Data-Driven Identification of Attack-free Sensors in Networked Control Systems

This paper proposes a data-driven framework to identify the attack-free sensors in a networked control system when some of the sensors are corrupted by an adversary. An operator with access to offline input-output attack-free trajectories of the plant is considered. Then, a data-driven algorithm is proposed to identify the attack-free sensors when the plant is controlled online. We also provide necessary conditions, based on the properties of the plant, under which the algorithm is feasible. An extension of the algorithm is presented to identify the sensors completely online against certain classes of attacks. The efficacy of our algorithm is depicted through numerical examples.Comment: Conference submissio

A Resilient Control Approach to Secure Cyber Physical Systems (CPS) with an Application on Connected Vehicles

The objective of this dissertation is to develop a resilient control approach to secure Cyber Physical Systems (CPS) against cyber-attacks, network failures and potential physical faults. Despite being potentially beneficial in several aspects, the connectivity in CPSs poses a set of specific challenges from safety and reliability standpoint. The first challenge arises from unreliable communication network which affects the control/management of overall system. Second, faulty sensors and actuators can degrade the performance of CPS and send wrong information to the controller or other subsystems of the CPS. Finally, CPSs are vulnerable to cyber-attacks which can potentially lead to dangerous scenarios by affecting the information transmitted among various components of CPSs. Hence, a resilient control approach is proposed to address these challenges. The control approach consists of three main parts:(1) Physical fault diagnostics: This part makes sure the CPS works normally while there is no cyber-attacks/ network failure in the communication network; (2) Cyber-attack/failure resilient strategy: This part consists of a resilient strategy for specific cyber-attacks to compensate for their malicious effects ; (3) Decision making algorithm: The decision making block identifies the specific existing cyber-attacks/ network failure in the system and deploys corresponding control strategy to minimize the effect of abnormality in the system performance. In this dissertation, we consider a platoon of connected vehicle system under Co-operative Adaptive Cruise Control (CACC) strategy as a CPS and develop a resilient control approach to address the aforementioned challenges. The first part of this dissertation investigates fault diagnostics of connected vehicles assuming ideal communication network. Very few works address the real-time diagnostics problem in connected vehicles. This study models the effect of different faults in sensors and actuators, and also develops fault diagnosis scheme for detectable and identifiable faults. The proposed diagnostics scheme is based on sliding model observers to detect, isolate and estimate faults in the sensors and actuators. One of the main advantages of sliding model approach lies in applicability to nonlinear systems. Therefore, the proposed method can be extended for other nonlinear cyber physical systems as well. The second part of the proposed research deals with developing strategies to maintain performance of cyber-physical systems close to the normal, in the presence of common cyber-attacks and network failures. Specifically, the behavior of Dedicated Short-Range Communication (DSRC) network is analyzed under cyber-attacks and failures including packet dropping, Denial of Service (DOS) attack and false data injection attack. To start with, packet dropping in network communication is modeled by Bernoulli random variable. Then an observer based modifying algorithm is proposed to modify the existing CACC strategy against the effect of packet dropping phenomena. In contrast to the existing works on state estimation over imperfect communication network in CPS which mainly use either holding previous received data or Kalman filter with intermittent observation, a combination of these two approaches is used to construct the missing data over packet dropping phenomena. Furthermore, an observer based fault diagnostics based on sliding mode approach is proposed to detect, isolate and estimate sensor faults in connected vehicles platoon. Next, Denial of Service (DoS) attack is considered on the communication network. The effect of DoS attack is modeled as an unknown stochastic delay in data delivery in the communication network. Then an observer based approach is proposed to estimate the real data from the delayed measured data over the network. A novel approach based on LMI theory is presented to design observer and estimate the states of the system via delayed measurements. Next, we explore and alternative approach by modeling DoS with unknown constant time delay and propose an adaptive observer to estimate the delay. Furthermore, we study the effects of system uncertainties on the DoS algorithm. In the third algorithm, we considered a general CPS with a saturated DoS attack modeled with constant unknown delay. In this part, we modeled the DoS via a PDE and developed a PDE based observer to estimate the delay as well as states of the system while the only available measurements are delayed. Furthermore, as the last cyber-attack of the second part of the dissertation, we consider false data injection attack as the fake vehicle identity in the platoon of vehicles. In this part, we develop a novel PDE-based modeling strategy for the platoon of vehicles equipped with CACC. Moreover, we propose a PDE based observer to detect and isolate the location of the false data injection attack injected into the platoon as fake identity. Finally, the third part of the dissertation deals with the ongoing works on an optimum decision making strategy formulated via Model Predictive Control (MPC). The decision making block is developed to choose the optimum strategy among available strategies designed in the second part of the dissertation

Distributed Fault Detection in Formation of Multi-Agent Systems with Attack Impact Analysis

Autonomous Underwater Vehicles (AUVs) are capable of performing a variety of deepwater marine applications as in multiple mobile robots and cooperative robot reconnaissance. Due to the environment that AUVs operate in, fault detection and isolation as well as the formation control of AUVs are more challenging than other Multi-Agent Systems (MASs). In this thesis, two main challenges are tackled. We first investigate the formation control and fault accommodation algorithms for AUVs in presence of abnormal events such as faults and communication attacks in any of the team members. These undesirable events can prevent the entire team to achieve a safe, reliable, and efficient performance while executing underwater mission tasks. For instance, AUVs may face unexpected actuator/sensor faults and the communication between AUVs can be compromised, and consequently make the entire multi-agent system vulnerable to cyber-attacks. Moreover, a possible deception attack on network system may have a negative impact on the environment and more importantly the national security. Furthermore, there are certain requirements for speed, position or depth of the AUV team. For this reason, we propose a distributed fault detection scheme that is able to detect and isolate faults in AUVs while maintaining their formation under security constraints. The effects of faults and communication attacks with a control theoretical perspective will be studied. Another contribution of this thesis is to study a state estimation problem for a linear dynamical system in presence of a Bias Injection Attack (BIA). For this purpose, a Kalman Filter (KF) is used, where we show that the impact of an attack can be analyzed as the solution of a quadratically constrained problem for which the exact solution can be found efficiently. We also introduce a lower bound for the attack impact in terms of the number of compromised actuators and a combination of sensors and actuators. The theoretical findings are accompanied by simulation results and numerical can study examples

Real-Time Machine Learning Models To Detect Cyber And Physical Anomalies In Power Systems

A Smart Grid is a cyber-physical system (CPS) that tightly integrates computation and networking with physical processes to provide reliable two-way communication between electricity companies and customers. However, the grid availability and integrity are constantly threatened by both physical faults and cyber-attacks which may have a detrimental socio-economic impact. The frequency of the faults and attacks is increasing every year due to the extreme weather events and strong reliance on the open internet architecture that is vulnerable to cyber-attacks. In May 2021, for instance, Colonial Pipeline, one of the largest pipeline operators in the U.S., transports refined gasoline and jet fuel from Texas up the East Coast to New York was forced to shut down after being attacked by ransomware, causing prices to rise at gasoline pumps across the country. Enhancing situational awareness within the grid can alleviate these risks and avoid their adverse consequences. As part of this process, the phasor measurement units (PMU) are among the suitable assets since they collect time-synchronized measurements of grid status (30-120 samples/s), enabling the operators to react rapidly to potential anomalies. However, it is still challenging to process and analyze the open-ended source of PMU data as there are more than 2500 PMU distributed across the U.S. and Canada, where each of which generates more than 1.5 TB/month of streamed data. Further, the offline machine learning algorithms cannot be used in this scenario, as they require loading and scanning the entire dataset before processing. The ultimate objective of this dissertation is to develop early detection of cyber and physical anomalies in a real-time streaming environment setting by mining multi-variate large-scale synchrophasor data. To accomplish this objective, we start by investigating the cyber and physical anomalies, analyzing their impact, and critically reviewing the current detection approaches. Then, multiple machine learning models were designed to identify physical and cyber anomalies; the first one is an artificial neural network-based approach for detecting the False Data Injection (FDI) attack. This attack was specifically selected as it poses a serious risk to the integrity and availability of the grid; Secondly, we extend this approach by developing a Random Forest Regressor-based model which not only detects anomalies, but also identifies their location and duration; Lastly, we develop a real-time hoeffding tree-based model for detecting anomalies in steaming networks, and explicitly handling concept drifts. These models have been tested and the experimental results confirmed their superiority over the state-of-the-art models in terms of detection accuracy, false-positive rate, and processing time, making them potential candidates for strengthening the grid\u27s security

Operational moving target defences for improved power system cyber-physical security

In this work, we examine how Moving Target Defences (MTDs) can be enhanced to circumvent intelligent false data injection (FDI) attacks against power systems. Initially, we show how, by implementing state-of-the-art topology learning techniques, we can commit full-knowledge-equivalent FDI attacks against static power systems with no prior system knowledge. We go on to explore how naive applications of topology change, as MTDs, can be countered by unsupervised learning-based FDI attacks and how MTDs can be combined with physical watermarking to enhance system resilience. A novel intelligent attack, which incorporates dimensionality reduction and density-based spatial clustering, is developed and shown to be effective in maintaining stealth in the presence of traditional MTD strategies. In resisting this new type of attack, a novel implementation of MTD is suggested. The implementation uses physical watermarking to drive detection of traditional and intelligent FDI attacks while remaining hidden to the attackers. Following this, we outline a cyber-physical authentication strategy for use against FDI attacks. An event-triggered MTD protocol is proposed at the physical layer to complement cyber-side enhancements. This protocol applies a distributed anomaly detection scheme based on Holt-Winters seasonal forecasting in combination with MTD implemented via inductance perturbation. To conclude, we developed a cyber-physical risk assessment framework for FDI attacks. Our assessment criteria combines a weighted graph model of the networks cyber vulnerabilities with a centralised residual-based assessment of the physical system with respect to MTD. This combined approach provides a cyber-physical assessment of FDI attacks which incorporates both the likelihood of intrusion and the prospect of an attacker making stealthy change once intruded.Open Acces