Sheng Gao,Hao Zhang,Zhuping Wang,Chao Huang

DOI: https://doi.org/10.1051/sands/2022005

2022-01-01

Abstract:This paper investigates the system security problem of cyber-physical systems (CPSs), which is not only more practical but also more significant to deal with than the detecting faults problem. The purpose of this paper is to find an optimal attack strategy that maximizes the output error of the attacked system with low energy consumption. Based on a general model of linear time-invariant systems and a key technical lemma, a new optimal attack strategy for the meticulously designed false data injection attack is constructed. It is worth mentioning that compared with the existing model-based attack strategies, the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible. Key to overcoming the inaccessible information, a dynamic observer in the form of Luenberger is constructed. Finally, a networked magnetic levitation steel ball movement system is applied to illustrate the effectiveness of the proposed scheme.

Sheng Gao,Hao Zhang,Chao Huang,Zhuping Wang,Huaicheng Yan

DOI: https://doi.org/10.1109/tase.2022.3232496

IF: 6.636

2024-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:This paper aims to investigate the security problem of nonlinear cyber-physical systems (CPSs), which poses a challenge to handle compared with linear CPSs. A series of optimization problems for nonlinear CPSs under injection attack are constructed, which are based on a general model of the nonlinear systems with repetitive operation characteristics and a novel introduction of the key technical lemma. These optimization results are more general than the existing injection attack results and the requirements for attackers to obtain system information are relaxed. Also, the form of switching applied to the attack strategy possesses several advantages, including high stealthiness, lower cost, and more flexibility. Therefore, the new optimal injection attack strategies are expected to be more widespread and provide a basis for the design of defense strategies. The key to acquiring the designed optimal attack strategies is to adopt the linear input/output (I/O) data model for these systems via introducing an estimation term of the improved projection estimation method into the linear model. Finally, a networked GLUON-6L3 manipulator example validates the effectiveness of the proposed methods. Note to Practitioners —The main purpose of this paper is to study the cyber security of nonlinear cyber-physical systems from the perspective of attackers, which can help defenders fully understand the behavior of attackers. Most of the existing attack strategies aimed at linear systems or have a priori knowledge of the attacked systems. However, there are great limitations and difficulties in practical application. In this paper, the new attack strategies are proposed by combining system identification, iterative learning and control theory, which relaxes the requirement of the attacker’s ability. In detail, the attacker only needs to obtain the control input and output data of the attacked system and design the attack strategy according to it. Among them, the first-in, first-out queue storage method is applied to remove the requirements for the storage capability of the attacker. In practical applications, the attacker does not need to store the I/O data continuously, but only store the initial value and the data of two successive iterations. The mathematical analytic forms of two optimal attack strategies are given, and then their effectiveness are verified on a welding work of a networked six-axis manipulator. In the future, we will investigate the design of attack strategies for nonlinear systems with heterogeneous dynamics and multiple delays.

Guangyu Wu,Jian Sun,Jie Chen

DOI: https://doi.org/10.1109/tcyb.2018.2846365

IF: 11.8

2018-01-01

IEEE Transactions on Cybernetics

Abstract:The primary goal of this paper is to analyze the dynamic response of a system under optimal data injection attacks from a control perspective. In this paper, optimal data injection attack design problems are formulated in a similar framework of optimal control. We consider a scenario, where an attacker injects false data to a healthy plant comprising many actuators distributed in different regions. For the case, where an attacker pollutes all actuators, an optimal state feedback injection law is proposed to minimize a quadratic cost functional containing two conflicting objectives. For the case, where the attacker only pollutes partial actuators within a short period, the quadratic programming is employed to solve an optimal switching data injection attack design problem using the technique of embedded transformation. A bang-bang-type solution of the quadratic programming exists on account of the minimum value of the Hamilton functional and is achieved at an extreme point of the convex set. Consequently, a switching condition is derived to obtain the optimal attack sequence. We also introduce a closed-form switching policy for data injection attacks with multiple objectives, which is shown optimal in the sense of minimizing a hybrid quadratic performance criterion. Finally, applications of our approaches to a networked dc motor and a power system are provided to illustrate the effectiveness of the proposed method.

Sheng Gao,Hao Zhang,Zhuping Wang,Haohan Huang,Huaicheng Yan

DOI: https://doi.org/10.1109/tase.2023.3319828

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:This paper addresses data-driven injection attack against unknown intelligent automation systems (IASs) with slowly time-varying delays, which is a more general but also more challenging to deal with than the model-based real-time systems. Using the control input and system output measurements, several new data-driven injection attack strategies based on compact form dynamic linearization (CFDL) and incremental triangular dynamic linearization (ITDL) are proposed. The attack strategies are more general than the existing ones, taking into account the unknown model parameters and time-varying delays in control-to-actuator as well as sensor-to-controller data transmission channels. Consequently, the new design attack results are anticipated to have wider applicability. Based on the established attack models of CFDL and ITDL, the data-driven optimal parameter estimation algorithms are employed to overcome the difficulty of the unknown model. Furthermore, with the help of the principle of the linear regression equation, the problem of seeking partial derivatives for the attack inputs with time delays is avoided. Several examples are presented to illustrate the validity of the designed attack strategies. Note to Practitioners —The primary objective of this paper is to focus on the cyber security of discrete-time intelligent automation systems from the viewpoint of the attacker, which provides insight into the way of generating attack strategies under the data-driven framework. The majority of the available attack strategies against intelligent automation systems are based on a priori knowledge of the system, without delays or with single-sided fixed time delay, and thus in reality the attack strategies fail or are mostly ineffective due to inaccessibility of the attacked system parameters in conjunction with communication network time delays. This paper synthesizes parameter estimation, dynamic linearization, optimality principle and control theory to propose data-driven injection attack strategies based on CFDL and ITDL, respectively. Compared with the CFDL-based attack strategy, the latter is more applicable in the situation where the attacker suffers from restricted memory space occupation and hashrate. Specifically, the operation of attacker has two phases: eavesdropping estimation and strategy generation. In the eavesdropping estimation phase, the attacker continuously eavesdrops and stores the traffic data of the system for parameter estimation as well as optimizes the estimated parameters. In the strategy generation phase, the attacker generates strategies with the assistance of optimal parameters. Mathematically analytical forms of the proposed two data-driven injection attack strategies are presented in detail. Then, their effectiveness is verified through numerical simulation and experiments based on a leader-following form consisting of five quadcopters, but not tested in production. In the future, we are intending to design the data-driven attack strategies for heterogeneous intelligent automation systems with time-varying delays under the framework of game.

Sheng Gao,Hao Zhang,Zhuping Wang,Chao Huang,Huaicheng Yan

DOI: https://doi.org/10.1109/tcns.2022.3203909

IF: 4.347

2022-01-01

IEEE Transactions on Control of Network Systems

Abstract:The security problem of cyber-physical systems (CPSs) under the injection attack is investigated in this article. A switching data injection attack strategy based on the game approach is proposed, which makes the attacker consume less energy and more difficult to defend. In addition, the constraint of the limited attack resources is considered. Noting that the attacker and the defender are antagonistic in this article, the framework of a zero-sum game is used to describe this relation, and a finite-horizon quadratic cost function is also defined. The objective of this article is to find an appropriate offensive and defensive strategy to optimize this function. Different from the existing games, the upper bound on the energy consumption of each attack is considered. Pontryagin's maximum principle and saturation equivalent approach are used to solve this game problem. Thus, the optimal offensive and defensive strategy can be derived. Finally, a numerical simulation and a physical experiment with the wheeled mobile robot (WMR) validate the effectiveness of the proposed scheme.

Haohan Huang,Sheng Gao,Hao Zhang,Zhuping Wang

DOI: https://doi.org/10.23919/ccc63176.2024.10662842

2024-01-01

Abstract:This paper investigates the problem of a false data injection (FDI) attack on actuators against linear discrete-time cyber-physical systems (CPSs). Using a fuzzy approach that attack signals are generated by the designed fuzzy systems whose inputs are the state signals of the CPSs, a novel optimal fuzzy-based injection attack strategy is developed, which minimizes the quadratic cost function designed in this paper. The proposed fuzzy-based attack strategy has a high degree of complexity and covertness, making it difficult to defend. In addition, compared with a non-fuzzy-based optimal FDI attack strategy, the proposed one achieves greater damage to the control performance of the CPSs with less energy consumption. In the end, a numerical simulation example is presented to demonstrate the validity of the proposed fuzzy-based attack strategy.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Sheng Gao,Hao Zhang,Zhuping Wang,Chao Huang

DOI: https://doi.org/10.1109/lra.2021.3056340

IF: 5.2

2021-01-01

IEEE Robotics and Automation Letters

Abstract:This letter considers a class of switching mixed data injection attacks using input derivatives in cyber-physical systems with linear quadratic(LQ) cost from the perspective of the attacker. The attacker injects data mixed with false data and its derivative into a healthy system, which destroys the performance of the original system. For this situations, the optimal mixed data injection attack strategy is designed to minimize the quadratic cost and most damage the performance of the system. After that, in order to increase the complexity, concealment and energy saving of the attack, we designed the optimal switching mixed data injection attack strategy. Finally, numerical results and comparative experiments are provided to illustrate the effectiveness of the proposed method.

Hongyang Li,Junfeng Zhang,Xiao He

DOI: https://doi.org/10.1016/j.neucom.2019.05.085

IF: 6

2019-01-01

Neurocomputing

Abstract:In this paper, the design problem of data-injection attacks is investigated for a class of cyber-physical systems (CPSs) whose inputs can be changed by the malicious adversary. A novel attack design method is proposed by solving an optimization problem based on Kullback–Leibler divergence (KLD). It can make maximum influence on the residual sequences in the sense of probability distribution but cannot be detected by the detector with preset significance level. A simulation study is carried out to demonstrate the effectiveness and applicability of the proposed method.

Wenjie Liu,Lidong Li,Jian Sun,Fang Deng,Gang Wang,Jie Chen

2024-06-06

Abstract:The rise of cyber-security concerns has brought significant attention to the analysis and design of cyber-physical systems (CPSs). Among the various types of cyberattacks, denial-of-service (DoS) attacks and false data injection (FDI) attacks can be easily launched and have become prominent threats. While resilient control against DoS attacks has received substantial research efforts, countermeasures developed against FDI attacks have been relatively limited, particularly when explicit system models are not available. To address this gap, the present paper focuses on the design of data-driven controllers for unknown linear systems subject to FDI attacks on the actuators, utilizing input-state data. To this end, a general FDI attack model is presented, which imposes minimally constraints on the switching frequency of attack channels and the magnitude of attack matrices. A dynamic state feedback control law is designed based on offline and online input-state data, which adapts to the channel switching of FDI attacks. This is achieved by solving two data-based semi-definite programs (SDPs) on-the-fly to yield a tight approximation of the set of subsystems consistent with both offline clean data and online attack-corrupted data. It is shown that under mild conditions on the attack, the proposed SDPs are recursively feasible and controller achieves exponential stability. Numerical examples showcase its effectiveness in mitigating the impact of FDI attacks.

Systems and Control

Kang-Di Lu,Zheng-Guang Wu,Tingwen Huang

DOI: https://doi.org/10.1109/tmech.2022.3214314

2023-01-01

Abstract:With the rapid development of communication, control, and computer technology, traditional power systems have evolved into cyber-physical power system (CPPS). However, CPPS not only affords convenience but also introduces more cyber-attacks. Among many types of cyber-attacks, false data injection attacks (FDIAs) have drawn much attention in the CPPS security domain due to their stealthiness. Most FDIAs are based on the static model on a single snapshot and often ignore the reality of dynamically time-evolving CPPS. Accordingly, this article proposes a novel three-stage dynamic false data injection attack (DFDIA) model in CPPS by considering potential dynamic behaviors. To consider both attack location and attack amplitude, the designing DFDIA is formulated as two constrained single-objective optimization problems. Two versions of constrained differential evolution are presented as the solver to determine the attack location and optimize the attack vector for collaboratively altering the meter measurements. Then, an interval state forecasting-based countermeasure is proposed to detect the established DFDIA. In this detector, the variation bounds of state values are determined via ensemble deep learning-based state forecasting method. Finally, extensive simulation results on several IEEE bus systems demonstrate the feasibility of DFDIA and the effectiveness of the defense mechanism.

Jingxuan Wang,Lucas C. K. Hui,S. M. Yiu,Gang Zhou,Ruoqing Zhang

DOI: https://doi.org/10.1155/2017/9602357

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:Data injection attacks in a cyber-physical system aim at manipulating a number of measurements to alter the estimated real-time system states. Many researchers recently focus on how to detect such attacks. However, most of the detection methods do not work well for the nonlinear systems. In this paper, we present a compressive sampling methodology to identify the attack, which allows determining how many and which measurement signals are launched. The sparsity feature is used. Generally, our methodology can be applied to both linear and nonlinear systems. The experimental testing, which includes realistic load patterns from NYISO with various attack scenarios in the IEEE 14-bus system, confirms that our detector performs remarkably well.

Wenjie Liu,Lidong Li,Jian Sun,Fang Deng,Gang Wang,Jie Chen

DOI: https://doi.org/10.48550/arxiv.2311.08207

2023-01-01

Abstract:The rise of cyber-security concerns has brought significant attention to theanalysis and design of cyber-physical systems (CPSs). Among the various typesof cyberattacks, denial-of-service (DoS) attacks and false data injection (FDI)attacks can be easily launched and have become prominent threats. Whileresilient control against DoS attacks has received substantial researchefforts, countermeasures developed against FDI attacks have been relativelylimited, particularly when explicit system models are not available. To addressthis gap, the present paper focuses on the design of data-driven controllersfor unknown linear systems subject to FDI attacks on the actuators, utilizinginput-state data. To this end, a general FDI attack model is presented, whichimposes minimally constraints on the switching frequency of attack channels andthe magnitude of attack matrices. A dynamic state feedback control law isdesigned based on offline and online input-state data, which adapts to thechannel switching of FDI attacks. This is achieved by solving two data-basedsemi-definite programs (SDPs) on-the-fly to yield a tight approximation of theset of subsystems consistent with both offline clean data and onlineattack-corrupted data. It is shown that under mild conditions on the attack,the proposed SDPs are recursively feasible and controller achieves exponentialstability. Numerical examples showcase its effectiveness in mitigating theimpact of FDI attacks.

Yue Zhao,Ze Chen,Chunjie Zhou,Yu-Chu Tian,Yuanqing Qin

DOI: https://doi.org/10.1109/jas.2021.1004012

2021-01-01

IEEE/CAA Journal of Automatica Sinica

Abstract:Secure control against cyber attacks becomes increasingly significant in cyber-physical systems（CPSs）. False data injection attacks are a class of cyber attacks that aim to compromise CPS functions by injecting false data such as sensor measurements and control signals. For quantified false data injection attacks, this paper establishes an effective defense framework from the energy conversion perspective. Then, we design an energy controller to dynamically adjust the system energy changes caused by unknown attacks. The designed energy controller stabilizes the attacked CPSs and ensures the dynamic performance of the system by adjusting the amount of damping injection. Moreover, with the L2 disturbance attenuation technique, the burden of control system design is simplified because there is no need to design an attack observer. In addition,this secure control method is simple to implement because it avoids complicated mathematical operations. The effectiveness of our control method is demonstrated through an industrial CPS that controls a permanent magnet synchronous motor.

Lei Song,Jing Wu,Chengnian Long,Shaoyuan Li

DOI: https://doi.org/10.1109/cac.2018.8623668

2018-01-01

Abstract:This paper is concerned with the problem of event triggered dynamic output feedback control for continuous-time cyber-physical systems under data injection attacks. The resulting criterion provide sufficient conditions to ensure the asymptotic stability of the closed-loop system subject to compromising both measurement and control channels. Event-triggered mechanisms are implemented at both sensor and controller nodes asynchronously in order to alleviate the number of control actions against attacks and reduce communication burden. Moreover, we present a co-design procedure to simultaneously synthesize feedback laws and event-triggering parameters. Finally, numerical examples are included to show effectiveness of the proposed method.

Xiangnan Xu,Zhiwen Wang,Hong-Tao Sun,Jing Shi

DOI: https://doi.org/10.1177/01423312241233316

IF: 2.146

2024-03-26

Transactions of the Institute of Measurement and Control

Abstract:Transactions of the Institute of Measurement and Control, Ahead of Print. This paper addresses the problem of adaptive security control for cyber–physical systems (CPSs) under external nonlinear disturbances and false data injection (FDI) attacks on actuators. To address FDI attacks, a full-order disturbance estimator is proposed for eliminating disturbances in the forward channel. Furthermore, an attack model based on the system state vector is developed to estimate the attack vector by considering potential attacks that can induce state errors between the reference model and the actual system. Subsequently, a novel model-based adaptive security control (MASC) strategy is devised using attack compensation and state feedback. The key advantage of our proposed strategy lies in its ability to effectively mitigate the adverse effects of attacks while accounting for nonlinear disturbances. Finally, experimental validation conducted on a brushless DC motor speed control system demonstrates the capability of achieving high output tracking accuracy.

automation & control systems,instruments & instrumentation

He Liu,Xiao-Jian Li

DOI: https://doi.org/10.1016/j.ins.2024.120894

IF: 8.1

2024-06-10

Information Sciences

Abstract:This paper is concerned with the design of data-driven sensor injection attack for cyber-physical systems (CPSs) under channel constraints, where the attacker can only access a part of the sensor channels and the accessible channels switch over time. To enhance the attack's effectiveness while maintaining its stealthiness, the design problem is formulated as a constraint-type L2 -gain optimization problem. Then, by optimizing the attack-direction matrix using the data-driven parametrization method, an attack policy with channel constraints is proposed. Specifically, the necessary and sufficient design conditions are established in terms of the attack stealthiness. Furthermore, the optimized attack stealthiness index and attack effectiveness index under channel constrains are obtained, and it is theoretically proven that the attack performance is reduced due to the passive channel switching. The effectiveness of the data-driven attack policy is illustrated by the IEEE 6 bus power system.

computer science, information systems

Fangfei Li,Yang Tang

DOI: https://doi.org/10.1109/TCYB.2018.2871951

IF: 11.8

2020-01-01

IEEE Transactions on Cybernetics

Abstract:Cyber-security is of the fundamental importance for cyber-physical systems (CPSs), since CPSs are vulnerable to cyber attack. In order to make the defensive measures better, one needs to understand the behavior from the view of an attacker. In this paper, the problem of false data injection attack on remote state estimation with resource constraints is studied in two cases, where the first case is that the attacker adds a Gaussian noise to the innovation, while the other is that the attacker employs a Gaussian noise to replace the innovation. In addition, the attacker is assumed to has a resource constraint, i.e., he/she cannot attack all the sensors, at the same time should decide which sensors to attack. By using the matrix theory, the optimal attack strategy problem, which aims to maximize the trace of the remote estimation error covariance, is converted into a convex optimization problem that can be solved. Thus, an optimal attack strategy is given to illustrate which sensors should be attacked. An example is given to show the effectiveness of the theoretical results.

Xiaoyu Luo,Chongrong Fang,Chengcheng Zhao,Jianping He

DOI: https://doi.org/10.1109/cdc51059.2022.9992710

2022-01-01

Abstract:The data-driven attack strategies recently have received much attention when the full knowledge of the system model is unknown or difficult to be obtained for the adversary. Note that despite the critical parameters of the system model being unavailable for the adversary, the existing data-driven attack methods still depend on the linearity of the unknown system model. In this paper, we design a completely model-free attack strategy where the adversary with limited capability aims to compromise state variables such that the output value follows the expected trajectory. Specifically, we first construct a zeroth-order feedback optimization framework and uninterruptedly use probing signals for real-time measurements. Then, we iteratively update the attack signals along the composite direction of the gradient estimates of the objective function evaluations and the projected gradients. These objective function evaluations can be obtained only by real-time measurements. Furthermore, we characterize the optimality of these solutions via the optimality gap, which is affected by the dimensions of the attack signal, the iterations of solutions, and the convergence rate of the system. Extensive simulations are conducted to show the effectiveness of the proposed attack strategy.

Zengji Liu,Qi Wang,Yujian Ye,Yi Tang

DOI: https://doi.org/10.1109/tsg.2022.3159842

IF: 10.275

2022-01-01

IEEE Transactions on Smart Grid

Abstract:With the expansion of system scale and data size in power systems, data-driven methods are gradually becoming widely used. However, compared with traditional methods, data-driven methods face more threats in data security and algorithm security. This paper proposes a black box data injection attack method against data-driven strategies in power systems. To obtain a stealthy attack scheme with the greatest impact, an attack vector generator based on deep convolutional neural networks (DCNN) is designed. The generator includes a node selector, a filter, an encoder, and a decoder. The node selector is used to select the most likely successful attack scheme for the filter, the encoder is used to extract sample features, and the decoder is used to generate disturbances based on the features. The proposed generator is trained with an improved generative adversarial network (GAN) and can generate minimal disturbances in real time based on measurement data from the power grid. The effectiveness of the proposed method is demonstrated with an attack experiment on an online transient stability application.