샘플 데이터로 표현되는 사이버-물리 시스템의 취약점 분석 및 검출 불가능한 공격에 대한 방어 기법

학위논문 (박사) -- 서울대학교 대학원 : 공과대학 전기·정보공학부, 2020. 8. 심형보.The rapid evolution of communication network and computation speed has led to the emergence of cyber-physical systems in which the traditional physical plants are controlled remotely using digital controllers. Unfortunately, however, the separation between the plant and controller with a network communication provides a new chance for external adversaries to intrude control systems, which are highly connected to human life and social infrastructures. For this reason, among various issues of the cyber-physical system, security problems have gained particular attention to control engineers these days. This dissertation presents new theoretical vulnerabilities undetectable from the conventional anomaly detector, which arise due to the mixture of continuous- and discrete-time components on cyber-physical systems, and addresses countermeasures against such vulnerabilities. Specific subjects dealt with in the dissertation are listed as follows: 1) Zero dynamics attacks can be lethal to cyber-physical systems because they can be harmful to physical plants and impossible to detect. Fortunately, if the given continuous-time physical system is minimum phase, the attack is not so effective even if it cannot be detected. However, the situation can become unfavorable if one uses digital control by sampling the sensor measurement and using a zero-order hold for actuation because of the `sampling zeros.' When the continuous-time system has a relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros, so that the cyber-physical system becomes vulnerable to `sampling zero dynamics attack.' In this dissertation, we present an idea to neutralize the zero dynamics attack for single-input and single-output sampled-data systems by shifting the unstable discrete-time zeros into stable ones. This idea is realized by employing the so-called `generalized hold' which replaces a standard zero-order hold. It is shown that, under mild assumptions, a generalized hold exists which places the discrete-time zeros at desired positions. Furthermore, we formulate the design problem as an optimization problem whose performance index is related to the inter-sample behavior of the physical plant, and propose an optimal gain which alleviates the performance degradation caused by generalized hold as much as possible, and in order to verify the theoretical results, we apply the proposed strategy to a DC/DC converter with an electrical circuit. 2) The zero dynamics attack has usually been studied as a type of actuator attack, but it can harm the physical plant through the sensor network. Specifically, when the system monitors abnormal behavior of the plant using the anomaly detector (fault detector), one can generate zero dynamics attack on the sensor network deceiving the anomaly detector by regarding the output of the plant and residual of the anomaly detector as a new input and output of a target system. It is noticed that this sensor attack is not so effective when the plant is stable even if the attack is still undetectable. Noting this point, we propose to reexamine the generalized hold as a countermeasure against the undetectable sensor attack. That is, using the fact that the output feedback passing through the generalized hold can stabilize the unstable systems by selecting an appropriate hold function, we show that the plant can be safe from the undetectable sensor attack. Furthermore, to relieve the performance degradation of the use of generalized hold feedback, we employ a discrete-time linear quadratic regulator minimizing a continuous-time cost function. 3) In the sampled-data framework, most anomaly detectors monitor the plant's output only at discrete time instants. Consequently, abnormal behavior between sampling instants cannot be detected if output behaves normally at every sampling instant. This implies that if an actuator attack drives the plant's state to pass through the kernel of the output matrix at each sensing time, then the attack compromises the system while remaining stealthy. This type of attack is always constructible when the sampled-data system has an input redundancy, i.e., the number of inputs being larger than that of outputs and/or the sampling rate of the actuators being higher than that of the sensors. Simulation results for the X-38 vehicle and other numerical examples illustrate this new attack strategy may result in disastrous consequences.디지털 장치들의 연산 속도와 네트워크 전송 속도의 급진적인 발전으로 고전적인 제어 시스템이 네트워크를 통해 원격으로 제어되는 사이버-물리 시스템(cyber-physical systems)이 등장하기 시작했다. 이러한 사이버-물리 시스템은 제어기와 제어 대상의 분리라는 특성상 외부의 악의적인 공격신호로 부터 공격당할 수 있는 잠재적인 위험에 노출되어 있으며 파워플랜트의 원격감시제어(SCADA, Supervisory Control And Data Acquisition)와 같은 사회 기반 시설과도 밀접한 연관이 있어 그 보안성에 관한 연구의 필요성이 강조되고 있다. 본 논문은 사이버-물리 시스템이 연속시간으로 이루어진 물리 플랜트(physical plant)와 디지털 제어기로 이루어져 있다는 사실로부터 이를 영차홀드(zero-order hold)와 샘플러(sampler)로 이산화(discretize)되는 샘플-데이터 시스템으로 표현하고, 연속시간과 이산시간의 결합으로 부터 발생할 수 있는 사이버 공격에 대한 이론적인 취약점을 분석하고 그에 대한 해결책을 제시한다. 구체적으로 본 논문에서는 다음의 세 가지 주제들을 다룬다. 첫 번째로, 본 논문은 시스템의 불안정한(unstable) 영점(zero)의 정보를 이용하여 입력 네트워크를 통해 주입될 경우 검출불가능(undetectable)한 영동역학 공격(zero dynamics attack)이 샘플 데이터 시스템에서 발생하는 샘플링 영점(sampling zero)을 이용하여도 가능하다는 점을 밝힌다. 그리고 영차홀드 대신 일반화된 홀드(generalized hold)를 이용할 경우 이산시간 시스템의 이산시간 영점을 모두 안정한(stable)한 영역으로 할당할 수 있다는 사실에 근거하여 영동역학 공격에 대한 근본적인 대응책으로 영차홀드를 일반화된 홀드로 대체하는 방안을 제안한다. 추가적으로, 일반화된 홀드를 이용할 경우 발생하는 성능저하를 최소화 하기 위해 볼록(convex) 최적화 문제로 일반화된 홀드를 설계하는 방법을 제시한다. 다른 한편, 이산시간 시스템의 출력 센서 네트워크를 입력 그리고 고장 검출기(fault detector)의 잔여신호(residual)를 출력으로 하는 시스템의 영동역학을 이용하여 검출 불가능한 센서 공격이 가능함을 보이고, 이에 대한 해결책으로 이산시간 출력 부터 연속시간 입력까지 일반화된 홀드를 이용한 피드백 루프를 추가하여 공격의 효과를 무효화하는 방법을 제안한다. 또한 이러한 피드백 루프로 인한 제어 성능 저하를 최소화하기 위해 연속시간 비용함수를 최소화하는 이산시간 최적 제어기법의 이용을 제안한다. 마지막으로, 영차홀드와 샘플러의 동작주기가 같지 않은 다중 입출력(MIMO) 샘플-데이터 시스템을 쌓인 시스템(lifted system)으로 표현쌓을 때 출력대비 입력 여유분이 많을 경우, 입력 네트워크를 통하여 검출 불가능한 공격을 가능하게 하는 충분조건을 찾고, 이를 활용하여 공격신호를 생성하는 설계법을 제안한다.1 Introduction 1 1.1 Overview of Security Issues on Cyber-Physical Systems 1 1.2 Contributions and Outline of Dissertation 4 1.3 Preliminary: Characterization of detectable and undetectable attacks 8 2 Use of Generalized Hold in Sampled-data Systems to Counteract Zero Dynamics Attack 13 2.1 Zero Dynamics Attack with Normal Form 13 2.1.1 Continuous-time Linear Systems 13 2.1.2 Sampled-data Linear Systems 16 2.1.3 Simulation Result: Zero Dynamics Attack on Sampling Zeros 18 2.1.4 Existing Countermeasures Against Zero Dynamics Attack 19 2.2 Optimal Generalized Hold Function to Neutralize Zero Dynamics Attack 22 2.2.1 Shifting discrete-time zeros by generalized hold 23 2.2.2 Design of optimal generalized hold function with security guaranteed 27 2.2.3 Simulation Results: Effect of Optimal Generalized Hold 34 2.3 Illustrative Example for Closed-loop System 36 2.4 Experiment: DC/DC Converter with Electrical Circuit 39 2.4.1 Simulation Results 43 2.4.2 Experiment Results 44 2.5 Study on the Effect of Generalized Hold on Intrinsic Zeros of Nonlinear Systems under Fast Sampling 47 3 Use of Generalized Hold Feedback in Sampled-data Systems to Counteract Zero-dynamics Sensor Attack 57 3.1 Undetectable Sensor Attack and its lethality 57 3.1.1 Construction of Zero Dynamics Sensor Attack 58 3.1.2 Simulation Results: Magnetic Levitation of a Steel Ball 61 3.2 Strategy to Neutralize Zero Dynamics Sensor Attack and Relieve Performance Degradation 63 3.2.1 Employing the generalized hold feedback to neutralize zero dynamics sensor attack 64 3.2.2 Simulation Results: Effectiveness of the Generalized Hold 69 3.2.3 DLQR under Consideration of Inter-sample Behavior 71 3.2.4 Simulation Results: Effectiveness of DLQR with Continuous-time Performance Index 77 4 Masking Attack for Sampled-data System via Input Redundancy 79 4.1 Problem Formulation 79 4.2 Design of Masking Attack with Zero-stealthy and Disruptive Properties 83 4.2.1 Clustering the Time Frame 86 4.2.2 Conditions for Masking Attack Design 90 4.2.3 Off-line Construction of Attack Signal 93 4.2.4 Practical Stealthiness of Masking Attack with R \in R 97 4.3 Simulation Results 99 4.3.1 Numerical Example: R = 1 with δ = 0 99 4.3.2 X-38 Vehicle: R = 4 with δ = 0 102 4.3.3 Numerical Example: R = 0.4 with δ = 0.75 105 5 Conclusion of Dissertation 111 BIBLIOGRAPHY 113 국문초록 121Docto

Analyzing helicopter evasive maneuver effectiveness against rocket-propelled grenades

It has long been acknowledged that military helicopters are vulnerable to ground-launched threats, in particular, the RPG-7 rocket-propelled grenade. Current helicopter threat mitigation strategies rely on a combination of operational tactics and selectively placed armor plating, which can help to mitigate but not entirely remove the threat. However, in recent years, a number of active protection systems designed to protect land-based vehicles from rocket and missile fire have been developed. These systems all use a sensor suite to detect, track, and predict the threat trajectory, which is then employed in the computation of an intercept trajectory for a defensive kill mechanism. Although a complete active protection system in its current form is unsuitable for helicopters, in this paper, it is assumed that the active protection system’s track and threat trajectory prediction subsystem could be used offline as a tool to develop tactics and techniques to counter the threat from rocket-propelled grenade attacks. It is further proposed that such a maneuver can be found by solving a pursuit–evasion differential game. Because the first stage in solving this problem is developing the capability to evaluate the game, nonlinear dynamic and spatial models for a helicopter, RPG-7 round, and gunner, and evasion strategies were developed and integrated into a new simulation engine. Analysis of the results from representative vignettes demonstrates that the simulation yields the value of the engagement pursuit–evasion game. It is also shown that, in the majority of cases, survivability can be significantly improved by performing an appropriate evasive maneuver. Consequently, this simulation may be used as an important tool for both designing and evaluating evasive tactics and is the first step in designing a maneuver-based active protection system, leading to improved rotorcraft survivability

Deep Learning for Face Anti-Spoofing: A Survey

Face anti-spoofing (FAS) has lately attracted increasing attention due to its vital role in securing face recognition systems from presentation attacks (PAs). As more and more realistic PAs with novel types spring up, traditional FAS methods based on handcrafted features become unreliable due to their limited representation capacity. With the emergence of large-scale academic datasets in the recent decade, deep learning based FAS achieves remarkable performance and dominates this area. However, existing reviews in this field mainly focus on the handcrafted features, which are outdated and uninspiring for the progress of FAS community. In this paper, to stimulate future research, we present the first comprehensive review of recent advances in deep learning based FAS. It covers several novel and insightful components: 1) besides supervision with binary label (e.g., '0' for bonafide vs. '1' for PAs), we also investigate recent methods with pixel-wise supervision (e.g., pseudo depth map); 2) in addition to traditional intra-dataset evaluation, we collect and analyze the latest methods specially designed for domain generalization and open-set FAS; and 3) besides commercial RGB camera, we summarize the deep learning applications under multi-modal (e.g., depth and infrared) or specialized (e.g., light field and flash) sensors. We conclude this survey by emphasizing current open issues and highlighting potential prospects.Comment: IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI

Entropy in Image Analysis III

Image analysis can be applied to rich and assorted scenarios; therefore, the aim of this recent research field is not only to mimic the human vision system. Image analysis is the main methods that computers are using today, and there is body of knowledge that they will be able to manage in a totally unsupervised manner in future, thanks to their artificial intelligence. The articles published in the book clearly show such a future

India: Domestic Issues, Strategic Dynamics, and U.S. Relations

[Excerpt] President Barack Obama’s Administration has sought to build upon the deepened U.S. engagement with India begun by President Bill Clinton in 2000 and expanded upon during much of the past decade under President G.W. Bush. This “U.S.-India 3.0” diplomacy was most recently on display in July 2011, when the second U.S.-India Strategic Dialogue session saw a large delegation of senior U.S. officials visit New Delhi to discuss a broad range of global and bilateral issues. Many analysts view the U.S.-India relationship as being among the world’s most important in coming decades and see potentially large benefits to be accrued through engagement on many convergent interests. Bilateral initiatives are underway in all areas, although independent analysts in both countries worry that the partnership has lost momentum in recent years. Outstanding areas of bilateral friction include obstacles to bilateral trade and investment, including in the high-technology sector; outsourcing; the status of conflict in Afghanistan; climate change; and stalled efforts to initiate civil nuclear cooperation. India is the world’s most populous democracy and remains firmly committed to representative government and rule of law. Its left-leaning Congress Party-led ruling national coalition has been in power for more than seven years under the leadership of Prime Minister Manmohan Singh, an Oxford-trained economist. New Delhi’s engagement with regional and other states is extensive and reflects its rising geopolitical status. The national economy has been growing rapidly—India’s is projected to be the world’s third-largest economy in the foreseeable future—yet poor infrastructure, booming energy demand, and restrictive trade and investment practices are seen to hamper full economic potential. Despite the growth of a large urban middle-class, India’s remains a largely rural and agriculture-based society, and is home to some 500-600 million people living in poverty. This report will be updated periodically