Hao Liu,Yuzhe Li,Qing-Long Han,Tarek Rassi,Tarek Ra

DOI: https://doi.org/10.1109/tac.2022.3184396

IF: 6.549

2022-01-01

IEEE Transactions on Automatic Control

Abstract:In this article, a novel proactive attack defense strategy is proposed to deal with the secure remote estimation issue in cyber-physical systems with unknown-but-bounded noises in the presence of man-in-the-middle attacks. It is assumed that the residue calculated by the smart sensor is sent to the remote estimator and the abnormal intrusion detector via a wireless network, and the watermark is assumed to belong to a zonotope. In order to guarantee the detection rate, the data processes and the watermark are time-varying and secret to an adversary. Moreover, the effect on system performance caused by the watermark can be removed when the system is attack free. Furthermore, four different attack scenarios are discussed to analyze the detection ability of the proposed defense approach, and the designed strategy can be applied to detect replay attacks. Finally, an unmanned aircraft system subject to malicious attacks is leveraged to illustrate the effectiveness of the proposed proactive defense strategy.

automation & control systems,engineering, electrical & electronic

Jiayu Zhou,Wen Yang,Wenjie Ding,Wei Xing Zheng,Yong Xu

DOI: https://doi.org/10.1109/tac.2022.3171422

IF: 6.549

2022-01-01

IEEE Transactions on Automatic Control

Abstract:This article studies the security of distributed state estimation under data integrity attacks. Each sensor is equipped with a KullbackLeibler (KL) divergence detector to diagnose the authenticity of the received data. A necessary and sufficient condition for the insecurity of the distributed estimator is derived, in which the stealthy attack can evade the detector and degrade the estimation performance. Furthermore, an algorithm is proposed to generate stealthy attack sequences. To overcome the vulnerability, a data transmission strategy based on watermarking is proposed. The effect of the watermarking parameters on the attack in different scenarios is subsequently analyzed. It is proved that the KL divergence detector can effectively distinguish the stealthy attack with the help of the proposed strategy, thereby ensuring the security of the distributed state estimator. Compared with traditional encryption mechanisms, the proposed strategy neither increases the computational complexity nor sacrifices the estimation performance in the absence of attacks. A simulation example is presented to demonstrate the effectiveness of the developed approach.

automation & control systems,engineering, electrical & electronic

Jiayu Zhou,Wenjie Ding,Wen Yang

DOI: https://doi.org/10.1109/tifs.2022.3175617

IF: 7.231

2022-05-27

IEEE Transactions on Information Forensics and Security

Abstract:This paper studies the defense strategy of remote state estimation under deception attacks. In order to prevent the stealthy attacker from reducing the estimation performance without triggering an alarm, an encoding-decoding mechanism combining linear transformation and artificial noise is proposed. Moreover, the detection performance under three different attack scenarios is analyzed. It is proved that the false data detector can effectively identify the attack or weaken its impact on the system under the proposed strategy, so as to ensure the security of the system. From the perspective of an attacker, an algorithm that can deduce the approximate values of the encoding parameters is also provided, which reveals how the magnitude of the artificial noise affects the accuracy of the attacker's inference. Finally, a simulation example is presented to verify the effectiveness of the developed approach.

computer science, theory & methods,engineering, electrical & electronic

Jiaxuan Zhang,Alexander J. Gallo,Riccardo M. G. Ferrari

2023-09-06

Abstract:Watermarking is a promising active diagnosis technique for detection of highly sophisticated attacks, but is vulnerable to malicious agents that use eavesdropped data to identify and then remove or replicate the watermark. In this work, we propose a hybrid multiplicative watermarking (HMWM) scheme, where the watermark parameters are periodically updated, following the dynamics of the unobservable states of specifically designed piecewise affine (PWA) hybrid systems. We provide a theoretical analysis of the effects of this scheme on the closed-loop performance, and prove that stability properties are preserved. Additionally, we show that the proposed approach makes it difficult for an eavesdropper to reconstruct the watermarking parameters, both in terms of the associated computational complexity and from a systems theoretic perspective.

Systems and Control,Cryptography and Security,Multimedia

Peng Cheng,Zeyu Yang,Jiming Chen,Yifei Qi,Ling Shi

DOI: https://doi.org/10.1109/tac.2019.2956021

IF: 6.549

2020-10-01

IEEE Transactions on Automatic Control

Abstract:Security issues in cyber-physical systems (CPSs) have gained increasing attention in recent years due to the importance and unavoidable vulnerability of CPSs. This article focuses on designing an intelligent online attack, which can compromise a sensor, eavesdrop measurements, and inject false feedback information, against remote state estimation. From the viewpoint of the attacker, we design an event-based attack strategy to degrade the estimation quality with an arbitrary communication rate stealthy constraint. The approximate minimum mean-squared error estimation algorithm from the viewpoint of the attacker is derived under a Gaussian assumption. Furthermore, the relation between the attack threshold and the scheduling threshold is obtained in a closed form. We show that the mean-squared stability condition of the estimation is weakened under the attack. Two examples are provided to demonstrate the main results.

automation & control systems,engineering, electrical & electronic

Sean Weerakkody,Yilin Mo,Bruno Sinopoli

DOI: https://doi.org/10.1109/cdc.2014.7039974

2014-01-01

Abstract:Ensuring the security of control systems against integrity attacks is a major challenge. Due to the events of Stuxnet, replay attacks in particular have been considered by the research community. Replaying previous measurements of a system in steady state allows an adversary to generate statistically correct virtual outputs which can bypass traditional detectors. The adversary can then inject destabilizing inputs to cause damage to the plant. The method of injecting secret noisy control inputs, or physical watermarking, has recently been proposed to detect replay attacks. However, the proposed watermarking design methods assume that the adversary does not use his potential access to real time communication channels to create stealthy virtual outputs to send to the defender. In this paper, we formulate an attack model for an adversary who uses knowledge of the system as well as access to a subset of real time control inputs and sensor outputs to construct stealthy virtual outputs. A robust physical watermark and detector to counter such an adversary is proposed.

Yujiao Lv,Jianquan Lu,Yang Liu,Lingzhong Zhang

DOI: https://doi.org/10.1016/j.ins.2023.118964

IF: 8.1

2023-05-04

Information Sciences

Abstract:Network attacks always threaten economic operations and personal privacy, which have resulted in severe and irreparable damage. Therefore, the investigation of network attacks is essential for network security. This paper concentrates on designing two stealthy attack strategies for remote state estimation with intermittent observations, where the attackers can select one of the designed stealthy attack strategies depending on their capabilities, available resources, and information. Furthermore, for real-time communication rates, a novel detector is introduced to determine if the system is compromised by attackers at each moment. Then, an algorithm for state estimation is derived under the proposed stealthy attack strategies. Furthermore, the attack parameters in the proposed attack strategies are discussed by applying linear matrix inequalities. Finally, a numerical example illustrates the effects of the detector and attack strategies.

computer science, information systems

Ying Liu,Chunguang Li

DOI: https://doi.org/10.1109/taes.2018.2803578

IF: 3.491

2018-01-01

IEEE Transactions on Aerospace and Electronic Systems

Abstract:The problem of distributed estimation over wireless sensor networks in an adversarial environment with the presence of attacks on sensed and communicated information is considered. To tackle with this problem, a secure diffusion least-mean squares (S-dLMS) algorithm is proposed. The proposed S-dLMS can be considered as a hybrid system, which consists of a noncooperative LMS (nc-LMS) subsystem and a diffusion LMS (dLMS) subsystem. The nc-LMS subsystem is used to provide a reliable reference estimate, which is further used for constructing the threshold test to detect the trust neighbors of each node. Then, based on the detected secure network topology, the dLMS subsystem is performed by combining the received information from the trust neighbors. The performance of the proposed S-dLMS algorithm in the mean and mean-square senses is analyzed, and then an adaptive rule is suggested to select the threshold for detection. Finally, some simulations are performed to show the effectiveness of the proposed S-dLMS algorithm under fixed and time-varying attacks, respectively.

Pedro Hespanhol,Matthew Porter,Ram Vasudevan,Anil Aswani

DOI: https://doi.org/10.48550/arXiv.1709.08617

2017-09-26

Abstract:Watermarking can detect sensor attacks in control systems by injecting a private signal into the control, whereby attacks are identified by checking the statistics of the sensor measurements and private signal. However, past approaches assume full state measurements or a centralized controller, which is not found in networked LTI systems with subcontrollers. Since generally the entire system is neither controllable nor observable by a single subcontroller, communication of sensor measurements is required to ensure closed-loop stability. The possibility of attacking the communication channel has not been explicitly considered by previous watermarking schemes, and requires a new design. In this paper, we derive a statistical watermarking test that can detect both sensor and communication attacks. A unique (compared to the non-networked case) aspect of the implementing this test is the state-feedback controller must be designed so that the closed-loop system is controllable by each sub-controller, and we provide two approaches to design such a controller using Heymann's lemma and a multi-input generalization of Heymann's lemma. The usefulness of our approach is demonstrated with a simulation of detecting attacks in a platoon of autonomous vehicles. Our test allows each vehicle to independently detect attacks on both the communication channel between vehicles and on the sensor measurements.

Optimization and Control,Systems and Control

Heng Zhang,Peng Cheng,Junfeng Wu,Ling Shi,Jiming Chen

DOI: https://doi.org/10.3182/20140824-6-za-1003.02668

2014-01-01

IFAC Proceedings Volumes

Abstract:Security issue has become a new hotspot in cyber-physical systems (CPS) research field in recent years due to the vulnerability of CPS to security threats. This paper focuses on stealthy deception attack in remote state estimation, which is one typical attack in CPS. From the standpoint of deception attacker, we investigates how to design proper deception attack strategy to degrade the state estimation quality with communication rate constraint. We design an online attack strategy and prove that the proposed attack strategy can degrade the estimation quality. To study the effectiveness of the proposed strategy, we analyze the cost deviation, which depicts the difference between the estimation quality with and without the proposed attack strategy. Our results show that the cost deviation will be maximum when the communication rate is 0.75. A numerical example is presented to demonstrate the main results.

Qianmei Wu,Fan Zhang,Shize Guo,Kun Yang,Haoting Shen

DOI: https://doi.org/10.1109/tc.2024.3416682

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:As a common defense against side-channel attacks, random delay insertion introduces noise into the executive flow of encryption, which increases attack complexity. Accordingly, various techniques are exploited to mitigate the defense effect of such insertions. As an advanced mathematical technique, wavelet analysis is considered to be a more effective technology according to its detailed and comprehensive interpretation of signals. In this paper, we propose a unified and fully automated wavelet-based attack framework (denoted as UWAF), whose data processing is kept within one unified wavelet domain, with three enhanced components: denoising, alignment and key extraction. We put forward a new idea of combining machine learning with wavelet analysis to realize the full automation of the program for attack framework, rendering it possible to search exhaustively for the optimal combination of parameter settings in wavelet transform. Our proposal finds a new setting of wavelet parameters that have not been exploited ever before and achieves the performance enhancement for about 20 times fewer traces required for successful key recovery. UWAF is compared with several mainstream attack frameworks. Experimental results show that it outperforms those counterparts, and can be considered as an effective framework-level solution to defeat the countermeasure of random delay insertion.

Mengxiang Liu,Xin Zhang,Hengye Zhu,Zhenyong Zhang,Ruilong Deng

DOI: https://doi.org/10.1109/tifs.2024.3447235

IF: 7.231

2024-09-04

IEEE Transactions on Information Forensics and Security

Abstract:The physics-aware watermarking-based detection method has shown great potential in detecting stealthy False Data Injection Attacks (FDIAs) by adding appropriate watermarks to control commands or sensor measurements, especially in industrial control systems and grid-tied Distributed Energy Resources (DERs). However, existing watermarking-based detection methods have limitations in either handling the intricate physical couplings among DERs or characterising the fast changing power electronics dynamics, and thus cannot be directly applied to microgrids. Inspired by the methodology of Unknown Input Observer (UIO), which can be employed for the distributed anomaly monitoring in cyber-physical microgrids but would be easily bypassed once the adversary has the knowledge of certain electrical parameters, this paper makes the first attempt to investigate the physics-aware watermarking embedded in UIOs such that the stealthy FDIAs would be intentionally disrupted by the watermarking scheme. Based on the theoretical analysis of the detection enhancement and performance degradation under watermarking-enhanced UIOs, the watermark strengths, UIO parameters, and control gains are optimally co-designed to significantly enhance the detection effectiveness while not degrading the control performance. The robustness of the watermarking-enhanced UIO to Time Synchronisation Errors (TSEs) is improved by employing a sliding time window with appropriate length. The performance of the proposed method is validated through Matlab/Simulink studies and cyber-physical co-simulation experiments, and the sensitivities of the detection latency and TSE robustness to watermark strength and detection window's length are comprehensively studied.

computer science, theory & methods,engineering, electrical & electronic

Yifei Qi,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/CDC.2015.7403297

2015-01-01

Abstract:Security issues in Cyber-Physical Systems (CPS) have gained increasing attention in recent years due to the vulnerability of CPS to cyber attack. This paper focuses on designing an intelligent online attack, which can compromise a sensor, eavesdrop measurements and inject false feedback information, against remote state estimation. From the viewpoint of the attacker, we design an event-based attack strategy to degrade the estimation quality with arbitrary communication rate constraint. The approximate minimum mean-squared error estimation algorithm at the attacker side is derived under the Gaussian assumption. Furthermore, the relation between the attack threshold and the scheduling threshold is obtained in a closed form. Two examples are provided to demonstrate the main results.

Jiacheng Tang,Jiguo Song,Abhishek Gupta

DOI: https://doi.org/10.48550/arXiv.2111.04952

2021-11-09

Abstract:Dynamic watermarking, as an active intrusion detection technique, can potentially detect replay attacks, spoofing attacks, and deception attacks in the feedback channel for control systems. In this paper, we develop a novel dynamic watermarking algorithm for finite-state finite-action Markov decision processes and present upper bounds on the mean time between false alarms, and the mean delay between the time an attack occurs and when it is detected. We further compute the sensitivity of the performance of the control system as a function of the watermark. We demonstrate the effectiveness of the proposed dynamic watermarking algorithm by detecting a spoofing attack in a sensor network system.

Systems and Control

Hao Liu,Yewei Zhang,Yuzhe Li,Ben Niu

DOI: https://doi.org/10.1016/j.automatica.2023.111163

IF: 6.4

2023-06-29

Automatica

Abstract:In this paper, the attack detection problem is investigated for cyber–physical systems (CPSs) with unknown-but-bounded (UBB) noises. A new hybrid proactive detection scheme is proposed to detect stealthy attacks by combining watermarking and moving target (MT). The designed abnormal detector is based on the residual of the zonotopic observer which can be utilized to estimate states of the system with UBB noises. We prove that the approach proposed in this work does not introduce any performance loss in the absence of attacks. The proposed active detection framework can be employed to detect various types of attacks, such as denial-of-service (DoS), replay and covert attacks. Finally, numerical examples are provided to demonstrate the effectiveness of the proposed methods.

automation & control systems,engineering, electrical & electronic

Zhe-Ming Lu,Xin-Wu Liao

2006-01-01

Abstract:In this paper, we present two attacking methods aiming at two robust water- marking schemes respectively. It is shown that these two robust watermarking schemes have some security problems and are vulnerable to the counterfeiting attack. Specifi- cally, given a watermarked image, one can make a statistical analysis on it to estimate the key parameters used for watermark insertion and forge the corresponding watermark into another image without knowing the secret key and even without explicitly knowing the watermark. In the simulation experiment, we successfully implement the attacks on these two robust watermarking schemes and demonstrate the effectiveness of the proposed counterfeiting attacking schemes.

Tao Chen,Lei Wang,Zhitao Liu,Wenhai Wang,Hongye Su

DOI: https://doi.org/10.23919/acc55779.2023.10155923

2023-01-01

Abstract:This paper proposes an attack strategy for remote estimators in cyber-physical systems. In contrast with the common approaches by maximizing the state estimation difference and estimation error covariance of a remote estimator, we consider the scenario where attackers expect to regulate the estimation error to the value arbitrarily defined by attackers, which not only enables attackers to release attacks of different intensities according to their intentions, but also reduces the possibility detected by the amplitude detector and the human monitor. By taking advantage of the dynamic programming, an explicit expression of the optimal attack sequence is derived, and its convergence and feasibility are analyzed. Finally, simulation results are presented to validate the effectiveness of the proposed strategy.

Hanxiao Liu,Yilin Mo,Jiaqi Yan,Lihua Xie,Karl H. Johansson

DOI: https://doi.org/10.1109/cdc.2018.8619632

IF: 6.549

2020-01-01

IEEE Transactions on Automatic Control

Abstract:This article considers the problem of designing physical watermark signals in order to optimally detect possible replay attack in a linear time-invariant system, under the assumption that the system parameters are unknown and need to be identified online. We first provide a replay attack model, where an adversary replays the previous sensor data in order to fool the system. A physical watermarking scheme, which leverages a random input as a watermark to detect the replay attack, is then introduced. The optimal watermark signal design problem is cast as an optimization problem, which aims to achieve the optimal trade-off between control performance and intrusion detection. An online watermarking design and system identification algorithm is provided to deal with systems with unknown parameters. We prove that the proposed algorithm converges to the optimal one and characterize the almost sure convergence rate. An industrial process example is provided to illustrate the effectiveness of the proposed strategy.

Shuyu Jia,Qinglai Guo

DOI: https://doi.org/10.1109/jiot.2023.3332366

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The real-time control of modern power systems faces cyber risks owing to the deep coupling of cyber systems and physical systems. Attack detection plays an important role in cybersecurity issues. In load frequency control systems, for example, detecting whether malicious data are injected guarantees the stability of the frequency. As an effective active attack detection algorithm, the dynamic watermarking algorithm faces challenge of parameter uncertainty in real-world applications. Here, we quantitatively analyze the influence of uncertain parameters for the dynamic-watermarking-based detection algorithm. By introducing the parameter identification algorithm, we propose an active attack detection framework for LFC systems with uncertain parameters, which is constructed for an online application. The proposed framework is validated in a real-world three-region power system simulation. The results show that the introduction of the parameter identification steps ensures the validity of the detection algorithm and can effectively avoid the malfunction of the detection mechanism caused by uncertain parameters.

Mengqi Li,Yanpeng Hu,Jin Guo

DOI: https://doi.org/10.1109/lsp.2024.3449242

2024-09-03

IEEE Signal Processing Letters

Abstract:Aiming at the security problem of cyber physical system (CPS), this paper designs and evaluates a tampering attack detection scheme for remote state estimation with quantized observations. When the transmitted information is quantized and the attacker randomly tampers it with a certain probability, we design a detection algorithm with a given error threshold based on the received data. Moreover, we proposes detection performance indexes, leakage detection rate and false detection rate, for the above algorithm, which are used to measure the algorithm performance to discriminate the tampered data, and further analyzes the impact of the attack strategy and the error threshold on performance indexes. Finally, simulations are designed to verify the theoretical results.

engineering, electrical & electronic