Event-triggered control systems under denial-of-service attacks

In this paper, we propose a systematic design framework for output-based dynamic event-triggered control (ETC) systems under Denial-of-Service (DoS) attacks. These malicious DoS attacks are intended to interfere with the communication channel causing periods in time at which transmission of measurement data is impossible. We show that the proposed ETC scheme, if well designed, can tolerate a class of DoS signals characterized by frequency and duration properties without jeopardizing the stability, performance and Zeno-freeness of the ETC system. In fact, the design procedure of the ETC condition allows trade-offs between performance, robustness to DoS attacks and utilization of communication resources. The main results will be illustrated by means of a numerical example

An Unknown Input Multi-Observer Approach for Estimation, Attack Isolation, and Control of LTI Systems under Actuator Attacks

We address the problem of state estimation, attack isolation, and control for discrete-time Linear Time Invariant (LTI) systems under (potentially unbounded) actuator false data injection attacks. Using a bank of Unknown Input Observers (UIOs), each observer leading to an exponentially stable estimation error in the attack-free case, we propose an estimator that provides exponential estimates of the system state and the attack signals when a sufficiently small number of actuators are attacked. We use these estimates to control the system and isolate actuator attacks. Simulations results are presented to illustrate the performance of the results

Learning-based attacks in cyber-physical systems

We introduce the problem of learning-based attacks in a simple abstraction of cyber-physical systems---the case of a discrete-time, linear, time-invariant plant that may be subject to an attack that overrides the sensor readings and the controller actions. The attacker attempts to learn the dynamics of the plant and subsequently override the controller's actuation signal, to destroy the plant without being detected. The attacker can feed fictitious sensor readings to the controller using its estimate of the plant dynamics and mimic the legitimate plant operation. The controller, on the other hand, is constantly on the lookout for an attack; once the controller detects an attack, it immediately shuts the plant off. In the case of scalar plants, we derive an upper bound on the attacker's deception probability for any measurable control policy when the attacker uses an arbitrary learning algorithm to estimate the system dynamics. We then derive lower bounds for the attacker's deception probability for both scalar and vector plants by assuming a specific authentication test that inspects the empirical variance of the system disturbance. We also show how the controller can improve the security of the system by superimposing a carefully crafted privacy-enhancing signal on top of the "nominal control policy." Finally, for nonlinear scalar dynamics that belong to the Reproducing Kernel Hilbert Space (RKHS), we investigate the performance of attacks based on nonlinear Gaussian-processes (GP) learning algorithms

Towards Stabilization of Distributed Systems under Denial-of-Service

In this paper, we consider networked distributed systems in the presence of Denial-of-Service (DoS) attacks, namely attacks that prevent transmissions over the communication network. First, we consider a simple and typical scenario where communication sequence is purely Round-robin and we explicitly calculate a bound of attack frequency and duration, under which the interconnected large-scale system is asymptotically stable. Second, trading-off system resilience and communication load, we design a hybrid transmission strategy consisting of Zeno-free distributed event-triggered control and Round-robin. We show that with lower communication loads, the hybrid communication strategy enables the systems to have the same resilience as in pure Round-robin

A Multi-Observer Approach for Attack Detection and Isolation of Discrete-Time Nonlinear Systems

We address the problem of attack detection and isolation for a class of discrete-time nonlinear systems under (potentially unbounded) sensor attacks and measurement noise. We consider the case when a subset of sensors is subject to additive false data injection attacks. Using a bank of observers, each observer leading to an Input-to-State Stable (ISS) estimation error, we propose two algorithms for detecting and isolating sensor attacks. These algorithms make use of the ISS property of the observers to check whether the trajectories of observers are `consistent' with the attack-free trajectories of the system. Simulations results are presented to illustrate the performance of the proposed algorithms.Comment: arXiv admin note: text overlap with arXiv:1805.0424

On Joint Reconstruction of State and Input-Output Injection Attacks for Nonlinear Systems

We address the problem of robust state reconstruction for discrete-time nonlinear systems when the actuators and sensors are injected with (potentially unbounded) attack signals. Exploiting redundancy in sensors and actuators and using a bank of unknown input observers (UIOs), we propose an observer-based estimator capable of providing asymptotic estimates of the system state and attack signals under the condition that the numbers of sensors and actuators under attack are sufficiently small. Using the proposed estimator, we provide methods for isolating the compromised actuators and sensors. Numerical examples are provided to demonstrate the effectiveness of our methods.Comment: arXiv admin note: text overlap with arXiv:1904.0423

Resilient Consensus Control Design for DC Microgrids against False Data Injection Attacks Using a Distributed Bank of Sliding Mode Observers

This paper investigates the problem of false data injection attack (FDIA) detection in microgrids. The grid under study is a DC microgrid with distributed boost converters, where the false data are injected into the voltage data so as to investigate the effect of attacks. The proposed algorithm uses a bank of sliding mode observers that estimates the states of the neighbor agents. Each agent estimates the neighboring states and, according to the estimation and communication data, the detection mechanism reveals the presence of FDIA. The proposed control scheme provides resiliency to the system by replacing the conventional consensus rule with attack-resilient ones. In order to evaluate the efficiency of the proposed method, a real-time simulation with eight agents has been performed. Moreover, a verification experimental test with three boost converters has been utilized to confirm the simulation results. It is shown that the proposed algorithm is able to detect FDI attacks and it protects the consensus deviation against FDI attacks

Resilient Control Under Denial-of-Service:Results and Research Directions

The question of security is becoming central for the current generation of engineering systems which more and more rely on networks to support monitoring and control tasks. This chapter addresses the question of designing network control systems that are resilient to Denial-of-Service, that is to phenomena which render a communication network unavailable to use. We review recent results in this area and discuss some of the research challenges.</p