134 research outputs found
Recommended from our members
Securing state reconstruction under sensor and actuator attacks: Theory and design
This paper discusses the problem of reconstructing the state of a linear time invariant system when some of its actuators and sensors are compromised by an adversarial agent. In the model considered in this paper, the adversarial agent attacks an input (output) by manipulating its value arbitrarily, i.e., we impose no constraints (statistical or otherwise) on how control commands (sensor measurements) are changed by the adversary other than a bound on the number of attacked actuators and sensors In the first part of this paper, we introduce the notion of sparse strong observability and we show that is a necessary and sufficient condition for correctly reconstructing the state despite the considered attacks. In the second half of this work, we propose an observer to harness the complexity of this intrinsically combinatorial problem, by leveraging satisfiability modulo theory solving. Numerical simulations illustrate the effectiveness and scalability of our observer
An Unknown Input Multi-Observer Approach for Estimation and Control under Adversarial Attacks
We address the problem of state estimation, attack isolation, and control of
discrete-time linear time-invariant systems under (potentially unbounded)
actuator and sensor false data injection attacks. Using a bank of unknown input
observers, each observer leading to an exponentially stable estimation error
(in the attack-free case), we propose an observer-based estimator that provides
exponential estimates of the system state in spite of actuator and sensor
attacks. Exploiting sensor and actuator redundancy, the estimation scheme is
guaranteed to work if a sufficiently small subset of sensors and actuators are
under attack. Using the proposed estimator, we provide tools for reconstructing
and isolating actuator and sensor attacks; and a control scheme capable of
stabilizing the closed-loop dynamics by switching off isolated actuators.
Simulation results are presented to illustrate the performance of our tools.Comment: arXiv admin note: substantial text overlap with arXiv:1811.1015
Design-Time Quantification of Integrity in Cyber-Physical-Systems
In a software system it is possible to quantify the amount of information
that is leaked or corrupted by analysing the flows of information present in
the source code. In a cyber-physical system, information flows are not only
present at the digital level, but also at a physical level, and to and fro the
two levels. In this work, we provide a methodology to formally analyse a
Cyber-Physical System composite model (combining physics and control) using an
information flow-theoretic approach. We use this approach to quantify the level
of vulnerability of a system with respect to attackers with different
capabilities. We illustrate our approach by means of a water distribution case
study
Learning-guided network fuzzing for testing cyber-physical system defences
The threat of attack faced by cyber-physical systems (CPSs), especially when
they play a critical role in automating public infrastructure, has motivated
research into a wide variety of attack defence mechanisms. Assessing their
effectiveness is challenging, however, as realistic sets of attacks to test
them against are not always available. In this paper, we propose smart fuzzing,
an automated, machine learning guided technique for systematically finding
'test suites' of CPS network attacks, without requiring any knowledge of the
system's control programs or physical processes. Our approach uses predictive
machine learning models and metaheuristic search algorithms to guide the
fuzzing of actuators so as to drive the CPS into different unsafe physical
states. We demonstrate the efficacy of smart fuzzing by implementing it for two
real-world CPS testbeds---a water purification plant and a water distribution
system---finding attacks that drive them into 27 different unsafe states
involving water flow, pressure, and tank levels, including six that were not
covered by an established attack benchmark. Finally, we use our approach to
test the effectiveness of an invariant-based defence system for the water
treatment plant, finding two attacks that were not detected by its physical
invariant checks, highlighting a potential weakness that could be exploited in
certain conditions.Comment: Accepted by ASE 201
- …