Haiding Tang,Zhouzheng Lu,Lifu Zhang,Yang Chen,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/etfa.2015.7301498

2015-01-01

Abstract:Recently, the industrial wireless protocols have been widely used around the world. However, the unreliable communication media between the sensors and the central controller renders the wireless signal channel vulnerable to many attacks. Various efforts have been devoted to study the influence of specific malicious attacks from the aspect of theoretical investigation based on different assumptions. This paper focuses on verifying the optimal Denial-of-Service (DoS) jamming attack strategy on a class of wireless industrial control system from the view of experiments. We first introduce typical control system model and DoS attack model, and an optimal DoS attack schedule against LQG control based on these models. Then, we establish a semi-physical security testbed which consists of virtual plant, physical controller and communication process. We also realize wireless DoS attacks by exploiting the USRP device. Through extensive experiments and analysis, we investigate the performance of different DoS attack strategies on the LQG control system over an inverted pendulum.

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/cdc.2013.6760746

2013-01-01

Abstract:Security of Cyber-Physical System (CPS) has gained increasing attention in recent years. Most existing works mainly investigate the system performance given the attacking patterns. In this paper, we investigate how the attacker should design its DoS attacking policy so that the system performance can be deteriorated as much as possible. Specifically, we consider the scenario where a sensor sends its data to a remote estimator through a wireless channel for state estimation, while an attacker decides whether to jam the channel at each sampling time. For two typical system performance indexes, i.e., the expected average estimation error and the expected terminal estimation error, we construct optimal attack scheduling schemes, respectively. We also propose the optimal attack schedules to avoid the given intruder detection mechanism. Numerical examples are presented to demonstrate the effectiveness of our results.

Zhen Han,Wei Wang,Changyun Wen,Lei Wang

DOI: https://doi.org/10.1109/tii.2024.3393142

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:This article focuses on the distributed adaptive consensus control problem for nonlinear systems with unknown parameters and denial-of-service (DoS) attacks. The communication channels among subsystems are directed and DoS attacks are executed on subsystems to jam the communication transmission. Besides, only part of these subsystems can access states of the desired reference system. To actively alleviate attack effects on the consensus performance, a distributed adaptive consensus control scheme with an active-defense mechanism is proposed. The active-defense mechanism consists of an attack-detection algorithm and a switching strategy. The distributed adaptive consensus controller is designed with normalized damping terms in control inputs and parameter update laws. In the presence of DoS attacks, a stability condition is derived based on the designed control scheme, which guarantees that the consensus errors are globally uniformly bounded under arbitrary switching dwell-time. Experimental results are provided to validate the effectiveness of the proposed control scheme with the active-defense mechanism.

Dandan Li,Qianqian Cai,Damián Marelli,Wei Meng,Minyue Fu

DOI: https://doi.org/10.1109/tcyb.2023.3348192

IF: 11.8

2024-01-01

IEEE Transactions on Cybernetics

Abstract:This article studies the stability issue of networked switched systems (NSSs) under denial-of-service (DoS) attacks. To address this issue, the derived limitations imposed on both the frequency of DoS attacks on each subsystem and the upper limit of attack duration that each subsystem can tolerate are mode-dependent, which is more efficient and flexible than the current results for NSSs. Moreover, we reveal the relationship between the upper bound of the average maximum tolerable attack duration associated with the corresponding subsystem and the actual mode-dependent average dwell time. Furthermore, we identify that the total tolerable DoS attack duration as a percentage of the system runtime in this article can be higher than existing results. Finally, an example is given to demonstrate the effectiveness of our work.

automation & control systems,computer science, cybernetics, artificial intelligence

Junhui Zhang,Jitao Sun

DOI: https://doi.org/10.1016/j.sysconle.2019.104546

2019-11-01

Abstract:Recent years have illustrated the soaring importance of security issues of cyber-physical systems (CPSs). In this paper, we consider the remote state estimation of a CPS while subject to denial-of-service (DoS) attacks. A number of sensors monitor different linear dynamical systems and transmit the measurements to a remote estimator through a multi-channel network that may suffer corruption due to an intelligent attacker. Both sensors and the attacker have energy constraints. At each time-step, sensors select which channel to transmit over while the attacker chooses which channel to congest. Both sides select strategies based on the current state. In order to model the infinite horizon decision problem, we construct a two player zero-sum game and propose a Nash Q-learning algorithm to solve for the optimal strategies of both players. Finally, simulations are provided to illustrate our results.

automation & control systems,operations research & management science

Kemi Ding,Yuzhe Li,Daniel E. Quevedo,Subhrakanti Dey,Ling Shi

DOI: https://doi.org/10.1016/j.automatica.2016.12.020

IF: 6.4

2017-04-01

Automatica

Abstract:This paper considers a cyber-physical system (CPS) under denial-of-service (DoS) attacks. The measurements of a sensor are transmitted to a remote estimator over a multi-channel network, which may be congested by a malicious attacker. Among these multiple communication paths with different characteristics and properties at each time step, the sensor needs to choose a single channel for sending data packets while reducing the probability of being attacked. In the meanwhile, the attacker needs to decide the target channel to jam under an energy budget constraint. To model this interactive decision-making process between the two sides, we formulate a two-player zero-sum stochastic game framework. A Nash Q-learning algorithm is proposed to tackle the computation complexity when solving the optimal strategies for both players. Numerical examples are provided to illustrate the obtained results.

Kaixuan Liu,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.1109/ccdc58219.2023.10326624

2023-01-01

Abstract:This paper studies the load frequency control problem of multi-area power systems under denial-of-service (DoS) attack and actuator failure. Bernoulli process is used to represent the stochastic DoS attack. A decentralized reliable control law is proposed. Based on the Lyapunov function, a sufficient condition is presented to ensure the bounded stability of closed-loop multiarea power systems and guarantee the existence of controller gain. Finally, simulation results are provided to demonstrate the effectiveness of the developed control strategy.

Huanhuan Yuan,Yuanqing Xia

DOI: https://doi.org/10.1016/j.ins.2018.04.082

IF: 8.1

2018-07-01

Information Sciences

Abstract:This paper is concerned with the design of resilient strategy for a class of cyber-physical system (CPS) under denial-of-service (DoS) attack. The DoS attack occurring in wireless network between sensor and remote estimation is considered. For the addressed CPS, a minimax control strategy is designed in the presence of DoS attack in delta domain under imperfect state measurements (IPSM). Then, a novel multi-channel transmission framework is constructed to reduce the probability of being attacked, where transmitter chooses a single channel to send data packet and meanwhile the DoS attacker decides a target channel to attack. Taking account of the control system performance, a two-player Markov stochastic game is built to model the interactive decision-making of both sides under energy budget constraints. Dynamic programming and value iteration methods are applied for the control strategy and power transmission strategy design, respectively. Numerical simulations are presented to illustrate the validity of the scheme.

computer science, information systems

Zhu Qiaohui,Liang Qipeng,Kang Yu,Zhao Yunbo

DOI: https://doi.org/10.52396/just-2020-1137

2021-01-01

JUSTC

Abstract:The strategy design and closed-loop stability of networked control systems under unbounded denial of service (DoS) attacks are probed. A multi-path switching protection strategy is firstly designed by noticing the usually available multiple paths in data communication networks. The strategy consists of a DoS attack detection module at the actuator side to identify DoS attacks from normal data packet dropouts, and a multi-path switching module at the sensor side to effectively switch the data transmission path when necessary. Then, the sufficient conditions for the closed-loop system being global mean square asymptotic stability are given, with a corresponding controller gain design method. Numerical examples illustrate the effectiveness of the proposed approach.

Yi-nan WANG,Yan-jun LIN,Huan LI,Zhi-yun LIN,Wen-yuan XU,Qiang YANG,Gang-feng YAN

DOI: https://doi.org/10.13195/j.kzyjc.2016.0311

2017-01-01

Abstract:Considering the influence of denial-of-service(DoS) attacks on electrical cyber physical systems(ECPSs), this paper studies the problem of vulnerability analysis and countermeasure synthesis for electrical network control systems under DoS attacks. Distributed control and its features are considered for the design of transmission paths of sensors and remote terminal units(RTUs) based on automatic voltage regulators(AVR) of synchronous generators. An algorithm is proposed for identifying and protecting vulnerable nodes and lines in electrical network control systems by solving a problem of optimum sparse matrix. Countermeasures of electrical communication networks under DoS attacks are further studied. The proposed algorithms are validated on the IEEE 9-node system. Spectific advice and defending strategies against cyber attacks are given according to the algorithms.

Yihe Wang,Bo Hu,Xiao Pan,Tingting Xu,Qiuye Sun

DOI: https://doi.org/10.1155/2022/5472137

IF: 3.12

2022-06-15

Computational Intelligence and Neuroscience

Abstract:With the integration and development of multiple disciplines, as well as a large amount of research on multilevel interconnection networks, wireless sensor networks have become a new access point and have attracted widespread attention worldwide. However, limited by the characteristics of the wireless sensor network itself, the energy problem has repeatedly restricted its function, which needs to be solved urgently. This paper mainly improves the Geographical and Energy-Aware Routing (GEAR) based on cyber-physical systems and energy-aware routing protocols, which reduces the resource consumption of network nodes, achieves network power balance, and further extends the system life cycle. Although the open sharing of the network layer makes CPS more efficient in actual use, it also increases the risks faced by CPS. Among these potential risks, cyberattacks have become the main security problem that CPS must solve with the greatest destructive power. Among them, Denial of Service (DoS) is the simplest and most destructive type of network attack. We can allow the system to reject normal requests for sending and receiving data using the network resources of the communication channel, thereby performing security control. From the perspective of control, this paper studies the security control of CPS in DOS attacks. Firstly, considering the diversity of CPS packet loss factors, assuming that there is an upper limit on the probability characteristics of the total number of packet loss development, the Markov process of inherent packet loss and the Markov process of DoS attack satisfying this constraint are analyzed, and the above two independent packet loss factors are described on this basis. Two independent packet loss factor descriptions are given in the following. In this paper, through the research of wireless sensor networks, it is applied to the cyber-physical system and the cyber-physical system is further improved.

mathematical & computational biology,neurosciences

Zhang Yifang,Wu Zhengguang,Wu Zongze,Meng Deyuan

DOI: https://doi.org/10.1007/s11432-020-3190-2

2022-01-01

Science China Information Sciences

Abstract:We develop the resilient observer-based event-triggered control update strategy in this paper.It is utilized to achieve the input-to-state stability(ISS) of cyber-physical systems(CPSs) when there is an asynchronous denial-of-service(DoS) attack, which is launched by malicious adversaries both on measurement channel and control channel in a random attack strategy. To estimate the unmeasurable states while saving the limited networked bandwidth, an H_∞ observer-based event-triggered control scheme is first designed to guarantee the ISS of CPSs with economic communication. Moreover, the occurrence of Zeno behavior can be eliminated by providing the existence of a lower positive bound of any two inter-event times. Then, a recursive model of asynchronous DoS attacks is introduced. A resilient control update strategy is proposed and further analyzed to derive the stability criterion of CPSs. At last, a numerical simulation example is given to demonstrate the effectiveness of the introduced control update policy.

Qingkai Meng,Andreas Kasis,Hao Yang,Marios M. Polycarpou

DOI: https://doi.org/10.1016/j.ejcon.2024.101037

IF: 2.649

2024-06-20

European Journal of Control

Abstract:This paper studies the problem of secure state estimation of networked switched systems in the presence of denial-of-service (DoS) attacks, as well as disturbances and measurement noise. Firstly, a state transformation rule is designed to partition the original system into two subsystems, facilitating the design of discrete and continuous state observers. Secondly, by modifying the traditional super-twisting sliding-mode method and taking into account the frequency and duration characteristics of DoS attacks, we employ dynamic differential properties between different modes to design a switching law identification strategy. We show that this strategy can accurately estimate the switching state without imposing any requirement on the switching times and sequences. Thirdly, based on the identified activated mode, a set of mode-dependent continuous state sliding-mode observers is designed, that achieves continuous state estimation in finite time. The practicality and applicability of the developed results are validated through numerical simulations.

automation & control systems

Siyi Wang,Yulong Gao,Sandra Hirche

2024-06-02

Abstract:Designing networked control systems that are reliable and resilient against adversarial threats, is essential for ensuring the security of cyber-physical systems. This paper addresses the communication-control co-design problem for networked control systems under denial-of-service (DoS) attacks. In the wireless channel, a transmission power scheduler periodically determines the power level for sensory data transmission. Yet DoS attacks render data packets unavailable by disrupting the communication channel. This paper co-designs the control and power scheduling laws in the presence of DoS attacks and aims to minimize the sum of regulation control performance and transmission power consumption. Both finite- and infinite-horizon discounted cost criteria are addressed, respectively. By delving into the information structure between the controller and the power scheduler under attack, the original co-design problem is divided into two subproblems that can be solved individually without compromising optimality. The optimal control is shown to be certainty equivalent, and the optimal transmission power scheduling is solved using a dynamic programming approach. Moreover, in the infinite-horizon scenario, we analyze the performance of the designed scheduling policy and develop an upper bound of the total costs. Finally, a numerical example is provided to demonstrate the theoretical results.

Systems and Control

Qi Ding,Lijian Sun,Xiaoyu Wang

DOI: https://doi.org/10.56028/aetr.8.1.703.2023

2023-12-07

Abstract:Big data technology is playing an increasingly important role in the safety evaluation of urban rail transit, which can help improve the safety and reliability of the transportation system. However, such a big data system will also become the target of attackers, especially in the face of DDoS attacks, its stability and availability may be greatly affected. Various attacks against the Internet have become a major concern among the many flaws of the contemporary Internet. Unfortunately, attacks against the Internet continue to grow more sophisticated, unpredictable, and unstoppable. At present, many researchers have devoted themselves to the research of DDoS defense solutions, and it is necessary to summarize the existing research on DDoS defense work and the technologies used in it. In this article, we introduce the process of DDoS attacks, and summarize the characteristics, mechanism and weaknesses of various DDoS attacks according to the network layer where the attack is located. Finally, defending against DDoS attacks is crucial to the big data-based urban rail transit security evaluation system. This paper summarizes the content of this paper and discusses some open issues in the field of network intrusion detection.

Zhuping Wang,Sheng Gao,Hao Zhang,Huaicheng Yan,Tenghui Li

DOI: https://doi.org/10.1109/tcns.2024.3372134

IF: 4.347

2024-01-01

IEEE Transactions on Control of Network Systems

Abstract:The energy allocation problem of malicious denial-of-service (DoS) attacks for state estimation in cyber-physical systems (CPSs) is investigated in this paper. An optimal energy allocation strategy for DoS attacks in CPSs under multi-sensor network fusion estimation is proposed. To describe the channel packet loss characteristic, a signal-to-interference-plus-noise ratio (SINR) model is introduced. Compared with the existing DoS attack strategies, the increase of the channel packet loss rate with the increase in energy injected by the attacker is considered. Meanwhile, the behavioral tendency of the attacker concerning the sensors with different parameters is taken into account, leveraging the additional sensing accuracy matrix. Moreover, the quantified relationship between the attacker and the remote estimator error covariance is derived and the optimal energy allocation strategy problem is transformed into a convex optimization problem to be solved. Finally, a simulation example is presented to verify the effectiveness of the proposed mechanism.

computer science, information systems,automation & control systems

Jiahu Qin,Menglin Li,Jie Wang,Ling Shi,Yu Kang,Wei Xing Zheng

DOI: https://doi.org/10.1016/j.automatica.2020.109090

IF: 6.4

2020-01-01

Automatica

Abstract:We consider a scenario in which a DoS attacker with the limited power resource and the purpose of degrading the system performance, jams a wireless network through which the packet from a sensor is sent to a remote estimator. To degrade the estimation quality most effectively with a given energy budget, the attacker aims to solve the problem of how much power to obstruct the channel each time, which is the recently proposed optimal attack energy management problem. The existing works are built on an ideal network model in which the packet dropout never occurs when the attack is absent. To encompass wireless transmission losses, we introduce the signal-to-interference-plus-noise ratio-based network. First we focus on the case when the attacker employs the constant power level. To maximize the expected terminal estimation error at the remote estimator, we provide some more relaxed sufficient conditions compared with the existing work for the existence of an explicit solution to the optimal static attack energy management problem and the solution is constructed. For the other important index of system performance, the average expected estimation error, the associated sufficient conditions are also derived based on a different analysis approach with the existing work. And a feasible method is presented for both indexes to seek the optimal constant attack power level when the system fails to meet the proposed sufficient conditions. Then when the real-time ACK information can be acquired, a Markov decision process (MDP) based algorithm is designed to solve the optimal dynamic attack energy management problem. We further study the optimal tradeoff between attack energy and system degradation. Specifically, by moving the energy constraint into the objective function to maximize the system index and minimize the energy consumption simultaneously, the other MDP based algorithm is proposed to find the optimal dynamic attack power policy which is further shown to have a monotone structure. The theoretical results are illustrated by simulations.

Jie Wang,Jiahu Qin,Menglin Li,Yang Shi

2020-01-01

Abstract: In this paper, we investigate remote state estimation against an intelligent denial-of-service (DoS) attack over a vulnerable wireless network whose channel undergoes attenuation and distortion caused by fading. We use the sensor to observe system states and transmit its local state estimates to the remote center. Meanwhile, the attacker injects a jamming signal to destroy the packet accepted by the remote center and causes the performance degradation. Most of the existing works are built on a time-invariant channel state information (CSI) model in which the channel fading is stationary. However, the wireless communication channels are more prone to dynamic changes. To capture this time-variant property in the channel quality of the real-world networks, we study the fading channel network whose channel model is characterized by a generalized finite-state Markov chain. With the goals of two players in infinite-time horizon, we describe the conflicting characteristic between the attacker and the sensor with a general-sum stochastic game. Moreover, the Q-learning techniques are applied to obtain an optimal strategy pair at a Nash equilibrium. Also the monotone structure of the optimal stationary strategy is constructed under a sufficient condition. Besides, when channel gain is known a priori, except for the full Channel State Information (CSI), we also investigate the partial CSI, where Bayesian games are employed. Based on the player's own channel information and the belief on the channel distribution of other players, the energy strategy at a Nash equilibrium is obtained.