal DoS attacks on Bayesian quickest change detection , 2014, 53rd IEEE Conference on Decision and Control.

[4]  Francesco Bullo,et al.  Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.

[5]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[6]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[7]  Jiming Chen,et al.  An Online Optimization Approach for Control and Communication Codesign in Networked Cyber-Physical Systems , 2013, IEEE Transactions on Industrial Informatics.

[8]  Ling Shi,et al.  Optimal Denial-of-Service Attack Scheduling With Energy Constraint , 2015, IEEE Transactions on Automatic Control.

[9]  Radha Poovendran,et al.  Optimal Jamming Attack Strategies and Network Defense Policies in Wireless Sensor Networks , 2010, IEEE Transactions on Mobile Computing.

[10]  Richard A. Poisel,et al.  Modern Communications Jamming Principles and Techniques , 2003 .

[11]  Sonia Martínez,et al.  On the Performance Analysis of Resilient Networked Control Systems Under Replay Attacks , 2013, IEEE Transactions on Automatic Control.

[12]  Bruno Sinopoli,et al.  Foundations of Control and Estimation Over Lossy Networks , 2007, Proceedings of the IEEE.

[13]  Jiming Chen,et al.  Distributed Collaborative Control for Industrial Automation With Wireless Sensor and Actuator Networks , 2010, IEEE Transactions on Industrial Electronics.

[14]  Yan Zhang,et al.  Development of an integrated wireless sensor network micro-environmental monitoring system. , 2008, ISA transactions.

[15]  Ling Shi,et al.  Online Deception Attack against Remote State Estimation , 2014 .

[16]  Ping Wang,et al.  Research and implementation on the security scheme of industrial wireless network , 2011, The International Conference on Information Networking 2011 (ICOIN2011).

[17]  Tamer Basar,et al.  Optimal control in the presence of an intelligent jammer with limited actions , 2010, 49th IEEE Conference on Decision and Control (CDC).

[18]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[19]  Riccardo Minciardi,et al.  Optimal Control in a Cooperative Network of Smart Power Grids , 2012, IEEE Systems Journal.

[20]  Ling Shi,et al.  Optimal DoS attack policy against remote state estimation , 2013, 52nd IEEE Conference on Decision and Control.

[21]  Sonia Martínez,et al.  On event-triggered control of linear systems under periodic denial-of-service jamming attacks , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[22]  Fei Hu,et al.  Combating False Data Injection Attacks in Smart Grid using Kalman Filter , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[23]  Ling Shi,et al.  Optimal Denial-of-Service attack scheduling against linear quadratic Gaussian control , 2014, 2014 American Control Conference.