Menglin Li,Jiahu Qin,Ling Shi,Xinghuo Yu,Huijun Gao

DOI: https://doi.org/10.1109/ccdc.2017.7978649

2017-01-01

Abstract:This paper considers a Denial-of-Service (DoS) attack scheduling problem. Specifically, a sensor employs the wireless link to send the data packet to the remote estimator at each time step, while an energy-constrained attacker launches DoS attacks against the remote state estimation, and designs an optimal attack strategy to maximize damage to the remote estimation quality. The packet will drop if the channel is jammed. In most of the existing works on DoS attacks, it is assumed that the wireless channel is perfect, i.e., the packet dropout never occurs in the absence of attack. However, this is far from the practical situation. To encompass the lossy nature of wireless networks, we study the scenario of lossy networks in which the packet may drop even without attack, and construct the optimal attack strategy that maximizes the average expected estimation error at the remote estimator over lossy networks. Numerical simulations are provided to demonstrate the effectiveness of the theoretical results.

Chao Yang,Wen Yang,Hongbo Shi

DOI: https://doi.org/10.1049/iet-cta.2017.0819

IF: 2.67

2018-01-01

IET Control Theory and Applications

Abstract:This study considers a model that a centralised sensor network is attacked by an invader, who launches the denial-of-service (DoS) attack on the network. To understand the behaviour of the invader and propose necessary protection accordingly, the authors study how the invader optimises his attack. In the model, the sensors take a measurement of a process and send the measurements to a remote estimator for state estimation. The invader intends to block the communication channels from the sensors to the estimator by the DoS attack in order to degrade the estimation performance. Constrained by a power budget, the invader needs to decide which sensors and at which time instances to attack, with the target that the estimation performance is mostly deteriorated. In this study, two scenarios that the system has a single sensor and has multiple sensors are investigated, respectively. For the system with a single sensor, the analytical result of the optimal attack schedules is given. For the system with multiple sensors, numerical methods are proposed, where the problem is relaxed and transformed into a convex optimisation problem which can be solved by efficient numerical algorithms.

Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

DOI: https://doi.org/10.1109/cdc.2013.6760746

2013-01-01

Abstract:Security of Cyber-Physical System (CPS) has gained increasing attention in recent years. Most existing works mainly investigate the system performance given the attacking patterns. In this paper, we investigate how the attacker should design its DoS attacking policy so that the system performance can be deteriorated as much as possible. Specifically, we consider the scenario where a sensor sends its data to a remote estimator through a wireless channel for state estimation, while an attacker decides whether to jam the channel at each sampling time. For two typical system performance indexes, i.e., the expected average estimation error and the expected terminal estimation error, we construct optimal attack scheduling schemes, respectively. We also propose the optimal attack schedules to avoid the given intruder detection mechanism. Numerical examples are presented to demonstrate the effectiveness of our results.

Xianghui Cao,Changyin Sun

DOI: https://doi.org/10.1109/ascc.2017.8287298

2017-01-01

Abstract:Remote state estimation in which wireless sensors transmit data to a remote device for estimating the state of a physical process is an important issue in cyber-physical systems (CPS). Since the wireless channel is open-access, adversaries can easily launch denial-of-service (DoS) attacks and cause significant estimation performance deterioration, regardless of the use of cryptographic techniques for sensor data security. Most existing studies on DoS attacks in CPS often assume perfect channels. In this paper, we study the impact and strategies of DoS attacks in a more practical scenario where the wireless channel suffer from stochastic background traffics. We propose a probabilistic attack scheme in which the attacker senses the channel state and only executes DoS when the sensing result indicates an idle channel. Specifically, with the proposed probabilistic attack scheme, the attacker launches DoS with a certain probability once the channel is sensed idle. We theoretically analyze the stability of the estimation process and investigate the problem of optimal attack strategy under attackers energy constraint.

Zhuping Wang,Sheng Gao,Hao Zhang,Huaicheng Yan,Tenghui Li

DOI: https://doi.org/10.1109/tcns.2024.3372134

IF: 4.347

2024-01-01

IEEE Transactions on Control of Network Systems

Abstract:The energy allocation problem of malicious denial-of-service (DoS) attacks for state estimation in cyber-physical systems (CPSs) is investigated in this paper. An optimal energy allocation strategy for DoS attacks in CPSs under multi-sensor network fusion estimation is proposed. To describe the channel packet loss characteristic, a signal-to-interference-plus-noise ratio (SINR) model is introduced. Compared with the existing DoS attack strategies, the increase of the channel packet loss rate with the increase in energy injected by the attacker is considered. Meanwhile, the behavioral tendency of the attacker concerning the sensors with different parameters is taken into account, leveraging the additional sensing accuracy matrix. Moreover, the quantified relationship between the attacker and the remote estimator error covariance is derived and the optimal energy allocation strategy problem is transformed into a convex optimization problem to be solved. Finally, a simulation example is presented to verify the effectiveness of the proposed mechanism.

computer science, information systems,automation & control systems

Kemi Ding,Yuzhe Li,Daniel E. Quevedo,Subhrakanti Dey,Ling Shi

DOI: https://doi.org/10.1016/j.automatica.2016.12.020

IF: 6.4

2017-04-01

Automatica

Abstract:This paper considers a cyber-physical system (CPS) under denial-of-service (DoS) attacks. The measurements of a sensor are transmitted to a remote estimator over a multi-channel network, which may be congested by a malicious attacker. Among these multiple communication paths with different characteristics and properties at each time step, the sensor needs to choose a single channel for sending data packets while reducing the probability of being attacked. In the meanwhile, the attacker needs to decide the target channel to jam under an energy budget constraint. To model this interactive decision-making process between the two sides, we formulate a two-player zero-sum stochastic game framework. A Nash Q-learning algorithm is proposed to tackle the computation complexity when solving the optimal strategies for both players. Numerical examples are provided to illustrate the obtained results.

Min Wang,Huabo Liu,Keke Huang,Yao Mao,Haisheng Yu

DOI: https://doi.org/10.1109/tcsi.2024.3414474

2024-01-01

Abstract:In this paper, we investigate the remote robust state estimation problems for nonlinear cyber-physical systems under denial-of-service attacks. The well-known extended Kalman filter is a commonly used method for state estimation of nonlinear systems. However, it does not take into account unmodeled dynamics or parametric uncertainties caused by first-order approximations, which makes its estimation performance unsatisfactory. In addition, denial-of-service attacks prevent the sensor from sending measurements to a remote state estimator by congesting the communication channel, which further deteriorates the estimation performance. To surmount these problems, a robust state estimation algorithm is developed based on sensitivity penalization, taking into account an explicit packet loss parameter. Under certain conditions, the boundedness of estimation error is proved. By selecting a negative resistance oscillation circuit for numerical simulations, it is demonstrated that the remote robust state estimator can markedly improve the estimation performance.

Jiahu Qin,Menglin Li,Ling Shi,Xinghuo Yu

DOI: https://doi.org/10.1109/tac.2017.2756259

IF: 6.549

2017-01-01

IEEE Transactions on Automatic Control

Abstract:The recent years have seen a surge of security issues of cyber-physical systems (CPS). In this paper, denial-of-service (DoS) attack scheduling is investigated in depth. Specifically, we consider a system where a remote estimator receives the data packet sent by a sensor over a wireless network at each time instant, and an energy-constrained attacker that cannot launch DoS attacks all the time designs the optimal DoS attack scheduling to maximize the attacking effect on the remote estimation performance. Most of the existing works concerning DoS attacks focus on the ideal scenario in which data packets can be received successfully if there is no DoS attack. To capture the unreliability nature of practical networks, we study the packet-dropping network in which packet dropouts may occur even in the absence of attack. We derive the optimal attack scheduling scheme that maximizes the average expected estimation error, and the one which maximizes the expected terminal estimation error over packet-dropping networks. We also present some countermeasures against DoS attacks, and discuss the optimal defense strategy, and how the optimal attack schedule can serve for more effective and resource-saving countermeasures. We further investigate the optimal attack schedule with multiple sensors. The optimality of the theoretical results is demonstrated by numerical simulations.

Xiaoyan Chang,Lianghong Peng,Suzhen Zhang

DOI: https://doi.org/10.3390/s24030850

IF: 3.9

2024-01-29

Sensors

Abstract:In recent years, the problem of cyber–physical systems' remote state estimations under eavesdropping attacks have been a source of concern. Aiming at the existence of eavesdroppers in multi-system CPSs, the optimal attack energy allocation problem based on a SINR (signal-to-noise ratio) remote state estimation is studied. Assume that there are N sensors, and these sensors use a shared wireless communication channel to send their state measurements to the remote estimator. Due to the limited power, eavesdroppers can only attack M channels out of N channels at most. Our goal is to use the Markov decision processes (MDP) method to maximize the eavesdropper's state estimation error, so as to determine the eavesdropper's optimal attack allocation. We propose a backward induction algorithm which uses MDP to obtain the optimal attack energy allocation strategy. Compared with the traditional induction algorithm, this algorithm has lower computational cost. Finally, the numerical simulation results verify the correctness of the theoretical analysis.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Cong Zhang,Jie Wang,Qingchen Liu,Weiming Fu,Wei Xing Zheng

DOI: https://doi.org/10.1016/j.jfranklin.2023.07.012

IF: 4.246

2023-01-01

Journal of the Franklin Institute

Abstract:In this paper, we focus on the optimal power control for the sensors and attackers in a remote state estimation process, which guarantees the achievement of the estimation task under the denial-of-service (DoS) attack. In the remote estimation process under the DoS attack, each sensor observes the target state and transmits its local estimates to the remote estimator via a wireless network, communications in which are disrupted by jamming signals. For the wireless network, while most of the existing works on the resilient remote state estimation consider time-invariant channel state information (CSI) model, we pay attention to the fading channel network, in which the channel state is fixed and the channel model can be characterized by a generalized finite-state Markov chain. We model the conflicting nature among the sensor and the attacker as a general-sum stochastic game, proposing a Nash Q-learning algorithm to find the optimal power control strategies for the two players. Moreover, the monotone structure of these strategies is constructed with a sufficient condition. Taking into account the practical applications, we also consider the case where the sensor and the attacker only know partial information of each other and employ the Bayesian game to model it. Based on the channel information of each player and its believes of the channel distribution of the opponent, the type-contingent energy strategies are obtained. Finally, simulation results are given to verify our results.

Jiahu Qin,Menglin Li,Jie Wang,Ling Shi,Yu Kang,Wei Xing Zheng

DOI: https://doi.org/10.1016/j.automatica.2020.109090

IF: 6.4

2020-01-01

Automatica

Abstract:We consider a scenario in which a DoS attacker with the limited power resource and the purpose of degrading the system performance, jams a wireless network through which the packet from a sensor is sent to a remote estimator. To degrade the estimation quality most effectively with a given energy budget, the attacker aims to solve the problem of how much power to obstruct the channel each time, which is the recently proposed optimal attack energy management problem. The existing works are built on an ideal network model in which the packet dropout never occurs when the attack is absent. To encompass wireless transmission losses, we introduce the signal-to-interference-plus-noise ratio-based network. First we focus on the case when the attacker employs the constant power level. To maximize the expected terminal estimation error at the remote estimator, we provide some more relaxed sufficient conditions compared with the existing work for the existence of an explicit solution to the optimal static attack energy management problem and the solution is constructed. For the other important index of system performance, the average expected estimation error, the associated sufficient conditions are also derived based on a different analysis approach with the existing work. And a feasible method is presented for both indexes to seek the optimal constant attack power level when the system fails to meet the proposed sufficient conditions. Then when the real-time ACK information can be acquired, a Markov decision process (MDP) based algorithm is designed to solve the optimal dynamic attack energy management problem. We further study the optimal tradeoff between attack energy and system degradation. Specifically, by moving the energy constraint into the objective function to maximize the system index and minimize the energy consumption simultaneously, the other MDP based algorithm is proposed to find the optimal dynamic attack power policy which is further shown to have a monotone structure. The theoretical results are illustrated by simulations.

Hongyi Lei,Wen Yang,Yan Yu

DOI: https://doi.org/10.1002/rnc.5898

IF: 3.8973

2021-12-24

International Journal of Robust and Nonlinear Control

Abstract:In this article, we consider the issue of energy efficient management for distributed state estimation over unknown packet‐dropping communication channels which are exposed to Denial‐of‐Service (DoS) attacks. After a packet is transmitted, the sensor determines whether to retransmit and the retransmission power levels based on the feedback information from the receiving sensor. We formulate the energy efficient management problem as a modified Markov decision problem (MMDP), and proposed an algorithm to seek a retransmission power schedule that achieves optimal tradeoff between energy consumption and communication rate for given channel noise power. In the case of unknown channel state, we design a statistical learning method to estimate channel noise power. Besides, inspired by the hypothesis testing, we design an anomaly detector to guarantee the instantaneity of channel noise power estimation and efficiency of energy management. Furthermore, we derive the optimal gain for each estimator, and provide a sufficient condition for the stability of estimator under the energy management. Finally, we verify the main results by numerical examples.

automation & control systems,engineering, electrical & electronic,mathematics, applied

Kemi Ding,Subhrakanti Dey,Daniel E. Quevedo,Ling Shi

DOI: https://doi.org/10.48550/arXiv.1705.08604

2017-05-31

Abstract:This paper studies remote state estimation under denial-of-service (DoS) attacks. A sensor transmits its local estimate of an underlying physical process to a remote estimator via a wireless communication channel. A DoS attacker is capable to interfere the channel and degrades the remote estimation accuracy. Considering the tactical jamming strategies played by the attacker, the sensor adjusts its transmission power. This interactive process between the sensor and the attacker is studied in the framework of a zero-sum stochastic game. To derive their optimal power schemes, we first discuss the existence of stationary Nash equilibrium (SNE) for this game. We then present the monotone structure of the optimal strategies, which helps reduce the computational complexity of the stochastic game algorithm. Numerical examples are provided to illustrate the obtained results.

Systems and Control

Lijuan Zha,Yaping Guo,Jinliang Liu,Xiangpeng Xie,Engang Tian

DOI: https://doi.org/10.1109/tsipn.2024.3356789

2024-02-07

IEEE Transactions on Signal and Information Processing over Networks

Abstract:This article studies the distributed fusion estimation (DFE) issue for networked multi-sensor systems (NMSSs) with stochastic uncertainties, bandwidth-constrained network and energy-constrained denial-of-service (DoS) attacks. The stochastic uncertainties reflected in both the state and measurement models are characterized by multiplicative noises. For reducing the communication burden, local estimation signals are subject to dimensionality reduction processing. And the improved Round-Robin (RR) protocol is used on the channels from local estimators to the fusion estimator. To reflect the actual situation, the dimensionality reduction strategy is designed from the defender's point of view in the sense of minimum fusion error covariance (FEC). And the attack strategy is designed from the attacker's point of view in the sense of maximum FEC. Then, based on a compensation model, a recursive distributed Kalman fusion estimation algorithm (DKFEA) is proposed. The stability conditions making the mean square error (MSE) for DFE bounded are derived. In the end, the validity of the presented DKFEA is verified by an illustrative example.

telecommunications,engineering, electrical & electronic

Ying Liu,Chunguang Li

DOI: https://doi.org/10.1109/taes.2018.2803578

IF: 3.491

2018-01-01

IEEE Transactions on Aerospace and Electronic Systems

Abstract:The problem of distributed estimation over wireless sensor networks in an adversarial environment with the presence of attacks on sensed and communicated information is considered. To tackle with this problem, a secure diffusion least-mean squares (S-dLMS) algorithm is proposed. The proposed S-dLMS can be considered as a hybrid system, which consists of a noncooperative LMS (nc-LMS) subsystem and a diffusion LMS (dLMS) subsystem. The nc-LMS subsystem is used to provide a reliable reference estimate, which is further used for constructing the threshold test to detect the trust neighbors of each node. Then, based on the detected secure network topology, the dLMS subsystem is performed by combining the received information from the trust neighbors. The performance of the proposed S-dLMS algorithm in the mean and mean-square senses is analyzed, and then an adaptive rule is suggested to select the threshold for detection. Finally, some simulations are performed to show the effectiveness of the proposed S-dLMS algorithm under fixed and time-varying attacks, respectively.

Lianghong Peng,Xianghui Cao,Hongbao Shi,Changyin Sun

DOI: https://doi.org/10.1016/j.jfranklin.2018.06.016

IF: 4.246

2018-01-01

Journal of the Franklin Institute

Abstract:In cyber-physical systems (CPS), cyber threats emerge in many ways which can cause significant destruction to the system operation. In wireless CPS, adversaries can block the communications of useful information by channel jamming, incurring the so-called denial of service (DoS) attacks. In this paper, we investigate the problem of optimal jamming attack scheduling against remote state estimation wireless network. Specifically, we consider that two wireless sensors report data to a remote estimator through two wireless communication channels lying in two unoverlapping frequency bands, respectively. Meanwhile, an adversary can select one and only one channel at a time to execute jamming attack. We prove that the optimal attack schedule is continuously launching attack on one channel determined based on the system dynamics matrix. The theoretical results are validated by numerical simulations.

Heng Zhang,Peng Cheng,Ling Shi,Jiming Chen

2015-01-01

Abstract:Security of Cyber-Physical Systems (CPS) has gained increasing attention in recent years. Most existing works mainly investigate the system performance given some attacking patterns. In this paper, we investigate how an attacker should schedule its Denial-of-Service (DoS) attacks to degrade the system performance. Specifically, we consider the scenario where a sensor sends its data to a remote estimator through a wireless channel, while an energy-constrained attacker decides whether to jam the channel at each sampling time. We construct optimal attack schedules to maximize the expected average estimation error at the remote estimator. We also provide the optimal attack schedules when a special intrusion detection system (IDS) at the estimator is given. We further discuss the optimal attack schedules when the sensor has energy constraint. Numerical examples are presented to demonstrate the effectiveness of the proposed optimal attack schedules. Index Terms State estimation, DoS attack, energy constraint.

Lianghong Peng,Ling Shi,Xianghui Cao,Changyin Sun

DOI: https://doi.org/10.1109/TAC.2017.2775344

IF: 6.549

2018-01-01

IEEE Transactions on Automatic Control

Abstract:Recently, the security issue of wireless cyber-physical systems (CPS) has attracted much attention from different communities. In this paper, we consider energy-efficient optimal attack power schedule against remote state estimation of wireless CPS under constrained denial-of-service attacks based on channels' signal-to-interference-plus-noise ratio (SINR). We propose a wireless communication mode...

Jie Wang,Jiahu Qin,Menglin Li,Yang Shi

2020-01-01

Abstract: In this paper, we investigate remote state estimation against an intelligent denial-of-service (DoS) attack over a vulnerable wireless network whose channel undergoes attenuation and distortion caused by fading. We use the sensor to observe system states and transmit its local state estimates to the remote center. Meanwhile, the attacker injects a jamming signal to destroy the packet accepted by the remote center and causes the performance degradation. Most of the existing works are built on a time-invariant channel state information (CSI) model in which the channel fading is stationary. However, the wireless communication channels are more prone to dynamic changes. To capture this time-variant property in the channel quality of the real-world networks, we study the fading channel network whose channel model is characterized by a generalized finite-state Markov chain. With the goals of two players in infinite-time horizon, we describe the conflicting characteristic between the attacker and the sensor with a general-sum stochastic game. Moreover, the Q-learning techniques are applied to obtain an optimal strategy pair at a Nash equilibrium. Also the monotone structure of the optimal stationary strategy is constructed under a sufficient condition. Besides, when channel gain is known a priori, except for the full Channel State Information (CSI), we also investigate the partial CSI, where Bayesian games are employed. Based on the player's own channel information and the belief on the channel distribution of other players, the energy strategy at a Nash equilibrium is obtained.

Junhui Zhang,Jitao Sun

DOI: https://doi.org/10.1016/j.sysconle.2019.104546

2019-11-01

Abstract:Recent years have illustrated the soaring importance of security issues of cyber-physical systems (CPSs). In this paper, we consider the remote state estimation of a CPS while subject to denial-of-service (DoS) attacks. A number of sensors monitor different linear dynamical systems and transmit the measurements to a remote estimator through a multi-channel network that may suffer corruption due to an intelligent attacker. Both sensors and the attacker have energy constraints. At each time-step, sensors select which channel to transmit over while the attacker chooses which channel to congest. Both sides select strategies based on the current state. In order to model the infinite horizon decision problem, we construct a two player zero-sum game and propose a Nash Q-learning algorithm to solve for the optimal strategies of both players. Finally, simulations are provided to illustrate our results.

automation & control systems,operations research & management science