12 research outputs found
A secure state estimation algorithm for nonlinear systems under sensor attacks
The state estimation of continuous-time nonlinear systems in which a subset
of sensor outputs can be maliciously controlled through injecting a potentially
unbounded additive signal is considered in this paper. Analogous to our earlier
work for continuous-time linear systems in \cite{chong2015observability}, we
term the convergence of the estimates to the true states in the presence of
sensor attacks as `observability under attacks', where refers to the
number of sensors which the attacker has access to. Unlike the linear case, we
only provide a sufficient condition such that a nonlinear system is observable
under attacks. The condition requires the existence of asymptotic observers
which are robust with respect to the attack signals in an input-to-state stable
sense. We show that an algorithm to choose a compatible state estimate from the
state estimates generated by the bank of observers achieves asymptotic state
reconstruction. We also provide a constructive method for a class of nonlinear
systems to design state observers which have the desirable robustness property.
The relevance of this study is illustrated on monitoring the safe operation of
a power distribution network.Comment: This paper has been accepted for publication at the 59th IEEE
Conference on Decision and Control, 202
Co-design of Control and Scheduling in Networked Systems under Denial-of-Service attacks
We consider the joint design of control and scheduling under stochastic
Denial-of-Service (DoS) attacks in the context of networked control systems. A
sensor takes measurements of the system output and forwards its dynamic state
estimates to a remote controller over a packet-dropping link. The controller
determines the optimal control law for the process using the estimates it
receives. An attacker aims at degrading the control performance by increasing
the packet-dropout rate with a DoS attack towards the sensor-controller
channel. Assume both the controller and the attacker are rational in a
game-theoretic sense. We establish a partially observable stochastic game to
derive the optimal joint design of scheduling and control. Using dynamic
programming we prove that the control and scheduling policies can be designed
separately without sacrificing optimality, making the problem equivalent to a
complete information game. We employ Nash Q-learning to solve the problem and
prove that the solution is guaranteed to constitute an -Nash
equilibrium. Numerical examples are provided to illustrate the tradeoffs
between control performance and communication cost.Comment: 9 pages, 4 figure
Stealthy hacking and secrecy of controlled state estimation systems with random dropouts
We study the maximum information gain that an adversary may obtain through
hacking without being detected. Consider a dynamical process observed by a
sensor that transmits a local estimate of the system state to a remote
estimator according to some reference transmission policy across a
packet-dropping wireless channel equipped with acknowledgments (ACK). An
adversary overhears the transmissions and proactively hijacks the sensor to
reprogram its transmission policy. We define perfect secrecy as keeping the
averaged expected error covariance bounded at the legitimate estimator and
unbounded at the adversary. By analyzing the stationary distribution of the
expected error covariance, we show that perfect secrecy can be attained for
unstable systems only if the ACK channel has no packet dropouts. In other
situations, we prove that independent of the reference policy and the detection
methods, perfect secrecy is not attainable. For this scenario, we formulate a
constrained Markov decision process to derive the optimal transmission policy
that the adversary should implement at the sensor, and devise a Stackelberg
game to derive the optimal reference policy for the legitimate estimator.Comment: 16 pages, 6 figure
Learning-based Attacks in Cyber-Physical Systems
We introduce the problem of learning-based attacks in an abstraction of cyber-physical systems that may be subject to an attack that overrides the sensor readings and the controller actions. The attacker attempts to learn the dynamics of the plant and subsequently override the controller's actuation signal, to destroy the plant without being detected. The attacker can feed fictitious sensor readings to the controller using its estimate of the plant dynamics and mimic the legitimate plant operation. The controller, on the other hand, is constantly on the lookout for an attack; once the controller detects an attack, it immediately shuts the plant off. We derive lower bounds for the attacker's deception probability for linear plants by assuming a specific authentication test that inspects the empirical variance of the system disturbance. We also show how the controller can improve the security of the system by superimposing a carefully crafted privacy-enhancing signal on top of the control policy. Finally, for nonlinear scalar dynamics that belong to the Reproducing Kernel Hilbert Space, we investigate the performance of attacks based on Gaussian-processes regression