Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/tcst.2015.2462741

IF: 4.8

2015-01-01

IEEE Transactions on Control Systems Technology

Abstract:Recently, many literature works have considered the security issues of wireless networked control system (WNCS). However, few works studied how the attacker should optimize its attack schedule in order to maximize the effect on the system performance due to the insufficiency of energy at the attacker side. This paper fills this gap from the aspect of control system performance. We consider the optimal jamming attack that maximizes the Linear Quadratic Gaussian (LQG) control cost function under energy constraint. After analyzing the properties of the cost function under an arbitrary attack schedule, we derive the optimal jamming attack schedule and the corresponding cost function. System stability under this optimal attack schedule is also considered. We further investigate the optimal attack schedule in a WNCS with multiple subsystems. Different examples are provided to demonstrate the effectiveness of the proposed optimal denial-of-service attack schedule.

Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/ACC.2014.6859422

2014-01-01

Abstract:Recently a flood of literature concerned on the security issues of wireless networked control system. However, it is still lack of investigation on how the attacker should optimize its attack schedule in order to maximize the effect on the system performance due to the insufficiency of energy at the attacker side. This paper fills this gap from the aspect of control system performance. Especially, this paper investigates the optimal jamming attack which maximizes the linear quadratic Gaussian control cost function under energy constraint. After analyzing the properties of the cost function under an arbitrary attack schedule, we derive the optimal jamming attack schedule and the corresponding cost function. System stability under this optimal attack schedule is also considered. Different examples are provided to demonstrate the effectiveness of the proposed optimal jamming schedule.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tpwrs.2022.3229667

IF: 7.326

2022-01-01

IEEE Transactions on Power Systems

Abstract:In cyber-physical power systems (CPPSs), additional control as the compensating control plays a very important part in load frequency control (LFC) systems. The additional control in the LFC system is constrained by limited communication resources and cyber-attacks, which may cause performance degradation or destabilize the system. Accordingly, this paper proposes resilient event-triggered LFC for CPPSs with an additional control loop under denial-of-service (DoS) attacks. Firstly, a resilient event-triggered communication scheme is presented to reduce the occupation of communication resources under DoS attacks in the additional control loop. Then, different from existing event-triggered LFC systems, this paper establishes a novel switched LFC system model, where the resilient event generator is integrated into an additional control loop when suffering from DoS attacks. It is the first time that the additional control loop of the LFC system simultaneously considers communication resources and cyber-security. Furthermore, we derive exponential stabilization criteria by applying the Lyapunov stability theory based on the established model. Criteria are derived to obtain the weighting matrix and controller gain simultaneously by applying the linear matrix inequality technique. Finally, a one-area and two multi-area CPPSs with the additional control loop under DoS attacks are used to testify the availability of the proposed resilient event-triggered LFC scheme.

Liyuan Yin,Lezhong Xu,Fusheng Hou,Hongming Zhu,Houhua Jing,Xingjian Sun,Chengwei Wu

DOI: https://doi.org/10.1109/jiot.2023.3319703

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:This paper is focused on security analysis and control problems of cyber-physical systems under denial-of-service (DoS) attacks, which jam the controller-actuator channel. Considering the limited attack energy of malicious adversaries, DoS attacks are described by a periodic model. Different from existing results, both the security analysis and secure controller design problems are addressed based on the characteristics of DoS attack model rather than utilizing the switching system theory to solve the aforementioned problems. Firstly, sufficient conditions are derived to ensure that the resultant closed-loop cyber-physical system under DoS attacks can preserve the exponential stability, and the critical value of the attack period is derived, below which the stability is deteriorated. Secondly, the relation between our proposed conditions and reinforcement learning based control is established, based on which the security of reinforcement learning based control can be evaluated effectively. Lastly, both DoS attacks and external disturbances are considered in a unified framework, and sufficient conditions are proposed to evaluate the security of the closed-loop cyber-physical systems and design a secure controller. Finally, a mobile robot is adopted to validate the efficacy of the proposed methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenhai Qi,Huaichao Yin,Ju H. Park,Zheng-Guang Wu,Huaicheng Yan

DOI: https://doi.org/10.1109/tits.2024.3432919

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:This study concentrates on the finite-time protocol-based stabilization for networked unmanned marine vehicle (UMV) systems with denial-of-service (DoS) attacks. To save limited communication resources, a novel event-driven protocol is proposed, in which $Q$ -learning mechanism is adopted to adjust the threshold of the driven condition intelligently. In light of aperiodic DoS attacks, the corresponding switched system is constructed in light of the average dwell time strategy. Employing switching Lyapunov functional, sufficient conditions are made for finite-time boundedness of the UMV systems with disturbance, respectively, in which the relationship among the DoS parameter, the triggered parameter, the finite-time parameter, and the sampling period is accurately characterized. Moreover, the co-design approach of driven parameter and controller gain is proposed for the corresponding UMV systems. Finally, the benchmark UMV systems are shown to verify the effectiveness of the proposed strategy.

Songlin Hu,Xiaohua Ge,Wei Zhang,Dong Yue

DOI: https://doi.org/10.1109/tifs.2024.3361159

IF: 7.231

2024-02-17

IEEE Transactions on Information Forensics and Security

Abstract:This paper is concerned with a resilient load frequency control (LFC) of multi-area power systems subject to unknown load disturbances and intermittent denial-of-service (DoS) attacks. The central aim is to develop a feasible and less conservative DoS-resilient LFC scheme that constrains jammer's actions as less as possible and explores available attack information as much as possible in desired analysis and design criteria. Towards this aim, we first present a partially known DoS model that bounds merely the DoS-on durations. We then elaborate a sampled-data-based transmission paradigm which characterizes explicitly the uniform sampling instants and intermittent DoS-on and -off instants as well as the nonuniform arriving instants of the transmitted system data. Furthermore, we develop a novel attack-parameter-dependent Lyapunov functional to establish less conservative conditions for both stability analysis and controller design. It is shown that the exponential stability of the resultant closed-loop LFC system can be guaranteed, while also preserving both the desired minimum sleeping rate of DoS attacks and the prescribed performance index against changing load disturbances. Finally, several case studies of a three-area power system are provided to verify the effectiveness and superiority of the derived theoretical results.

computer science, theory & methods,engineering, electrical & electronic

Zhang Yifang,Wu Zhengguang,Wu Zongze,Meng Deyuan

DOI: https://doi.org/10.1007/s11432-020-3190-2

2022-01-01

Science China Information Sciences

Abstract:We develop the resilient observer-based event-triggered control update strategy in this paper.It is utilized to achieve the input-to-state stability(ISS) of cyber-physical systems(CPSs) when there is an asynchronous denial-of-service(DoS) attack, which is launched by malicious adversaries both on measurement channel and control channel in a random attack strategy. To estimate the unmeasurable states while saving the limited networked bandwidth, an H_∞ observer-based event-triggered control scheme is first designed to guarantee the ISS of CPSs with economic communication. Moreover, the occurrence of Zeno behavior can be eliminated by providing the existence of a lower positive bound of any two inter-event times. Then, a recursive model of asynchronous DoS attacks is introduced. A resilient control update strategy is proposed and further analyzed to derive the stability criterion of CPSs. At last, a numerical simulation example is given to demonstrate the effectiveness of the introduced control update policy.

Xiao Cai,Kaibo Shi,Kun She,Shouming Zhong,Shiping Wen,Yuanlun Xie

DOI: https://doi.org/10.1051/sands/2023016

2023-06-20

Security and Safety

Abstract:This study focuses on the networked control systems (NCSs) under Denial of Service (DoS) attacks with periodicity and attack intensity. A DoS attack with attack strength is studied, which has important research significance for establishing a suitable defense mechanism. First, the construction of appropriate Lyapunov-Krasovskii functionals (LKFs) can reduce the constraints of the basic conditions and help lower the criterion's conservatism. Then, the selection problem of the trigger threshold is transformed into an optimization problem with constraints, and the gradient descent algorithm (GDA) is used to select the trigger threshold to save sampling resources better. Next, an intelligent event-triggered controller (IETC) is designed to ensure the safe operation of the system under DoS attacks. Finally, the correctness of the method is verified through the experiment of the autonomous ground vehicle (AGV) system based on the Simulink platform.

Kaixuan Liu,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.1109/ccdc58219.2023.10326624

2023-01-01

Abstract:This paper studies the load frequency control problem of multi-area power systems under denial-of-service (DoS) attack and actuator failure. Bernoulli process is used to represent the stochastic DoS attack. A decentralized reliable control law is proposed. Based on the Lyapunov function, a sufficient condition is presented to ensure the bounded stability of closed-loop multiarea power systems and guarantee the existence of controller gain. Finally, simulation results are provided to demonstrate the effectiveness of the developed control strategy.

Ziwen Sun,Yanfei Qin,Weifeng Xue,Kangxi Zhuang,Xianling Lu

DOI: https://doi.org/10.1002/asjc.2990

IF: 2.4

2022-11-30

Asian Journal of Control

Abstract:To solve the security problem of industrial cyber‐physical systems (ICPS) suffering from the Denial of Service (DoS) attack, this paper proposes an optimal control strategy with functions of tracking and compensation control. The system model, being depicted as a discrete linear time‐invariant system combined with an improved Bernoulli model, is established to describe the system under DoS attacks by using the feedback control theory. The optimal control strategy is completed by designing linear quadratic Gaussian (LQG) controller consisting of a tracking regulator and a Kalman filter to achieve tracking control of ICPS whose equilibrium state is neither zero state nor zero output, where a periodic event‐triggered mechanism is adopted for ensuring the system's stability. The compensation control strategy is completed by designing a compensator to compensate the system to a certain extent through the multistep state prediction compensation strategy after a DoS attack being detected, where the χ2 detector is adopted to detect the DoS attack based on the measurement residual obtained by the Kalman filter. The simulation test is conducted by using Simulink/True Time tool with a ball‐beam system as the physical object, whose results show that the tracking regulator can achieve the tracking control of ICPS; compensation strategy can reduce the impact of the attack on the system to a certain extent.

automation & control systems

Lili Zhang,Wei-Wei Che,Chao Deng,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tsmc.2022.3221371

2023-01-01

Abstract:This article investigates the prescribed performance security control problem for nonlinear systems subject to denial-of-service (DoS) attacks. An attack compensator is adopted to model the unavailable output signal when the attack is active. Based on the designed attack compensator, a fuzzy estimator is developed to approximate the unmeasurable state variables. Further, a security tracking control method is proposed by combining the fuzzy estimator and the novel attack-dependent barrier Lyapunov function. It can steer the tracking errors to the predetermined neighborhood around the origin in the predefined settling time. Meanwhile, all the closed-loop signals are bounded under DoS attacks. Compared with the existing conclusions with DoS attacks, the tracking accuracy and the time of achieving the tracking can be given in advance. Finally, two comparison simulations verify the validity of the designed security controller.

Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/cdc.2013.6760746

2013-01-01

Abstract:Security of Cyber-Physical System (CPS) has gained increasing attention in recent years. Most existing works mainly investigate the system performance given the attacking patterns. In this paper, we investigate how the attacker should design its DoS attacking policy so that the system performance can be deteriorated as much as possible. Specifically, we consider the scenario where a sensor sends its data to a remote estimator through a wireless channel for state estimation, while an attacker decides whether to jam the channel at each sampling time. For two typical system performance indexes, i.e., the expected average estimation error and the expected terminal estimation error, we construct optimal attack scheduling schemes, respectively. We also propose the optimal attack schedules to avoid the given intruder detection mechanism. Numerical examples are presented to demonstrate the effectiveness of our results.

Yihe Wang,Bo Hu,Xiao Pan,Tingting Xu,Qiuye Sun

DOI: https://doi.org/10.1155/2022/5472137

IF: 3.12

2022-06-15

Computational Intelligence and Neuroscience

Abstract:With the integration and development of multiple disciplines, as well as a large amount of research on multilevel interconnection networks, wireless sensor networks have become a new access point and have attracted widespread attention worldwide. However, limited by the characteristics of the wireless sensor network itself, the energy problem has repeatedly restricted its function, which needs to be solved urgently. This paper mainly improves the Geographical and Energy-Aware Routing (GEAR) based on cyber-physical systems and energy-aware routing protocols, which reduces the resource consumption of network nodes, achieves network power balance, and further extends the system life cycle. Although the open sharing of the network layer makes CPS more efficient in actual use, it also increases the risks faced by CPS. Among these potential risks, cyberattacks have become the main security problem that CPS must solve with the greatest destructive power. Among them, Denial of Service (DoS) is the simplest and most destructive type of network attack. We can allow the system to reject normal requests for sending and receiving data using the network resources of the communication channel, thereby performing security control. From the perspective of control, this paper studies the security control of CPS in DOS attacks. Firstly, considering the diversity of CPS packet loss factors, assuming that there is an upper limit on the probability characteristics of the total number of packet loss development, the Markov process of inherent packet loss and the Markov process of DoS attack satisfying this constraint are analyzed, and the above two independent packet loss factors are described on this basis. Two independent packet loss factor descriptions are given in the following. In this paper, through the research of wireless sensor networks, it is applied to the cyber-physical system and the cyber-physical system is further improved.

mathematical & computational biology,neurosciences

Junhui Zhang,Jitao Sun

DOI: https://doi.org/10.1016/j.sysconle.2019.104546

2019-11-01

Abstract:Recent years have illustrated the soaring importance of security issues of cyber-physical systems (CPSs). In this paper, we consider the remote state estimation of a CPS while subject to denial-of-service (DoS) attacks. A number of sensors monitor different linear dynamical systems and transmit the measurements to a remote estimator through a multi-channel network that may suffer corruption due to an intelligent attacker. Both sensors and the attacker have energy constraints. At each time-step, sensors select which channel to transmit over while the attacker chooses which channel to congest. Both sides select strategies based on the current state. In order to model the infinite horizon decision problem, we construct a two player zero-sum game and propose a Nash Q-learning algorithm to solve for the optimal strategies of both players. Finally, simulations are provided to illustrate our results.

automation & control systems,operations research & management science

Peng Zhang,Huanzhao Wang,Chengchen Hu,Chuang Lin

DOI: https://doi.org/10.1109/mnet.2016.1600109nm

IF: 10.294

2016-01-01

IEEE Network

Abstract:Software defined networking greatly simplifies network management by decoupling control functions from the network data plane. However, such a decoupling also opens SDN to various denial of service attacks: an adversary can easily exhaust network resources by flooding short-lived spoofed flows. Toward this issue, we present a comprehensive study of DoS attacks in SDN, and propose multi-layer fair queueing (MLFQ), a simple but effective DoS mitigation method. MLFQ enforces fair sharing of an SDN controller's resources with multiple layers of queues, which can dynamically expand and aggregate according to controller load. Both testbed-based and emulation-based experiments demonstrate the effectiveness of MLFQ in mitigating DoS attacks targeted at SDN controllers.

Jie Wang,Jiahu Qin,Menglin Li,Yang Shi

2020-01-01

Abstract: In this paper, we investigate remote state estimation against an intelligent denial-of-service (DoS) attack over a vulnerable wireless network whose channel undergoes attenuation and distortion caused by fading. We use the sensor to observe system states and transmit its local state estimates to the remote center. Meanwhile, the attacker injects a jamming signal to destroy the packet accepted by the remote center and causes the performance degradation. Most of the existing works are built on a time-invariant channel state information (CSI) model in which the channel fading is stationary. However, the wireless communication channels are more prone to dynamic changes. To capture this time-variant property in the channel quality of the real-world networks, we study the fading channel network whose channel model is characterized by a generalized finite-state Markov chain. With the goals of two players in infinite-time horizon, we describe the conflicting characteristic between the attacker and the sensor with a general-sum stochastic game. Moreover, the Q-learning techniques are applied to obtain an optimal strategy pair at a Nash equilibrium. Also the monotone structure of the optimal stationary strategy is constructed under a sufficient condition. Besides, when channel gain is known a priori, except for the full Channel State Information (CSI), we also investigate the partial CSI, where Bayesian games are employed. Based on the player's own channel information and the belief on the channel distribution of other players, the energy strategy at a Nash equilibrium is obtained.

Zhiwen Wang,Long Li,Hongtao Sun,Chaoqun Zhu,Xiangnan Xu

DOI: https://doi.org/10.1109/access.2019.2959083

IF: 3.9

2019-01-01

IEEE Access

Abstract:This paper focuses on dynamic output feedback control of Cyber-Physical Systems (CPS) under Denial-of-Service (DoS) attacks. Firstly, by analyzing the different effects of DoS attacks on the sensor-to-controller (S-C) channel and the controller-to-actuator(C-A) channel respectively, a switching system modeling method for the dynamic output feedback CPS is presented. Considering the bandwidth of the two channels is different and the energy limitation of the attacker, it is fair to assume that an attacker can only jam one communication channel at each time step and the maximum number of consecutive DoS attacks is bounded. Secondly, according to a packet-based transmission scheme, a nested switching model considering both the spatial variability and the temporal persistence of DoS attacks is constructed on the basis of the switching system. Then, the exponential stability condition of the dynamic output feedback CPS is obtained, and a controller design method based on linear matrix inequality is proposed. Finally, a simulation example is given to verify the effectiveness of the proposed method.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yunhan Huang,Zehui Xiong,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.2012.02384

2021-04-07

Abstract:This work establishes a game-theoretic framework to study cross-layer coordinated attacks on cyber-physical systems (CPSs). The attacker can interfere with the physical process and launch jamming attacks on the communication channels simultaneously. At the same time, the defender can dodge the jamming by dispensing with observations. The generic framework captures a wide variety of classic attack models on CPSs. Leveraging dynamic programming techniques, we fully characterize the Subgame Perfect Equilibrium (SPE) control strategies. We also derive the SPE observation and jamming strategies and provide efficient computational methods to compute them. The results demonstrate that the physical and cyber attacks are coordinated and depend on each other. On the one hand, the control strategies are linear in the state estimate, and the estimate error caused by jamming attacks will induce performance degradation. On the other hand, the interactions between the attacker and the defender in the physical layer significantly impact the observation and jamming strategies. Numerical examples illustrate the interactions between the defender and the attacker through their observation and jamming strategies.

Systems and Control,Cryptography and Security

Jiahu Qin,Menglin Li,Ling Shi,Xinghuo Yu

DOI: https://doi.org/10.1109/tac.2017.2756259

IF: 6.549

2017-01-01

IEEE Transactions on Automatic Control

Abstract:The recent years have seen a surge of security issues of cyber-physical systems (CPS). In this paper, denial-of-service (DoS) attack scheduling is investigated in depth. Specifically, we consider a system where a remote estimator receives the data packet sent by a sensor over a wireless network at each time instant, and an energy-constrained attacker that cannot launch DoS attacks all the time designs the optimal DoS attack scheduling to maximize the attacking effect on the remote estimation performance. Most of the existing works concerning DoS attacks focus on the ideal scenario in which data packets can be received successfully if there is no DoS attack. To capture the unreliability nature of practical networks, we study the packet-dropping network in which packet dropouts may occur even in the absence of attack. We derive the optimal attack scheduling scheme that maximizes the average expected estimation error, and the one which maximizes the expected terminal estimation error over packet-dropping networks. We also present some countermeasures against DoS attacks, and discuss the optimal defense strategy, and how the optimal attack schedule can serve for more effective and resource-saving countermeasures. We further investigate the optimal attack schedule with multiple sensors. The optimality of the theoretical results is demonstrated by numerical simulations.