Ask a question from expert

Write a formal academic report analyzing an assessment task, researching relevant information, and making recommendations for future practice.

10 Pages10940 Words397 Views

Added on 2022-11-13

Learn about optimal linear deception attack strategy on sensor data without being detected by a false data detector at the remote state estimator. The paper proposes a feasibility constraint, analyzes the evolution of the estimation error covariance, and derives a closed-form expression of the optimal linear attack strategy.

Write a formal academic report analyzing an assessment task, researching relevant information, and making recommendations for future practice.

Added on 2022-11-13

BookmarkShareRelated Documents

2325-5870 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems1

Optimal Linear Cyber-Attack on

Remote State Estimation

Ziyang Guo, Dawei Shi, Karl Henrik Johansson, Ling Shi

Abstract—Recent years have witnessed the surge of interest

of security issues in cyber-physical systems. In this paper, we

consider malicious cyber attacks in a remote state estimation

application where a smart sensor node transmits data to a remote

estimator equipped with a false data detector. It is assumed

that all the sensor data can be observed and modified by the

malicious attacker and a residue-based detection algorithm is

used at the remote side to detect data anomalies. We propose a

linear deception attack strategy and present the corresponding

feasibility constraint which guarantees that the attacker is able

to successfully inject false data without being detected. The

evolution of the estimation error covariance at the remote

estimator is derived and the degradation of system performance

under the proposed linear attack policy is analyzed. Furthermore,

we obtain a closed-form expression of the optimal attack strategy

among all linear attacks. Comparison of attack strategies through

simulated examples are provided to illustrate the theoretical

results.

Index Terms—Cyber-Physical Systems, Deception Attack, Se-

curity, Remote State Estimation.

I. INTRODUCTION

CYBER-Physical Systems (CPS) are systems that smooth-

ly integrate sensing, communication, control, computa-

tion and physical processes [1]. CPS applications range from

large-scale industrial applications to critical infrastructures

including chemical processes, smart grids, mine monitoring,

intelligent transportation, precision agriculture, civil engineer-

ing, aerospace, etc. [2]–[4].

The rapid growth of CPS and its safety-critical applications

have generated a surge of interest in CPS security in recent

years [5]. Since the measurement and control data in CPS are

commonly transmitted through unprotected communication

networks, such systems are vulnerable to cyber threats. Any

successful CPS attack may lead to a variety of severe con-

sequences, including customer information leakage, damages

to national economy, destruction of infrastructure, and even

endangering of human lives [6], [7].

Z. Guo and L. Shi are with Department of Electronic and Computer

Engineering, the Hong Kong University of Science and Technology, Clear

Water Bay, Kowloon, Hong Kong (e-mail: zguoae@ust.hk, eesling@ust.hk).

D. Shi is with State Key Laboratory of Intelligent Control and Decision

of Complex Systems, School of Automation, Beijing Institute of Technology,

Beijing, 100081, China (e-mail: dawei.shi@outlook.com).

K. H. Johansson is with ACCESS Linnaeus Centre and Department of

Automatic Control, School of Electrical Engineering, KTH Royal Institute of

Technology, Stockholm, Sweden (e-mail: kallej@kth.se).

The work by Z. Guo and L. Shi is supported by a Hong Kong RGC

GRF grant 16209114. The work by D. Shi is supported by Natural Science

Foundation of China (61503027). The work by K. H. Johansson is supported

by the Knut and Alice Wallenberg Foundation and the Swedish Research

Council.

The cyber-physical attack space can be divided according

to the adversary’s system knowledge, disclosure resources

and disruption resources. Attack models, such as Denial-of-

Service (DoS), replay, false data injection and zero dynamic

attacks were analyzed in [8]. Cardenas et al. [9] studied cyber

attacks compromising measurement and actuator data integrity

and availability. They considered two types of CPS attacks:

DoS and deception attacks. The DoS attack, which jams

the communication channels and prevents the exchange of

information containing both sensor measurements and control

inputs, was further analyzed for a resource-constrained attack-

er in [10], [11]. Moreover, a game-theoretic approach was

utilized to provide an effective framework to handle security

and privacy issues in communication networks in [12]. With

energy constraints on both the sensor and the attacker, Li

et al. [13] studied the interactive decision-making process of

when to send and when to attack using a zero-sum game. They

proved that the optimal strategies for both sides constitute a

Nash equilibrium. Agah et al. [14] formulated a repeated game

between the intrusion detector and the sensor nodes to study

the prevention of DoS attack in wireless sensor networks. A

framework to enforce cooperation among sensor nodes and

punishment for non-cooperative behavior was proposed.

The deception attacks, which affect the integrity of data by

modifying its content, have recently received attention. The

replay attack is a special type of deception attack where the

attacker does not have any system knowledge but is able to

access, record, and replay the sensor data. Mo et al. [15],

[16] studied the feasibility of the replay attack on a control

system equipped with a bad-data detector and proposed a

countermeasure to detect the existence of such an attack. Miao

et al. [17] proposed a zero-sum stochastic game framework

to balance the tradeoff between the control performance and

the system security. Another type of deception attack with

perfect system knowledge, false-data injection attack, was

initially proposed for power networks [18]. Sandberg et al. [19]

analyzed the minimum number of sensors required for a

stealthy attack and proposed the concept of measurement

security metric. A more general framework for security indices

was provided in [20]. Furthermore, the consequence of the

false-data injection attack and the reachable state estimation

error have been analyzed in [21]. Besides the aforementioned

studies where the models used are static, data injection attacks

on dynamic control systems have also been considered. A

covert data attack, which misleads the control center to remove

useful measurements, was proposed and analyzed in [22].

Pasqualetti et al. [23] studied the set of undetectable false-data

injection attacks for omniscient attackers who have full system

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems1

Optimal Linear Cyber-Attack on

Remote State Estimation

Ziyang Guo, Dawei Shi, Karl Henrik Johansson, Ling Shi

Abstract—Recent years have witnessed the surge of interest

of security issues in cyber-physical systems. In this paper, we

consider malicious cyber attacks in a remote state estimation

application where a smart sensor node transmits data to a remote

estimator equipped with a false data detector. It is assumed

that all the sensor data can be observed and modified by the

malicious attacker and a residue-based detection algorithm is

used at the remote side to detect data anomalies. We propose a

linear deception attack strategy and present the corresponding

feasibility constraint which guarantees that the attacker is able

to successfully inject false data without being detected. The

evolution of the estimation error covariance at the remote

estimator is derived and the degradation of system performance

under the proposed linear attack policy is analyzed. Furthermore,

we obtain a closed-form expression of the optimal attack strategy

among all linear attacks. Comparison of attack strategies through

simulated examples are provided to illustrate the theoretical

results.

Index Terms—Cyber-Physical Systems, Deception Attack, Se-

curity, Remote State Estimation.

I. INTRODUCTION

CYBER-Physical Systems (CPS) are systems that smooth-

ly integrate sensing, communication, control, computa-

tion and physical processes [1]. CPS applications range from

large-scale industrial applications to critical infrastructures

including chemical processes, smart grids, mine monitoring,

intelligent transportation, precision agriculture, civil engineer-

ing, aerospace, etc. [2]–[4].

The rapid growth of CPS and its safety-critical applications

have generated a surge of interest in CPS security in recent

years [5]. Since the measurement and control data in CPS are

commonly transmitted through unprotected communication

networks, such systems are vulnerable to cyber threats. Any

successful CPS attack may lead to a variety of severe con-

sequences, including customer information leakage, damages

to national economy, destruction of infrastructure, and even

endangering of human lives [6], [7].

Z. Guo and L. Shi are with Department of Electronic and Computer

Engineering, the Hong Kong University of Science and Technology, Clear

Water Bay, Kowloon, Hong Kong (e-mail: zguoae@ust.hk, eesling@ust.hk).

D. Shi is with State Key Laboratory of Intelligent Control and Decision

of Complex Systems, School of Automation, Beijing Institute of Technology,

Beijing, 100081, China (e-mail: dawei.shi@outlook.com).

K. H. Johansson is with ACCESS Linnaeus Centre and Department of

Automatic Control, School of Electrical Engineering, KTH Royal Institute of

Technology, Stockholm, Sweden (e-mail: kallej@kth.se).

The work by Z. Guo and L. Shi is supported by a Hong Kong RGC

GRF grant 16209114. The work by D. Shi is supported by Natural Science

Foundation of China (61503027). The work by K. H. Johansson is supported

by the Knut and Alice Wallenberg Foundation and the Swedish Research

Council.

The cyber-physical attack space can be divided according

to the adversary’s system knowledge, disclosure resources

and disruption resources. Attack models, such as Denial-of-

Service (DoS), replay, false data injection and zero dynamic

attacks were analyzed in [8]. Cardenas et al. [9] studied cyber

attacks compromising measurement and actuator data integrity

and availability. They considered two types of CPS attacks:

DoS and deception attacks. The DoS attack, which jams

the communication channels and prevents the exchange of

information containing both sensor measurements and control

inputs, was further analyzed for a resource-constrained attack-

er in [10], [11]. Moreover, a game-theoretic approach was

utilized to provide an effective framework to handle security

and privacy issues in communication networks in [12]. With

energy constraints on both the sensor and the attacker, Li

et al. [13] studied the interactive decision-making process of

when to send and when to attack using a zero-sum game. They

proved that the optimal strategies for both sides constitute a

Nash equilibrium. Agah et al. [14] formulated a repeated game

between the intrusion detector and the sensor nodes to study

the prevention of DoS attack in wireless sensor networks. A

framework to enforce cooperation among sensor nodes and

punishment for non-cooperative behavior was proposed.

The deception attacks, which affect the integrity of data by

modifying its content, have recently received attention. The

replay attack is a special type of deception attack where the

attacker does not have any system knowledge but is able to

access, record, and replay the sensor data. Mo et al. [15],

[16] studied the feasibility of the replay attack on a control

system equipped with a bad-data detector and proposed a

countermeasure to detect the existence of such an attack. Miao

et al. [17] proposed a zero-sum stochastic game framework

to balance the tradeoff between the control performance and

the system security. Another type of deception attack with

perfect system knowledge, false-data injection attack, was

initially proposed for power networks [18]. Sandberg et al. [19]

analyzed the minimum number of sensors required for a

stealthy attack and proposed the concept of measurement

security metric. A more general framework for security indices

was provided in [20]. Furthermore, the consequence of the

false-data injection attack and the reachable state estimation

error have been analyzed in [21]. Besides the aforementioned

studies where the models used are static, data injection attacks

on dynamic control systems have also been considered. A

covert data attack, which misleads the control center to remove

useful measurements, was proposed and analyzed in [22].

Pasqualetti et al. [23] studied the set of undetectable false-data

injection attacks for omniscient attackers who have full system

2325-5870 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems2

information but only compromise a part of existing sensors

and actuators. A unified framework and advanced monitoring

procedures to detect components malfunction or measurements

corruption were also proposed. Further results on different for-

mulations of integrity attack and secure estimation problems

were investigated in [24], [25].

In this paper, we consider deception attacks in a remote state

estimation scenario. We study the optimal linear deception

attack on the sensor data without being detected by a false

data detector at the remote state estimator. The motivation of

the current work is three-fold:

1) A deception attack is subtler and may cause more severe

consequences compared with many other attacks.

2) Existing models of deception attack are quite simple,

many focusing on static parameter estimation [18]–[21].

The need for analyzing potential consequences of attacks

on a dynamic system is important.

3) To propose effective countermeasures, one needs to un-

derstand what the worst attack might be.

The main contributions of this paper are summarized as

follows:

1) We propose a novel type of linear attack strategy and

present the corresponding feasibility constraint, which

guarantees the attacker to successfully inject false data

and remain undetected by the false data detector at the

same time.

2) We compute the evolution of the estimation error covari-

ance at the remote estimator and analyze the degradation

of system performance under various linear attack strate-

gies (Theorem 1).

3) We derive a closed-form expression of the optimal linear

attack strategy which yields the largest error covariance

(Theorem 2).

The remainder of the paper is organized as follows. Sec-

tion II presents the problem formulation and revisits some

preliminaries of the Kalman filter and the false data detector.

Section III proposes a new type of deception attack strategy

and states the feasibility constraint. Section IV illustrates the

degradation of system performance and derives the optimal

strategy among all linear attacks. Simulation results are pro-

vided in Section V. Some concluding remarks are given in the

end.

Notations: N and R denote the sets of natural numbers and

real numbers, respectively. Rn is the n-dimensional Euclidean

space. Sn

+ and Sn

++ are the sets of n × n positive semi-

definite and positive definite matrices. When X ∈ Sn

+, we

simply write X ≥ 0 (or X > 0 if X ∈ Sn

++). X ≥ Y

if X − Y ∈ Sn

+. N (μ, Σ) denotes Gaussian distribution

with mean μ and covariance matrix Σ. The superscript T

stands for transposition. tr(·) refers to the trace of a matrix.

E[·] denotes the expectation of a random variable. Pr{·}

denotes the probability of an event. For functions f, f1, f2

with appropriate domain, f1 ◦ f2(x) stands for the function

composition f1(f2(x)), and f n(x) , f (f n−1(x)).

II. PROBLEM SETUP

The system architecture of cyber attacks in a remote state

estimation application considered in this paper is shown in

Fig. 1. System architecture. The attacker is able to intercept and modify sensor

data, which affects the remote estimation performance despite the false data

detector.

Fig. 1. It consists of six main components, namely the process,

smart sensor, attacker, remote estimator, false data detector,

and wireless network. The smart sensor performs local esti-

mation based on the process measurements and transmits data

packet to the remote estimator through a wireless network

where a malicious attacker may intercept and modify the

transmitted data. A false data detector at remote side monitors

the system behavior and identifies the existence of the attacker.

The detailed models are described in the following.

A. Process Model

Consider a discrete-time linear time-invariant process:

xk+1 = Axk + wk, (1)

yk = Cxk + vk, (2)

where k ∈ N is the time index, xk ∈ Rn the vector of system

states, yk ∈ Rm the vector of sensor measurements, wk ∈

Rn and vk ∈ Rm are zero-mean i.i.d. Gaussian noises with

covariances Q ≥ 0 and R > 0, respectively. The initial state

x0 is zero-mean Gaussian with covariance matrix Π0 ≥ 0, and

is independent of wk and vk for all k ≥ 0. The pair (A, C) is

detectable and (A, √Q) is stabilizable.

B. Smart Sensor and Remote Estimator

The concept of smart sensors refers to sensors that provide

extra functions beyond those necessary for generating the

measured quantity. The functions included might be signal

processing, decision-making and alarm functions, which can

be used to improve system performance [26], [27]. Thus,

we assume that the smart sensor first locally processes the

raw measurement data and transmits its innovation to the

remote estimator in this work. To estimate the system state,

the following standard Kalman filter is adopted by the remote

estimator:

ˆx−

k = Aˆxk−1, (3)

P −

k = APk−1AT + Q, (4)

Kk = P −

k CT (CP −

k CT + R)−1, (5)

ˆxk = ˆx−

k + Kkzk, (6)

Pk = (I − KkC)P −

k , (7)

where zk is the local innovation transmitted to the remote

estimator with

zk = yk − C ˆx−

k , (8)

ˆx−

k and ˆxk are the a priori and the a posteriori Minimum

Mean Squared Error (MMSE) estimates of the state xk at the

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems2

information but only compromise a part of existing sensors

and actuators. A unified framework and advanced monitoring

procedures to detect components malfunction or measurements

corruption were also proposed. Further results on different for-

mulations of integrity attack and secure estimation problems

were investigated in [24], [25].

In this paper, we consider deception attacks in a remote state

estimation scenario. We study the optimal linear deception

attack on the sensor data without being detected by a false

data detector at the remote state estimator. The motivation of

the current work is three-fold:

1) A deception attack is subtler and may cause more severe

consequences compared with many other attacks.

2) Existing models of deception attack are quite simple,

many focusing on static parameter estimation [18]–[21].

The need for analyzing potential consequences of attacks

on a dynamic system is important.

3) To propose effective countermeasures, one needs to un-

derstand what the worst attack might be.

The main contributions of this paper are summarized as

follows:

1) We propose a novel type of linear attack strategy and

present the corresponding feasibility constraint, which

guarantees the attacker to successfully inject false data

and remain undetected by the false data detector at the

same time.

2) We compute the evolution of the estimation error covari-

ance at the remote estimator and analyze the degradation

of system performance under various linear attack strate-

gies (Theorem 1).

3) We derive a closed-form expression of the optimal linear

attack strategy which yields the largest error covariance

(Theorem 2).

The remainder of the paper is organized as follows. Sec-

tion II presents the problem formulation and revisits some

preliminaries of the Kalman filter and the false data detector.

Section III proposes a new type of deception attack strategy

and states the feasibility constraint. Section IV illustrates the

degradation of system performance and derives the optimal

strategy among all linear attacks. Simulation results are pro-

vided in Section V. Some concluding remarks are given in the

end.

Notations: N and R denote the sets of natural numbers and

real numbers, respectively. Rn is the n-dimensional Euclidean

space. Sn

+ and Sn

++ are the sets of n × n positive semi-

definite and positive definite matrices. When X ∈ Sn

+, we

simply write X ≥ 0 (or X > 0 if X ∈ Sn

++). X ≥ Y

if X − Y ∈ Sn

+. N (μ, Σ) denotes Gaussian distribution

with mean μ and covariance matrix Σ. The superscript T

stands for transposition. tr(·) refers to the trace of a matrix.

E[·] denotes the expectation of a random variable. Pr{·}

denotes the probability of an event. For functions f, f1, f2

with appropriate domain, f1 ◦ f2(x) stands for the function

composition f1(f2(x)), and f n(x) , f (f n−1(x)).

II. PROBLEM SETUP

The system architecture of cyber attacks in a remote state

estimation application considered in this paper is shown in

Fig. 1. System architecture. The attacker is able to intercept and modify sensor

data, which affects the remote estimation performance despite the false data

detector.

Fig. 1. It consists of six main components, namely the process,

smart sensor, attacker, remote estimator, false data detector,

and wireless network. The smart sensor performs local esti-

mation based on the process measurements and transmits data

packet to the remote estimator through a wireless network

where a malicious attacker may intercept and modify the

transmitted data. A false data detector at remote side monitors

the system behavior and identifies the existence of the attacker.

The detailed models are described in the following.

A. Process Model

Consider a discrete-time linear time-invariant process:

xk+1 = Axk + wk, (1)

yk = Cxk + vk, (2)

where k ∈ N is the time index, xk ∈ Rn the vector of system

states, yk ∈ Rm the vector of sensor measurements, wk ∈

Rn and vk ∈ Rm are zero-mean i.i.d. Gaussian noises with

covariances Q ≥ 0 and R > 0, respectively. The initial state

x0 is zero-mean Gaussian with covariance matrix Π0 ≥ 0, and

is independent of wk and vk for all k ≥ 0. The pair (A, C) is

detectable and (A, √Q) is stabilizable.

B. Smart Sensor and Remote Estimator

The concept of smart sensors refers to sensors that provide

extra functions beyond those necessary for generating the

measured quantity. The functions included might be signal

processing, decision-making and alarm functions, which can

be used to improve system performance [26], [27]. Thus,

we assume that the smart sensor first locally processes the

raw measurement data and transmits its innovation to the

remote estimator in this work. To estimate the system state,

the following standard Kalman filter is adopted by the remote

estimator:

ˆx−

k = Aˆxk−1, (3)

P −

k = APk−1AT + Q, (4)

Kk = P −

k CT (CP −

k CT + R)−1, (5)

ˆxk = ˆx−

k + Kkzk, (6)

Pk = (I − KkC)P −

k , (7)

where zk is the local innovation transmitted to the remote

estimator with

zk = yk − C ˆx−

k , (8)

ˆx−

k and ˆxk are the a priori and the a posteriori Minimum

Mean Squared Error (MMSE) estimates of the state xk at the

2325-5870 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems3

remote estimator, and P −

k and Pk are the corresponding error

covariances. The recursion starts from ˆx−

0 = 0 and P −

0 =

Π0 ≥ 0.

For notational brevity, we also define the Lyapunov and

Riccati operators h, ̃g : Sn

+ → Sn

+ as:

h(X) , AXAT + Q, (9)

̃g(X) , X − XCT (CXCT + R)−1CX. (10)

It is well known that the gain and the error covariance of the

Kalman filter converge from any initial condition [28]. Hence,

we denote the steady-state value of the a priori estimation

error covariance as

P = lim

k→∞ P −

k ,

where P is the unique positive semi-definite solution of h ◦

̃g(X) = X.

To simplify our subsequent discussions, we assume that the

Kalman filter at the remote estimator starts from the steady

state, i.e., Π0 = P , which results in a steady-state Kalman

filter with fixed gain

K = P CT (CP CT + R)−1. (11)

Remark 1 Using the smart sensor instead of the conventional

sensor not only improves measurement accuracy, but also

reduces the computations at the remote estimator and improve

communication efficiency [29]. Another reason why sending

the innovation zk rather than the measurement yk or the

local estimate ˆxk is that the innovation zk will approach a

steady-state distribution that can be easily checked by a false

data detector. If yk or ˆxk is sent instead, it is difficult to find

an appropriate detector which can detect potential malicious

attacks.

C. False Data Detector

The innovation sequence zk sent by the smart sensor is a

white Gaussian process with zero mean and covariance P,

where P = CP CT + R [28]. The false data detector at

the remote estimator side monitors the system behavior and

detects cyber attacks by checking the statistical characteristic

of the arriving innovation sequence. The mean and covariance

of the innovations are used to diagnose the existence of

potential cyber attacks.

The χ2 detector is a residue-based detector widely used

to reveal system anomalies [30], [31]. The detector makes a

decision based on the sum of squared residues zk which is

normalized by the steady-state innovation covariance matrix

P. At time slot k, we suppose the detection criterion is given

in the following form:

gk =

k∑

i=k−J+1

zT

i P−1zi

H0

≶

H1

δ, (12)

where J is the window size of detection, δ is the threshold,

the null hypotheses H0 means that the system is operating

normally, while the alternative hypotheses H1 means that the

system is under attack. The left hand side of (12) satisfies the

χ2 distribution with mJ degrees of freedom. Thus, it is easy

to calculate the false alarm rate from the χ2 distribution. If gk

is greater than the threshold, the detector triggers an alarm.

D. Problems of Interest

Based on the model of the process, the smart sensor, and

the false data detector, the main problems we are interested in

consist of the following:

1) What are the possible attack strategies under which the

attacker remains undetectable to the false data detector?

2) What is the corresponding estimation error at the remote

estimator under such an attack?

3) Does there exist an optimal attack strategy that renders

maximum estimation error?

The detailed mathematical formulations and solutions to

these problems will be introduced in the following two sec-

tions.

III. LINEAR ATTACK STRATEGY

In this section, we consider the existence of a malicious

agent who intentionally launches cyber attacks to degrade the

system performance. We will first define the attack policy and

then analyze the feasibility constraint needed for such attack

from being detected by the false data detector.

A. Linear Deception Attack

Similar to the attack models in existing works [32], [33]

and the man-in-the-middle attack where the attacker has

knowledge of all relevant messages passing between the two

victims and can inject new ones [34], [35], we suppose that

the attacker is able to intercept and modify the transmitted

data. At each time k, the attack strategy is defined as

̃zk = fk(zk) + bk,

where zk is the currently intercepted innovation, ̃zk the in-

novation modified by the attacker, fk an arbitrary function,

bk ∼ N (0, L ) an i.i.d. Gaussian random variable which is

independent of zk.

In this paper, we focus on the subset of all linear attack

strategies where fk is a linear transformation of the innovation

zk. We shall consider the general nonlinear attack strategies in

the future work. The proposed linear attack strategy is defined

as

̃zk = Tkzk + bk, (13)

where Tk ∈ Rm×m is an arbitrary matrix. Since zk ∼

N (0, P), where P = CP CT + R, it is easy to see that

̃zk is also an i.i.d. Gaussian random variable with zero mean

and variance TkPT T

k + L .

According to the detection criterion (12) of the false data

detector, the detection rate of the proposed linear attack (13)

is the same as without attack if the modified innovation ̃zk

preserves the same statistical characteristic as zk. In other

words, to bypass the false data detector, ̃zk is supposed to

satisfy the Gaussian distribution N (0, P), i.e., have zero mean

and covariance P. Hence,

TkPT T

k + L = P.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCNS.2016.2570003, IEEE

Transactions on Control of Network Systems3

remote estimator, and P −

k and Pk are the corresponding error

covariances. The recursion starts from ˆx−

0 = 0 and P −

0 =

Π0 ≥ 0.

For notational brevity, we also define the Lyapunov and

Riccati operators h, ̃g : Sn

+ → Sn

+ as:

h(X) , AXAT + Q, (9)

̃g(X) , X − XCT (CXCT + R)−1CX. (10)

It is well known that the gain and the error covariance of the

Kalman filter converge from any initial condition [28]. Hence,

we denote the steady-state value of the a priori estimation

error covariance as

P = lim

k→∞ P −

k ,

where P is the unique positive semi-definite solution of h ◦

̃g(X) = X.

To simplify our subsequent discussions, we assume that the

Kalman filter at the remote estimator starts from the steady

state, i.e., Π0 = P , which results in a steady-state Kalman

filter with fixed gain

K = P CT (CP CT + R)−1. (11)

Remark 1 Using the smart sensor instead of the conventional

sensor not only improves measurement accuracy, but also

reduces the computations at the remote estimator and improve

communication efficiency [29]. Another reason why sending

the innovation zk rather than the measurement yk or the

local estimate ˆxk is that the innovation zk will approach a

steady-state distribution that can be easily checked by a false

data detector. If yk or ˆxk is sent instead, it is difficult to find

an appropriate detector which can detect potential malicious

attacks.

C. False Data Detector

The innovation sequence zk sent by the smart sensor is a

white Gaussian process with zero mean and covariance P,

where P = CP CT + R [28]. The false data detector at

the remote estimator side monitors the system behavior and

detects cyber attacks by checking the statistical characteristic

of the arriving innovation sequence. The mean and covariance

of the innovations are used to diagnose the existence of

potential cyber attacks.

The χ2 detector is a residue-based detector widely used

to reveal system anomalies [30], [31]. The detector makes a

decision based on the sum of squared residues zk which is

normalized by the steady-state innovation covariance matrix

P. At time slot k, we suppose the detection criterion is given

in the following form:

gk =

k∑

i=k−J+1

zT

i P−1zi

H0

≶

H1

δ, (12)

where J is the window size of detection, δ is the threshold,

the null hypotheses H0 means that the system is operating

normally, while the alternative hypotheses H1 means that the

system is under attack. The left hand side of (12) satisfies the

χ2 distribution with mJ degrees of freedom. Thus, it is easy

to calculate the false alarm rate from the χ2 distribution. If gk

is greater than the threshold, the detector triggers an alarm.

D. Problems of Interest

Based on the model of the process, the smart sensor, and

the false data detector, the main problems we are interested in

consist of the following:

1) What are the possible attack strategies under which the

attacker remains undetectable to the false data detector?

2) What is the corresponding estimation error at the remote

estimator under such an attack?

3) Does there exist an optimal attack strategy that renders

maximum estimation error?

The detailed mathematical formulations and solutions to

these problems will be introduced in the following two sec-

tions.

III. LINEAR ATTACK STRATEGY

In this section, we consider the existence of a malicious

agent who intentionally launches cyber attacks to degrade the

system performance. We will first define the attack policy and

then analyze the feasibility constraint needed for such attack

from being detected by the false data detector.

A. Linear Deception Attack

Similar to the attack models in existing works [32], [33]

and the man-in-the-middle attack where the attacker has

knowledge of all relevant messages passing between the two

victims and can inject new ones [34], [35], we suppose that

the attacker is able to intercept and modify the transmitted

data. At each time k, the attack strategy is defined as

̃zk = fk(zk) + bk,

where zk is the currently intercepted innovation, ̃zk the in-

novation modified by the attacker, fk an arbitrary function,

bk ∼ N (0, L ) an i.i.d. Gaussian random variable which is

independent of zk.

In this paper, we focus on the subset of all linear attack

strategies where fk is a linear transformation of the innovation

zk. We shall consider the general nonlinear attack strategies in

the future work. The proposed linear attack strategy is defined

as

̃zk = Tkzk + bk, (13)

where Tk ∈ Rm×m is an arbitrary matrix. Since zk ∼

N (0, P), where P = CP CT + R, it is easy to see that

̃zk is also an i.i.d. Gaussian random variable with zero mean

and variance TkPT T

k + L .

According to the detection criterion (12) of the false data

detector, the detection rate of the proposed linear attack (13)

is the same as without attack if the modified innovation ̃zk

preserves the same statistical characteristic as zk. In other

words, to bypass the false data detector, ̃zk is supposed to

satisfy the Gaussian distribution N (0, P), i.e., have zero mean

and covariance P. Hence,

TkPT T

k + L = P.

Want to access all the pages? Upload your documents or become a member.

Related Documents

|6

|9729

|245