Cybersecurity Landscape on Remote State Estimation: A Comprehensive Review

Jing Zhou; Jun Shang; Tongwen Chen

doi:10.1109/JAS.2024.124257

Volume 11 Issue 4

Apr. 2024

IEEE/CAA Journal of Automatica Sinica

JCR Impact Factor: 15.3, Top 1 (SCI Q1)

CiteScore: 23.5, Top 2% (Q1)
Google Scholar h5-index: 77， TOP 5

Turn off MathJax

Article Contents

Abstract

I. Introduction

II. System Model and Problem Setup

III. Optimal Attack Strategies

IV. Defensive Countermeasures

V. Beyond Integrity Attacks

VI. Conclusions and Future Works

References

Article Navigation > IEEE/CAA Journal of Automatica Sinica > 2024 > 11(4): 851-865

J. Zhou, J. Shang, and T. Chen, “Cybersecurity landscape on remote state estimation: A comprehensive review,” IEEE/CAA J. Autom. Sinica, vol. 11, no. 4, pp. 851–865, Apr. 2024. doi: 10.1109/JAS.2024.124257

Citation:

J. Zhou, J. Shang, and T. Chen, “Cybersecurity landscape on remote state estimation: A comprehensive review,” IEEE/CAA J. Autom. Sinica, vol. 11, no. 4, pp. 851–865, Apr. 2024. doi: 10.1109/JAS.2024.124257

Citation:

PDF( 823 KB)

Cybersecurity Landscape on Remote State Estimation: A Comprehensive Review

doi: 10.1109/JAS.2024.124257

Funds: This work was supported by the Natural Sciences and Engineering Research Council (NSERC) of Canada

More Information

Author Bio:
Jing Zhou (Member, IEEE) received the B.Eng. degree in mechanical engineering from Huazhong University of Science and Technology, in 2015, and the M.Eng. degree in dynamic systems and control from Peking University, in 2018. He received the Ph.D. degree in control systems from the University of Alberta, Canada in 2022. He is currently a Postdoctoral Fellow with the Department of Electrical and Computer Engineering, University of Alberta.He was a recipient of the Best Student Paper Award from the 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS), Victoria, Canada, May 2021. His research interests include cyber-security, fault diagnosis, and industrial alarm systems

Jun Shang (Member, IEEE) received the B.Eng. degree in control science and engineering from Harbin Institute of Technology, in 2013, and the Ph.D. degree in control science and engineering from Tsinghua University, in 2018. From September 2018 to January 2023, he was a Postdoctoral Fellow with the Department of Electrical and Computer Engineering, University of Alberta, Canada.He is currently a Professor with the Department of Control Science and Engineering, Tongji University. His research interests include fault diagnosis, cyber-physical security, and networked control

Tongwen Chen (Fellow, IEEE) is presently a Professor and Tier 1 Canada Research Chair in Intelligent Monitoring and Control in the Department of Electrical and Computer Engineering at the University of Alberta, Canada. He received the B.Eng. degree in automation and instrumentation from Tsinghua University (Beijing) in 1984, and the M.A.Sc. and Ph.D. degrees in electrical engineering from the University of Toronto in 1988 and 1991, respectively.His research interests include computer and network based control systems, process safety and alarm monitoring, and their applications to the process and power industries. He has served as an Associate Editor for several international journals, including Automatica and IEEE Transactions on Automatic Control. He received the 2021 Outstanding Engineer Award from IEEE Canada. He is a Fellow of IFAC, the Royal Society of Canada, and the Canadian Academy of Engineering
Corresponding author: Jun Shang, e-mail: shangjun@tongji.edu.cn
Received Date: 2023-12-06
Accepted Date: 2024-01-17

Available Online: 2024-01-29

Abstract

Abstract

Cyber-physical systems (CPSs) have emerged as an essential area of research in the last decade, providing a new paradigm for the integration of computational and physical units in modern control systems. Remote state estimation (RSE) is an indispensable functional module of CPSs. Recently, it has been demonstrated that malicious agents can manipulate data packets transmitted through unreliable channels of RSE, leading to severe estimation performance degradation. This paper aims to present an overview of recent advances in cyber-attacks and defensive countermeasures, with a specific focus on integrity attacks against RSE. Firstly, two representative frameworks for the synthesis of optimal deception attacks with various performance metrics and stealthiness constraints are discussed, which provide a deeper insight into the vulnerabilities of RSE. Secondly, a detailed review of typical attack detection and resilient estimation algorithms is included, illustrating the latest defensive measures safeguarding RSE from adversaries. Thirdly, some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers’ and defenders’ perspectives. Finally, several challenges and open problems are presented to inspire further exploration and future research in this field.
- Cyber-attacks,
- Kalman filtering,
- remote state estimation,
- unreliable transmission channels

FullText(HTML)

I. Introduction

THE last decade has witnessed rapid progress in the development of cyber-physical systems (CPSs), which are tight integrations of computational, networking, and physical components. CPSs provide a general modeling framework that covers various industrial processes and critical infrastructures, e.g., power grids [1], water distribution networks [2], intelligent transportation systems [3], smart medical devices [4], and industrial control systems [5]. The safe and efficient operation of CPSs depends significantly on the reliable transmission of data packets, which could be manipulated craftily by malicious agents particularly if wireless networks are deployed. Stuxnet is one such well-known cyber-worm that caused great damage to nuclear facilities in Iran by injecting falsified control commands [5]. In 2015, a synchronized and coordinated cyber-attack compromised three Ukrainian regional electric distribution companies, resulting in power outages affecting approximately 225 000 customers for several hours [6]. A recent cyber-attack that crippled the largest fuel pipeline in the U.S. and led to energy shortages across the east coast was another prominent example [7]. These real-world incidents evidently indicate the necessity and urgency to explore the inherent vulnerabilities of CPSs and develop defensive countermeasures against cyber-attacks.

The security of CPSs can be conceptualized as comprising three primary facets in Fig. 1: integrity, availability, and confidentiality. Correspondingly, the cyber-threats that undermine these attributes are respectively termed as false-data injection (FDI), denial-of-service (DoS), and eavesdropping attacks [8]–[10]. Among these, FDI and DoS attacks have constituted the predominant share of real-world incidents and have been the central focus of academic research in CPS security for the past decade. In DoS attacks, adversaries disseminate noisy packets to obstruct communication channels among data terminals, thereby rendering valuable information inaccessible to the intended recipients [11], [12]. FDI attacks, also referred to as integrity attacks, demand more substantial resources for practical implementation. Adversaries must infiltrate communication links to alter original packets or insert falsified data. In both scenarios, CPS nominal performance undergoes significant deterioration, potentially resulting in increased control costs [13], diminished state estimation quality [14], and even instability within closed-loop systems [15]. Eavesdropping attacks, while seemingly less intrusive since the attacker’s actions do not directly impact system performance, can still have devastating consequences owing to the leakage of critical information [16], [17]. Other less frequently encountered cyber threats in the industrial realm encompass topology poisoning, load redistribution, and data framing attacks [18]. Despite the inevitability of these malicious disruptions, adversaries are typically unable to execute uncontrolled attacks due to the countermeasures employed by system defenders, such as virus firewalls, anomaly detectors, and data encryption mechanisms [19]–[21]. Moreover, the limited resource budgets of adversaries and their restricted access to secure information also narrow down the spectrum of feasible attack policies.

Figure 1. Three facets of CPS security.

DownLoad: Full-Size Img PowerPoint

Remote state estimation (RSE) is an essential functional module in CPSs. The primary objective of RSE is to derive estimates of physical processes based on measurements collected remotely, such as from sensors or cameras, without necessitating direct physical access. In practical applications, state estimates are usually utilized for feedback control and operation status monitoring, underscoring the pivotal role of RSE in ensuring the safe and efficient operation of industrial facilities. Nevertheless, the discerption of estimators and physical units renders it easier for adversaries to launch cyber-attacks compared to integrated systems. Recently, it has been demonstrated in numerous publications that adversaries can manipulate data packets transmitted through unreliable channels of RSE, resulting in significant degradation of estimation performance and the leakage of confidential information [22], [23]. While the field of fault detection and fault-tolerant control has witnessed the application of effective algorithms for anomaly detection and enhancing the resilience of physical systems [24], these methods may fail to defend against cyber-attacks. Transmission or component failures are usually considered as physical events that affect the performance of RSE in an uncoordinated manner, rendering them relatively easy to detect. On the contrary, cyber-attacks are ingeniously designed by intelligent adversaries, making their detection and mitigation a much more challenging task.

In the field of smart grids, Liu et al. discovered that by introducing falsified data into the sensor channels, it was possible to greatly amplify the error of least square estimators [1]. Moreover, this attack had the capability to completely evade detection by residual-based bad-data detectors. While their primary focus was on least-square estimators, this investigation can be considered as the pioneering effort that ignited widespread research on the vulnerabilities of RSE. The relevant investigation has been extended from static systems in smart grids to dynamic ones in networked control systems. The estimators that are examined consist of both least square estimators and Luenberger observers. In situations where the process and measurement noises follow Gaussian distributions, Kalman filters are typically employed to attain optimal state estimates with minimal mean-square errors. Recently, numerous publications have delved into the examination of security concerns pertaining to a wide array of topics, including event-triggered estimators [25]–[27], distributed estimators [28]–[30], multiple-sensor systems [31], [32], RSE in nonlinear plants [33], [34], and other forms.

The existing research concerning vulnerabilities of RSE can be broadly classified into two main categories:

Problem 1: Design of worst-case attacks: This category focuses on developing attacks that are optimized subject to stealthiness and/or energy constraints. These studies seek to identify the most effective strategies for degrading system performance, primarily from the perspective of adversaries.

Problem 2: Attack detection/identification and resilient estimation algorithms: This category is dedicated to developing methods for detecting and identifying attacks, as well as creating resilient estimation algorithms. These efforts aim to mitigate the impacts of attacks, primarily from the standpoint of defenders.

Due to practical restrictions, the synthesis of optimal attacks and defensive countermeasures often takes the form of a constrained optimization problem. This problem seeks to maximize the benefit of an agent, whether an attacker or a defender, while adhering to stealthiness, resource budget, and information constraints [23], [35]. There are also some studies assuming that the dynamic actions of both attackers and defenders are known to each other. Consequently, each side can react optimally based on their opponent’s actions. The decision-making process for both parties is explored within the framework of game theory [36]–[38].

To provide an up-to-date perspective on the current state of research and to stimulate further exploration in this area, this paper aims to provide an extensive overview of recent developments in the model-based synthesis of cyber-attacks against RSE and defensive countermeasures. In contrast to many existing surveys that cover a broader range of cyber-attacks, including aspects such as control performance loss, attack-resilient control, or domain-oriented reviews [4], [7], [18], [19], [21], [39]–[46], this paper is dedicated to a more detailed examination on the performance degradation of RSE and the defense techniques. A comparison of recent surveys on cybersecurity of CPSs is listed in Table I.

Table I. Related Surveys on Cybersecurity of RSE

Year	References	Target plants	Attack types	Main focus
2019	[40]	Smart grids	Integrity, topology, eavesdropping	Distributed state estimation in smart grids
2019	[41]	Linear models	DoS, integrity	Modeling and secure control
2020	[42]	Linear models	Integrity	Attack detection
2021	[43]	Feedback control systems	DoS, integrity	Attack detection, estimation, and control
	[44]	General CPSs	DoS, integrity	Secure state estimation and control
	[45]	Multi-agent systems	DoS, integrity	Fault (attack) detection and tolerant (resilient) control
2022	[39]	LTI and discrete-event systems	DoS, integrity, eavesdropping	System modeling, attack design and defense
2022	[46]	Discrete event systems	Integrity	Attack design and countermeasures
This study		LTI systems	DoS, integrity, eavesdropping	Attack design and countermeasures in RSE

| Show Table

DownLoad: CSV

The remainder of this paper is organized as follows. Section II describes the system model and formulates the problem of cyber-attacks against RSE. Section III discusses the synthesis of integrity attack strategies with various performance metrics and stealthiness/energy constraints. Section IV reviews the representative defensive measures against cyber-attacks. Section V briefly discusses other types of attacks that affect data confidentiality and availability of RSE. Finally, Section VI concludes the discussion and addresses some challenging issues related to this topic.

II. System Model and Problem Setup

The system configuration of RSE is illustrated in Fig. 2. The process dynamics are characterized by a discrete linear time-invariant (LTI) system:

Figure 2. System configuration of RSE.

DownLoad: Full-Size Img PowerPoint

$\qquad\qquad\qquad x_{k+1} = Ax_k+w_k \tag{1a}$

$\qquad\qquad\qquad y_k = Cx_k+v_k \tag{1a}$

where $x_k$ and $y_k$ represent the state and sensor measurement, respectively; $w_k$ and $v_k$ are the process and measurement noises, respectively. In the majority of existing works, $w_k$ and $v_k$ are assumed to be zero-mean independent and identically distributed (i.i.d.) Gaussian noises with known covariances. Therefore, a standard Kalman filter without packet dropouts and delays can be employed at the remote end to estimate system states. Let $x_{k|k}$ denote the a posteriori minimum mean-square error (MMSE) state estimate and $P_{k|k}$ the corresponding estimation error covariance,

$\begin{align} P_{k|k} = {\mathbb{E}}[(x_k-x_{k|k})(x_k-x_{k|k})^{{T}}] \end{align}$

(2)

then the state estimation quality, also known as the performance of RSE, can be measured by $\text{Trace}(P_{k|k})$ . To reveal potential faults or attacks within physical units and transmission channels, a residual-based anomaly detector is typically deployed in parallel with RSE and generates a binary alarm sequence according to

$\begin{align} {\cal{A}}_k = \begin{cases}1 \ \ \ \ \mathrm{if} \ \ g_k({\textit{z}}_k) \geq \delta \\ 0 \ \ \ \ \mathrm{else} \end{cases} \end{align}$

(3)

where ${\textit{z}}_k = y_k-Cx_{k|k-1}$ is called innovation or residual, $x_{k|k-1}$ represents the a priori state estimates of RSE, and $\delta>0$ is a defender-specified scalar that controls the false-alarm rate (FAR) at nominal conditions; $g_k(\cdot)$ is the evaluation function that takes various forms depending on the statistical properties of $w_k$ and $v_k$ . If $g_k({\textit{z}}_k)$ exceeds a given detection threshold, an alarm indicating the occurrence of abnormal events will be raised ( ${\cal{A}}_k = 1$ ). As will be discussed in the next section, the different selections of the function $g(k)$ result in two popular frameworks for the design of so-called stealthy integrity attacks.

In this paper, our discussion primarily centers on the discrete-time LTI system in (1), a model that has been adopted by massive existing studies. This model serves as a fundamental structure that can be readily extended to various scenarios including multiple-sensor systems, distributed estimators, and event-based estimation. The control inputs are omitted in (1) because they do not affect the estimation quality if attacks are launched on only the sensor channel.

A Attack Model

The above system configuration is standard in model-based fault detection []. Nevertheless in , what differentiates cyber-attacks from transmission faults is that the sensor outputs ( $y_k$ , or ${\textit{z}}_k$ for smart sensors) in unreliable links can be intentionally eavesdropped on and altered by adversaries. Our ultimate objective is to safeguard RSE from malicious attacks. However, the ancient proverb “If you know both the enemy and yourself, you will fight hundreds of battles without a loss” highlights the importance of examining worst-case attacks that maximize the adversary’s advantage. In Problem 1, one assumes the perspective of an attacker and explores optimal strategies capable of causing the most significant degradation in estimation quality within RSE, taking into account various stealthiness and performance metrics. These studies are essential for uncovering vulnerabilities of RSE and laying the groundwork for the development of countermeasures. To this end, the following assumptions are often made to characterize the capabilities of potential adversaries.

1) An attacker knows all system parameters, noise statistics, and other necessary knowledge (system configuration, the type of anomaly detectors, etc.).

2) An attacker can eavesdrop on and/or modify the original data packets transmitted in unreliable channels. They may also be able to manipulate noise or interference power in transmission links.

These characteristics enable adversaries to launch FDI, DoS, and eavesdropping attacks. While powerful attackers may be rare in real-world scenarios, the above assumptions align with Shannon’s maxim, asserting that a system’s security should not depend on its obscurity [47]. Though it might be difficult in practice to obtain system parameters, we frequently adopt the perspective that adversaries can obtain them through methods such as system identification and controller intrusion. Stuxnet cyber-worm serves as a concrete example in the industrial realm [5]. Only by assuming that attackers possess comprehensive knowledge of target facilities, we can investigate the impact of the worst-case attacks.

B Performance Assessment and Stealthiness Metrics

When adversaries compromise RSE, their primary goal is to amplify the estimation error to a maximum extent. Let $\tilde{x}_{k|k-1}$ and $\tilde{x}_{k|k}$ represent the counterparts of $x_{k|k-1}$ and $x_{k|k}$ with presence of integrity attacks; $\tilde{P}_{k|k}$ is the corresponding a posteriori estimation error covariance. In existing studies, the performance indices can be categorized as:

1) Error Covariance Related Performance: At each instant, the compromised online data is designed to maximize the current-step estimation error ( $J_{g} = \text{Trace}(\tilde{P}_{k|k})$ ), the summation of estimation errors in a fixed time window ( $J_h = \sum_{i = k_1}^{k_2}\text{Trace}(\tilde{P}_{i|i})$ ), or the limit of the time-averaged MSE ( $J_a = \lim_{k\rightarrow \infty}\frac{1}{k}\sum_{i = k_1}^{k_1+k} \text{Trace}(\tilde{P}_{i|i})$ ).

2) Error Norm Related Performance: The compromised measurement is designed to cause a large difference between the corrupted and nominal state estimates. Some integrity attacks may cause the RSE to become unstable, leading to unbounded estimation errors.

From an adversary’s perspective, enabling integrity attacks to bypass anomaly detectors is one of their primary imperatives. In existing studies, different definitions of stealthiness can be categorized as:

1) Stochastic Stealthiness: With Gaussian process and measurement noises, $g_k({\textit{z}}_k) = {\textit{z}}_k^{\mathrm{T}}\Sigma^{-1}{\textit{z}}_k$ applies, where $\Sigma$ is the covariance of ${\textit{z}}_k$ in steady state. It is then required that the compromised innovation exhibits the same statistical properties as the nominal condition []. The stealthiness constraint is $\tilde{z}_k\sim{\cal{N}}(0,\Sigma)$ . This definition can be extended to the case of relaxed stealthiness quantified by the Kullback-Leibler (KL) divergence between the compromised and nominal innovations (or outputs).

2) Deterministic Stealthiness: In more general cases, the process and measurement noises are not necessarily Gaussian (e.g., norm-bounded), then a Luenberger observer can be adopted; the norm-based residual detector admits the form $g_{k}({\textit{z}}_k) = \|{\textit{z}}_k\|$ . A frequently employed approach involves limiting the norm of the difference between the compromised and nominal system residuals to remain within a specified threshold, i.e., $\|\Delta {\textit{z}}_k\|\leq \epsilon$ , where $\Delta {\textit{z}}_k = \tilde{z}_k-{\textit{z}}_k$ .

The design of integrity attacks maximizing covariance related performance metrics subject to stochastic stealthiness will be discussed in Section III-A. The design of integrity attacks with estimation error norm related performance and deterministic stealthiness will be discussed in Section III-B.

III. Optimal Attack Strategies

In the following, two representative frameworks for the design of stealthy integrity attacks are discussed. The relevant studies and defensive measures are classified in Fig. 3.

Figure 3. Synthesis and defensive measures for integrity attacks.

DownLoad: Full-Size Img PowerPoint

A Stochastic Attacks

In this section, we examine different attacks aimed at maximizing the performance index associated with error covariance while adhering to stealthiness constraints based on statistical properties. Denote the set of eavesdropped data as

$\begin{align*} {\mathbb{I}}_k = \{y_{\bar{k}}, y_{\bar{k}+1}, \ldots, y_{k}\} \end{align*}$

then creating an optimal attack involves determining a mapping from ${\mathbb{I}}_k$ to the space of sensor outputs, and obtaining its general form can be challenging. Note that synthesizing the compromised output $(\tilde{y}_k)$ is equivalent to designing $\tilde{z}_k$ if the initial state of RSE is known to the adversary. Some earlier work frequently adopted linear attack models. Recently, general information-based attacks without the linearity assumption have also been derived.

1) Innovation-Based Static Linear Attacks: In the pioneering work [], Guo et al. introduced an innovation-based linear attack that maximizes $J_g$ , where the compromised innovation is assumed to be a linear transformation of the current-step nominal innovation, augmented by compensatory Gaussian white noises. It is then proved that the optimal attack strategy is simply inverting the sign of the nominal innovation. This interesting result has sparked extensive research endeavors since then; a majority of them lie in the following linear domain with different ${\cal{S}}$ [35], [48]–[53]:

$\begin{align} \tilde{z}_k = \sum_{i\in{\cal{S}}}T_i^k{\textit{z}}_i+b_k, \ \ \ b_k\sim{\cal{N}}(0,\Phi_k) \end{align}$

(4)

where ${\cal{S}}$ is the index set of employed innovations; $T_i^k$ and $\Phi_k$ are parameters to be determined. The optimal attack in [] led to an i.i.d. compromised innovation sequence, enabling it to deceive $\chi^2$ detectors of arbitrary detection lengths. To strike a balance between attack performance and stealthiness, Li and Yang developed a linear attack that utilizes the current innovation and an additional historical one, positioned beyond the sliding window of $\chi^2$ detectors [48]. This modification enhanced the attack’s stealthiness, enabling it to deceive anomaly detectors that use a fixed-length moving window. To further enhance attack performance by incorporating more information available, Shang and Chen employed a range of historical nominal innovations to design linear attacks []. They derived explicit solutions for optimal attack coefficients, eliminating the need for numerical optimization. The policy can achieve greater attack performance compared with [], []. However, the compromised innovation showed sequential correlations across consecutive steps, allowing the attack to bypass only single-step $\chi^2$ detectors.

Owing to its simplicity, the linear strategy has also been adopted to synthesize FDI attacks that maximize $J_h$ . This optimization presents greater complexity as the influence of the compromised measurements will keep propagating through the estimator dynamics. To address this problem, Li and Yang studied a linear attack strategy based on Gaussian distributions with arbitrary means [50]. The optimal attack coefficients are determined through the application of the Lagrange multiplier method to solve a constrained quadratic optimization problem. Shang et al. examined a similar linear attack model, where the worst-case attacks without zero-mean constraints are analytically derived [54]. The linear attack model has also found applications in various scenarios where attackers can deploy extra sensors to measure system states [35], [51], [53] and in optimal integrity attacks featuring relaxed stealthiness measured by the KL divergence [52], [54].

2) Dynamic Linear Attacks: Although substantial research efforts have been invested in synthesizing innovation-based linear attacks, the inherent linearity assumption significantly confines the feasible behaviors of attackers, and thus all these policies are not guaranteed to achieve the maximum attack performance globally. In order to address this limitation, Ren et al. designed the compromised innovation as a linear combination of the current-step nominal innovation and a historically compromised one, resulting in a dynamic linear attack model [55]. It can be proved that the attack generated by this model leads to an equivalent estimation performance degradation as the innovation-based approach that incorporates all historical data [49], but the dynamic one shows distinct advantages since it requires only two parameters to be determined at each step because of the recursive structure.

The dynamic model in [55] accommodates only the case of symmetric information, where the compromised innovation is designed based on only the eavesdropped measurements. Recently, a surprising finding by Zhou et al. revealed that the information-based optimal attack should be designed as an affine function of the MMSE estimate of the current-step compromised prediction error of RSE [56]–[58]. A “separation principle” is proposed as a comprehensive design framework that can accommodate diverse information scenarios. The conclusion indicates that the worst-case attack performance depends on both the quantity of online information available and the width of the detection window. Furthermore, the compromised outputs can also be generated by the following linear time-varying (LTV) system:

$\qquad\qquad \qquad \theta_k = G_{k-1}\theta_k+F_ky_k+Eb_{k-1} \tag{5a}$

(5a)

$\qquad\qquad\qquad \tilde{z}_k = T_k\theta_k+b_k \tag{5b}$

whose coefficient matrices are fully determined offline by system parameters.

The preceding discussion primarily focuses on a simplified system model in Fig. 2. Recently, numerous publications have delved into variations of the fundamental problem formulation, such as those involving partially secured channels [32], [59]–[63] and event-based estimators [26], [27], [64], [65].

3) Attacks on Partially Secured Channels: In this category, one representative scenario involves measurement data possessing different levels of confidentiality or being transmitted via different mediums to remote terminals. As a consequence, attackers can compromise only the unreliable channels but not the secured ones. In response to this scenario, Guo et al. devised an innovation-based linear attack strategy, which leverages additional equality constraints imposed by secure channels [59], [60]. They provided explicit solutions for the optimal attack strategy and analyzed the relationship between the compromised estimation error covariance and the attacked sensors. To further enhance attack effectiveness, Xu et al. proposed the utilization of historical innovation intervals from both secure and insecure sensors to construct linear attacks []. This approach is also capable of completely deceiving the sequential anomaly detector studied in []. However, it should be noted that all the aforementioned attacks are formulated in a static linear format and are designed to maximize $J_g$ . The derivation of optimal information-based attacks without the linearity assumption in the presence of secure channels still remains an open problem.

In practical cases, attackers may compromise only a subset of transmitted links simultaneously due to constraints on their energy or resources. Consequently, the allocation of attack power becomes a significant consideration. In light of this, Ren et al. investigated a scenario where attackers could compromise at most N out of M channels at each time, with the objective of maximizing $J_a$ at the fusion center [62]. This problem was formulated as a Markov decision process (MDP) problem, and the existence of an optimal deterministic and stationary policy was established.

4) Attacks on Event-Based Estimators: Integrity attacks on event-triggered RSE can either modify the event-triggering mechanism or directly alter the transmitted data. In the former case, Cheng et al. investigated an attacker’s objective to degrade RSE performance while evading detection based on communication rates [27]. They obtained a closed-form relationship between the compromised event-triggering threshold and the nominal scheduling threshold. In the latter case, Shang et al. studied a more complicated scenario, where adversaries had the capability to launch DoS attacks, injection attacks, or a combination of both, subject to constraints on transmission rates and probability distributions [64]. In contrast to prior Gaussian approximations [27], it is shown that the innovation in event-based RSE follows a complete Gaussian crater distribution, which forms the basis for analyzing the stealthiness properties of the proposed attacks.

There is also some work leveraging event-triggering techniques to design FDI attacks. A representative work is [26], where Zhao et al. devised an event-triggered policy in which the optimal attack in [22] would be executed if a stochastic event-triggering condition was met.

5) Other Attack Scenarios: In the stochastic framework, stealthiness is defined based on the statistical properties of single or multiple-step innovations. This definition is consistent with the detection logic of $\chi^2$ detectors, where innovations in a sliding window are utilized to construct the detection index. On the contrary, several studies adopt the KL divergence between the compromised and nominal innovation (or output) sequences as a measure of stealthiness [14], [66], [67]. Some significant findings are presented in [14], [66], where Bai et al. quantified the upper bound of degradation in the worst-case scenario when an attacker ensures a specific level of stealthiness. In order to better evaluate the attack’s impacts on the estimation quality, Li and Yang designed an attack policy that maximizes the weighted combination of the average and terminal error covariance [68]. Different from the previous attacks, the synthesis of the attack policy was not based on the historical measurements; the off-line designed compromised signal was equivalent to adding an i.i.d. Gaussian noise to the nominal innovation.

The design of stochastic attacks largely depends on the formulation of the corresponding optimization problem. Generally, it is not appropriate to compare the effectiveness of attack policies if they adopt different stealthiness and performance metrics. In contrast to the deterministic attacks to be covered in the next section, these attacks typically necessitate the accessibility of online data to adversaries. This enables a “closed-loop” design aligning with our intuition: the greater the availability of online data, the more significant the potential for FDI attacks to cause estimation quality degradation. Future endeavors could be dedicated to researching stealthy attacks in distributed estimators and sensor networks, where more sophisticated detectors based on connectivity and topology information are employed to reveal anomalies. Moreover, it is worth pointing out that requiring compromised innovations to match nominal innovations statistically is sufficient (but not necessary) for maintaining the alarm rate (AR). Future studies that directly consider the stealthiness constraint on AR could possibly produce more destructive attacks.

B Deterministic Attacks

The second approach for crafting stealthy deception attacks relies on deterministic system theory. This framework is better suited for designing integrity attacks that compromise systems characterized by bounded noises. By defining $\Delta \hat{x}_k$ and $\Delta {\textit{z}}_k$ respectively as the state estimation difference and the residual difference between the compromised and nominal systems, the analysis of deterministic attacks can be achieved based on the following dynamic model [69]:

$\qquad\qquad \Delta \hat{x}_{k+1} = (A-KCA) \Delta \hat{x}_k+K a_{k+1} \tag{6a}$

$\qquad\qquad \Delta {\textit{z}}_{k+1} = -C A \Delta \hat{x}_k+a_k \tag{6b}$

where $a_k$ denotes the data injection in sensor channels and K is the estimator gain. This model originates from the linearity of LTI systems and is formulated by considering only the effects of attacks on system dynamics. The main objective is to determine whether there exists an attack sequence capable of causing the above system to exhibit unbounded states while maintaining bounded outputs.

1) Design of Stealthy Attacks: The pioneering work on vulnerabilities of linear-quadric Gaussian control systems was presented by Mo and Sinopoli [], where the notions of $(\epsilon,\alpha)$ -attackability and perfect attackability are defined. The paper also provided a necessary and sufficient condition for a system to be perfectly attackable, which depends on the unstable eigenvalues (denoted as λ) and eigenvectors of A. Based on (6), a typical stealthy attack sequence independent of ${\mathbb{I}}_k$ is generated according to

$\begin{align} \tilde{y}_k = \tilde{y}_{k-1}-\rho \lambda^{k+1}\mu \end{align}$

(7)

where ρ is a constant and µ is determined by the eigenvector associated with λ. Motivated by [], Hu et al. gave a similar insecure definition for RSE and derived necessary and sufficient conditions for such property when all communication channels and partial channels are compromised []. It should be highlighted that in these studies $\Delta {\textit{z}}_{k}$ had to stay bounded. To completely mitigate the impact of FDI attacks on the detection function, Zhang and Ye introduced the concept of complete stealthiness, which further necessitates that $\lim_{k\rightarrow \infty}\|\Delta {\textit{z}}_k\| \rightarrow 0$ . This idea was later expanded upon to include energy stealthiness, which aims to deceive the summation (SUM) detector by maintaining a bounded level of accumulated attack energy [70]. The study established both necessary and sufficient conditions for crafting FDI attacks with complete stealthiness and energy stealthiness.

Note that (6) is a dynamic system purely driven by $a_k$ . The deterministic attack linked to (6) resembles what is commonly known as a “zero-dynamic attack”, typically executed on the controller side [71]. This form of attack aims to deceive the controller by making the compromised control signal and sensor output appear consistent with the process’s nominal state. It is crafted using the zero dynamics of a system, where the output remains identically zero due to a specific combination of initial conditions and control inputs. Consequently, the process of synthesizing integrity attacks against RSE can be linked to the development of zero-dynamic attacks in controller channels.

2) Reachable Set Analysis: In addition to the design of stealthy attacks, noticeable research efforts have been devoted to analyzing the maximum state deviations caused by these attacks [72]–[75]. In [73], Kwon et al. considered three kinds of stealthy attacks according to the attackers’ ability to compromise the system. They presented a method to evaluate the reachable error region for sensor-only attacks by formulating a stochastic optimal control problem. Following this study, many endeavors have been undertaken to investigate security concerns within control systems by analyzing reachable sets. For instance, Mo and Sinopoli studied the effect of stealthy integrity attacks on CPSs and demonstrated that the attacker’s strategy can be formulated as a constrained control problem; the characterization of the maximum perturbation can be posed as reachable set computation, which is solved by ellipsoidal approximation methods [74]. In [75], Murguia et al. proposed two security metrics to quantify the potential impact of stealthy attacks: the volume of the attacker’s reachable set and the minimum distance to critical states. The authors also provided synthesis tools to redesign controllers and monitors such that the impact of stealthy attacks is minimized and the desired attack-free performance is guaranteed.

3) Other Scenarios: The deterministic design framework has also been extended to distributed systems. In [76], Wang et al. studied a slightly different scenario that attackers can corrupt both the output measurements and the state estimates in distributed state estimation. The authors derived necessary and sufficient conditions for the vulnerability of the system under different attack scenarios.

Based on (6), Chen et al. studied a scenario where attackers aim to regulate the estimation error to a value arbitrarily defined by them, which can reduce the likelihood of detection by amplitude detectors [77]. They used dynamic programming to derive an explicit expression for the optimal attack sequence and also analyzed its convergence and feasibility.

While most of the relevant studies focus on the conditions whether there exists an attack sequence causing instability in estimators, there is also some work investigating the maximum state estimation deviation in a finite horizon. In this case, the design of attack policies is based on solutions to an optimization problem. A representative study is presented in [78], where the optimal deterministic attack is derived by maximizing a quadratic objective function subject to energy constraints.

Deterministic attacks are typically created by exploiting the control system’s unstable modes. These attack signals can be fully determined without the need for knowledge of the online transmitted data, which differentiates it from stochastic attacks. However, this “open-loop” design may lack robustness in terms of maintaining stealthiness properties. To determine the unstable eigenvalues and eigenvectors of the system matrix, attackers have to possess highly precise information about the system parameters. Otherwise, self-generated attacks may not be able to consistently keep the residual within bounded limits.

Different attack approaches in the two frameworks are summarized in Table II, where the classification is based on the attack model, performance measure, stealthiness metric, the existence of side information, and the existence of secured transmission channels.

Table II. Design of Stealthy Integrity Attacks on RSE

Design framework	References	Attack model				Performance			Stealthiness			Side information	Secured channel
Design framework	References	$\mathrm{M}_1$	$\mathrm{M}_2$	$\mathrm{M}_3$	$\mathrm{M}_4$	$\mathrm{P}_1$	$\mathrm{P}_2$	$\mathrm{P}_3$	$\mathrm{S}_1$	$\mathrm{S}_2$	$\mathrm{S}_3$	Side information	Secured channel
Stochastic attacks	[22], [48], [49], [52], [54]	√				√			√
	[35], [51], [53]	√				√			√			√
	[55], [79]		√			√			√
	[56]–[58]		√			√			√			√
	[32], [59], [60], [63]	√				√			√				√
	[68]				√	√			√
	[30]	√				√					√
Deterministic attacks	[15], [70]			√			√			√
	[77], [80]				√			√		√
	[69]			√			√			√			√
	[81]		√					√			√
$\mathrm{M}_1$ : Innovation-based linear attacks; $\mathrm{M}_2$ : Dynamic linear attacks; $\mathrm{M}_3$ : Self-generated attacks; $\mathrm{M}_4$ : Other forms. $\mathrm{P}_1$ : Estimation-error covariance-based performance; $\mathrm{P}_2$ : Stability-based performance; $\mathrm{P}_3$ : Other performance. $\mathrm{S}_1$ : Probability density function based stealthiness measure; $\mathrm{S}_2$ : Norm-based metric; $\mathrm{S}_3$ : Other metrics.

| Show Table

DownLoad: CSV

IV. Defensive Countermeasures

While extensive research has been dedicated to exploring integrity attacks, these studies have significantly contributed to our comprehension of inherent vulnerabilities within RSE. As a result, many effective techniques have been introduced in the past decade to enhance the security of RSE. It is seen that a unified design framework for countermeasures is lacking, with scholars from diverse disciplines making significant contributions through different techniques.

For general linear descriptor systems, Pasqualetti et al. proposed a mathematical framework for CPSs, attacks, and monitors, and characterized the fundamental limitations of monitoring from system-theoretic and graph-theoretic perspectives [20]; both centralized and distributed monitors that can detect and identify attacks were designed. In [82], Fawzi et al. investigated the problem of state estimation for linear systems when some of the sensors are compromised by adversaries. The authors provided an efficient algorithm inspired by techniques in compressed sensing and error correction to estimate the state of the plant despite attacks. Recently, this detection framework has been extended to more general cases where the compromised sensors can change over time and the attack signals can be arbitrary and unbounded [83].

Regarding the enhancement of RSE security, notable countermeasures include watermarking-based defense [84]–[90], encryption-based defense [91]–[93], moving-target defense (MTD) [94]–[97], and a range of other approaches. Since integrity attacks are intentionally synthesized to deceive traditional passive detectors, most of these countermeasures aim at creating a proactive defense mechanism. As will be discussed later, the enhancement of system security using proactive methods often comes at the expense of sacrificing some other aspects of performance, e.g., control and estimation quality loss, or extra resource consumption.

A Watermarking-Based Defense

Watermarking referring to the technique of embedding secret data into a carrier signal, such as audio, video, or image data, is a widely adopted method in information security to prevent contents from unauthorized modification. The pioneering work of adopting this technique to CPS protection is [84], where Mo et al. designed a watermarking signal that is superimposed on the optimal control input and has statistical properties that maximize the detection performance while satisfying a constraint on the control performance. An optimal Neyman-Pearson detector that can determine if the system is under attack by comparing the observed and expected outputs is derived. Similarly, in [85] a secret noisy i.i.d. input is added to the optimal control signal. If the process is operating under normal conditions, the system operator should be able to detect the presence of the watermark in the sensor measurements. In order to defend against powerful adversaries who can read a subset of control inputs to design stealthy attacks, Weerakkody et al. proposed a robust physical watermarking based on the Neyman–Pearson criterion; a convex optimization problem to obtain the watermark signal was formulated [86].

The successful application of watermarking-based defense has been demonstrated in [88], where Ahmed et al. implemented the watermarking signal on a real water distribution testbed. The technique is shown to achieve a 100% true positive rate and a low FAR in detecting replay attacks while preserving the system performance and meeting consumer demand. Recently, this method has been extended to the cases of dynamic watermarking to protect linear-parameter-varying systems [89] and simultaneously online watermarking design and system identification [90].

It is worth emphasizing that the achievability of enhancing security using watermarking is often at the expense of nominal system performance degradation. Given these tradeoffs, the decision to use watermarking for security purposes should be carefully considered in the context of the specific application and its requirements. It is important to strike a balance between security and performance, taking into account factors like the sensitivity of the data, the resources available, and the control signal saturation.

B Encryption-Based Defense

In essence, the goal of data encryption/decryption-based defense is to make the intercepted data as difficult to decipher as possible, thereby enhancing the overall security of the system. Only those who possess the encryption key can decrypt the ciphertext back into its original form. Regarding CPS security, this technique is similar to coding/decoding-based defense, while the latter does not require secret keys to recover the original information. Based on this idea, Miao et al. proposed a low-cost method of coding the sensor outputs to detect stealthy FDI attacks. They showed the conditions for a feasible coding matrix that can increase the estimation residues under intelligent data injection attacks and provided an algorithm to compute such a matrix. The paper also presented a time-varying coding scheme to defend against attackers who can estimate the coding matrix from intercepted online data [91].

To defend against the extensively studied innovation-based linear attacks, Shang et al. studied a linear encryption approach to bolster the security of RSE, aiming to safeguard transmitted data against unauthorized alterations [92]. This linear encryption technique, synthesized by minimizing the worst-case estimation errors, was developed through the Stackelberg game analysis. Recently, this technique was extended to protect data transmission of traditional sensors by encrypting a subset of packets, which can strike a balance between resource utilization and security enhancement [93].

It is important to note that encryption-based defense strategies involve the incorporation of additional modules dedicated to data encryption and decryption. The hardware and computational resources required for these processes should be regarded as the overhead incurred in pursuit of heightened security. Moreover, the delays induced by data processing should also be taken into account in real-time systems. In practical scenarios, system defenders should carefully adjust their designs to achieve a favorable equilibrium between these performance metrics.

C Moving-Target Defense

MTD is a proactive strategy designed to enhance the security of computer systems and networks by frequently changing the attack surface and making it more difficult for adversaries to identify and exploit vulnerabilities. The core idea behind MTD is to create a dynamic and unpredictable environment for potential attackers. Following this idea, Tian et al. proposed an approach that actively changes the system configuration to invalidate attackers’ knowledge about the system and detect Stuxnet-like attacks [94]. The paper showed that MTD can deal with different types of attacks, such as measurement-independent stealthy attacks, control scaling attacks, and measurement replay attacks. In [95], the authors proposed to introduce extraneous states with time-varying dynamics that are unknown to the adversary but known to the defender and use additional sensors to measure these states.

More recently, Kanellopoulos and Vamvoudakis proposed a secure control algorithm for CPSs facing sensor and actuator attacks [97]. The technique integrated proactive and reactive defenses, with the proactive part using stochastic parameter adjustments to enhance unpredictability and the reactive part detecting attacks via an integral Bellman error computation. To analyze system properties when implementing MTD, the theory of switched systems is frequently employed. This adaptation allows for the examination of stability concerns associated with changes in system configurations.

MTD is an effective approach to defend against cyber-attacks. However, one of its drawbacks is that it can potentially lead to suboptimal system performance when there are no active cyber-attacks. It also introduces extra challenges, as frequent changes in system dynamics or configuration can complicate the design of defense strategies and the analysis of the system’s normal behavior.

D Other Defense Methods

It is seen that a unified framework to design countermeasures against cyber-attacks does not exist. Researchers from diverse disciplines contribute through different techniques [29], [31], [83], [98]–[104]. Among the work beyond the scope of proactive detection mechanism, some approaches aim to enhance the performance of traditional detectors through appropriate modifications []–[]. A representative work is presented by Ye and Zhang to detect deterministic FDI attacks []. They introduced a SUM detector, which uses both the current and historical information and has a statistical property that its evaluation value satisfies $\chi^2$ distribution when the system is normal and increases to infinity when the system is under attack. The superiority of the proposed method is demonstrated by the fact that two types of FDI attacks can be detected by the SUM detector but not the $\chi^2$ one.

Detecting stealthy attacks becomes relatively easier when secured transmission channels are in place. Correlations between data packets in both safe and unsafe channels can be leveraged to design a detection mechanism [31], [101], [105]. Based on this idea, Li et al. proposed three sequential data verification and fusion procedures for different detection scenarios [31]. This important work serves as a benchmark for many follow-up studies on defense against innovation-based linear attacks. For instance, Guo et al. introduced a Gaussian-mixture-model based detection mechanism [101]. The expectation–maximization algorithms are applied to cluster the local estimates from different sensors and assign a belief for each sensor, which is used to fuse the measurements accordingly. More recently, Chattopadhyay and Mitra introduced an online learning-based algorithm for secure state estimation [106]. The proposed method can accommodate the case where no safe sensors are in place and offers up to 3-dB improvement in MSE compared with [31]. However, it is worth pointing out that all these methods assume adversaries adopt the innovation-based linear model. The effectiveness of the countermeasures against broader attack types, such as dynamic linear attacks, should be re-examined in future studies.

In distributed state estimation, the information from neighboring sensors can be utilized to build a detection mechanism [29], [107]. In [29], Yang et al. designed a protector for each sensor based on the online innovation from its neighboring sensors. A sufficient condition for the stability of the estimator equipped with the proposed protector under hostile attacks was provided, and a critical attack probability that corresponds to a given steady-state estimation error covariance was derived.

The detection of integrity attacks has been studied using data-based methods [108], [109]. In situations where sufficient online data is collected, Shi et al. proposed transfer entropy countermeasures for anomaly detection under various attacks [109]. The transfer entropy is utilized to measure causality or information flow between sensor measurements or innovation sequences. The results showed how attacks can disturb the causality and change the transfer entropy values.

Finally, there are also a few studies investigating attack defense in a game-theoretic framework. A representative work is presented in [110], where Li et al. modeled the interaction between the defender and the attacker as a Stackelberg game, where the defender allocates defense resources to secure sensors and the attacker chooses target sensors to attack. They analyzed the optimal solutions for both sides under different types of budget constraints and transformed the game into linear programming problems.

The effectiveness of defensive measures varies depending on specific attack scenarios. Some techniques are developed to ensure that adversaries cannot satisfy the corresponding stealthiness condition easily. Therefore, the method may fail to defend against more sophisticated attackers that employ a stricter stealthiness measure. In practical cases, the continuous interplay between attackers and defenders makes the design of defensive measures a topic of enduring significance in the control community.

Different countermeasures against cyber-attacks are summarized in Table III, where the relevant references, the type of attacks to be defended, the main techniques adopted, and a few comments on their limitations are listed.

Table III. Representative Countermeasures Against Cyber-Attacks

Methods	References	Attacks	Techniques	Limitations
Watermarking	[84]–[86], [88]–[90]	Integrity	Optimization	Nominal performance loss
MTD	[94]–[97]	Integrity	Switched system, optimization	Nominal performance loss, complex design
Encryption	[91]–[93]	Integrity	Optimization	Extra computation modules, delays
Encryption	[111]–[114]	Eavesdropping	Optimization	Extra computation modules, delays
Game theory	[110]	Integrity	Optimization, MDP, Q-learning	Open strategies for players required
Game theory	[36], [37], [115]–[118]	DoS	Optimization, MDP, Q-learning	Open strategies for players required
Data-driven	[108], [109]	Integrity	Causality inference, subspace approach	Large amounts of high-quality data required

| Show Table

DownLoad: CSV

V. Beyond Integrity Attacks

In this section, we briefly review the design of DoS and eavesdropping attacks and the corresponding countermeasures in the basic problem setup. Interested readers may refer to [25], [119] for event-based estimators and [28], [64], [120]–[123] for hybrid DoS and FDI attacks against RSE.

A Denial-of-Service Attacks

1) Design of DoS Attacks: Synthesizing DoS attacks from an adversary’s perspective can be formulated as a constrained optimization problem, where the attacker aims to maximize the impact on the target system under various constraints, as illustrated by

$\begin{align*} & \max \ \ \ J_{\mathrm{Attack}} \\ & \mathrm{s.t.} \ \ \ P_{\mathrm{Attack}} \leq \Delta, \ \ \mathrm{and/or} \ \ \mathrm{PRR} \geq R_0 \end{align*}$

where ∆ represents the total power budget. The constraint on the packet-reception rate ( $\mathrm{PRR}$ ) is imposed with the awareness that, in real-world systems, a DoS attack causing an excessively low $\mathrm{PRR}$ at the terminal can be readily detected by alarm systems.

In [], [], Zhang et al. derived the optimal attack schedule under a limited energy budget; they also studied the case where the estimator has an intrusion detector that triggers an alarm when the $\mathrm{PRR}$ falls below a threshold. In this context, the attacker’s behavior is symbolized through a binary sequence. At each step, adversaries make a straightforward choice between “attack” or “not attack” to determine whether to completely obstruct the transmission channels. Consequently, the optimal attack schedule design becomes an integer programming problem, which is in general difficult to solve. However, in [125] the authors presented some structural results, showing that grouping the attacks leads to the maximal effect, while separating the attacks as uniformly as possible leads to minimal degradation. In [126], the authors explored optimal strategies for an invader launching DoS attacks on a centralized sensor network to degrade system performance. They provided an analytical solution for single-sensor systems and numerical methods for multiple-sensor systems, both with attack energy constraints.

One property of wireless communication is that the packet can experience random loss due to channel fading, interference, scattering, and other factors [127]. To explore more realistic scenarios, some researchers adopt the assumption that adversaries can manipulate the interference or noise power in signal-to-interference-plus-noise ratio (SINR) channels, where the packet dropout rate is determined by both the strength of desired signals and the level of interference power []. For such channels, Zhang et al. analyzed the impact of DoS attack power on the estimation accuracy and energy efficiency of the sensor, and found a critical value of attack power that determines the stability of the RSE []. The result is based on a well-known conclusion that an excessively low $\mathrm{PRR}$ for the Kalman filter with intermittent observations will lead to unbounded estimation errors [130].

To compromise SINR-based channels with limited energy, Peng et al. formulated the problem of finding the optimal attack power schedule subject to average energy constraints as an MDP [131]. They proved the existence and uniqueness of an optimal deterministic and stationary policy for attackers and showed that the optimal policy has a threshold structure. Liu et al. also formulated the problem of designing optimal DoS attacks as an MDP with a discount factor to balance the current and future rewards [132]. The optimal solution is obtained based on the Bellman’s optimality principle.

2) Defensive Countermeasures: Unlike FDI attacks that can deceive anomaly detectors, maintaining stealthy is usually not a primary concern in the design of DoS attacks. Consequently, the majority of research on defense countermeasures primarily addresses the challenge of ensuring reliable estimation performance in the presence of attacks.

When CPSs are subjected to DoS attacks, changes in the measurement or control input matrices lead to deviations of system dynamics from their normal conditions. Therefore, the switched system theory is often applied for attack-resilient estimation [133], [134]. This approach models the system as one that alternates between normal and attacked states, especially during intermittent DoS attacks. The primary objective is to analyze the stability of a dynamic system operating under these conditions. A representative work is [133], where Chen et al. proposed a switched system method for the fusion estimation of phaser measurement units in power systems. The switching rule is based on the innovations of an extended Kalman filter, with the goal of achieving a balance between metrics concerning the estimation accuracy, convergence speed, and computation time.

3) Game Theoretic Analysis: Notably, it is found that massive publications studied the interactive actions of attackers and defenders in a game-theoretic framework [36], [37], [115]–[118]. The pioneering work is [36], where Li et al. regarded the attack and defense problem as a zero-sum game and proved the existence of a Nash equilibrium. They used Markov chain theory to solve a relaxed problem. This framework was further extended to the case of SINR transmission channels [37], where a modified Nash Q-learning algorithm was applied to solve the Markov game over an infinite time horizon.

In multiple-channel transmission scheduling, Ding et al. also modeled the interaction between the sensor and the attacker as a two-player stochastic game and used a Nash Q-learning algorithm to find the optimal strategies [116]. To study the asymmetric information scenario, the stochastic Bayesian game has been utilized to characterize the strategic interaction between two players in RSE [117]. In this case, the sensor possesses acknowledgment information from the estimator, while the attacker does not. Recently, Yuan et al. considered a more practical case in which communication networks are time-varying; the long-term interaction of players is modeled with a Markov game [115]. An online minimax Q-learning is applied to solve the problem.

B Eavesdropping Attacks

It is commonly held that the states of the system are treated as sensitive information, which should not be accessible to adversaries. Nevertheless, an attacker who can eavesdrop on the sensor measurements can execute estimation algorithms to gain such confidential information.

1) Design of Eavesdropping Attacks: There are relatively few studies on the synthesis of optimal eavesdropping attacks. One reason is that stealthiness is usually not a primary concern; thus the attack design often boils down to a standard state estimation problem. In practical cases with secured data transmission, considering that deciphering encrypted data is often resource-consuming, Zhou et al. studied the optimization problem from adversaries’ perspective under energy constraints [23]. The authors analyzed the impact of different decryption strategies on eavesdropping performance and proposed a deciphering schedule that minimizes the expected estimation error without exceeding the energy budget.

In [], Ding et al. studied an intelligent attacker who can switch between passive and active modes to enhance eavesdropping while evading $\mathrm{PRR}$ -based detection. They modeled this trade-off as a constrained MDP and derived conditions for a policy that meets stealthiness requirements and maximizes eavesdropping efficiency. Other relevant studies on the synthesis of eavesdropping attacks in different scenarios can be found in [136], [137].

2) Optimal Scheduling Based Defense: The majority of current research on eavesdropping attacks on RSE is formulated from the defender’s standpoint, and a typical problem is stated as follows:

$\begin{align*} & \max \ \ \ E_{\mathrm{Attack}} \\ & \mathrm{s.t.} \ \ \ E_\mathrm{RSE} \leq E_0, \ \ \mathrm{and/or} \ \ P_{\mathrm{RSE}} \leq \Delta \end{align*}$

where an optimal sensor schedule within the power budget ∆ is one in which the estimation error for adversaries ( $E_{\mathrm{Attack}}$ ) is maximized while ensuring that the estimation error for RSE ( $E_\mathrm{RSE}$ ) does not surpass a specified threshold. In essence, The optimal scheduling-based defense boosts RSE confidentiality by reshaping sensor transmission decisions, which can balance various indices for optimal overall performance [138]–[141].

Using the above framework without power constraints, Tsiamis et al. introduced a control-theoretic definition of secrecy for RSE, which requires that the user’s estimation error is bounded while the eavesdropper’s estimation error is unbounded []. The paper studied a simple secrecy mechanism that randomly withholds measurements from being transmitted. It was proved that the proposed mechanism can achieve perfect expected secrecy if the user’s $\mathrm{PRR}$ is higher than the eavesdropper’s $\mathrm{PRR}$ .

Using a linear combination of $E_\mathrm{RSE}$ and $E_{\mathrm{Attack}}$ as the performance metric, Leong et al. derived structural results on the optimal transmission policy, which shows a thresholding behavior in the estimation error covariances []. The paper also proved that in the situation of infinite horizon, there exist transmission policies that can keep the expected $E_\mathrm{RSE}$ bounded while the expected $E_{\mathrm{Attack}}$ becomes unbounded.

Taking the transmission power into consideration, Wang et al. proposed a problem formulation that considers the estimation errors of both parties and the cost of the sensor’s transmission energy [140]. The authors proved that there exist some structural properties for the optimal transmission schedule, such as threshold and switching behaviors, for both the known and the unknown eavesdropper’s estimation errors.

3) Encryption-Based Defense: The above scheduling-based defense usually enhances the confidentiality of RSE at the cost of a slight reduction in nominal estimation performance. To ensure an optimal state estimation for defenders, there are also plenty of studies considering encrypting the transmission data to defend against eavesdropping attacks [111]–[114]. A representative method is presented in [112], where Tao and Ye proposed to protect the RSE from eavesdropping attacks by using time-varying coding and noise-adding techniques. They also derived the minimum encoded dimension and the upper bound of the update period for the time-varying coding scheme.

Note that the above method requires that the coding matrix not be accessible to adversaries. In order to defend against more powerful attackers, encryption-based methods are adopted in [113], [114]. Zou et al. proposed a novel encryption-decryption scheme (EDS) to protect the transmitted data from eavesdropping, using artificial noise injection and secret keys; they designed a finite-horizon energy-to-peak state estimator for LTI systems under EDS. Sufficient conditions for the existence of the EDS and the state estimator are obtained [113]. Recently in [114], Shang and Chen proposed linear encryption strategies to protect the transmitted data from eavesdropping. For two types of data transmission, the authors obtained the optimal filtering for the eavesdropper and designed the encryption coefficients by maximizing the eavesdropper’s estimation error covariance.

The application of privacy-preserving techniques in real-world systems can be found in [142], where Sun et al. introduced a novel privacy-preserving algorithm for distributed economic dispatch in microgrids. The authors provided convergence proof, analyzed privacy levels within a differential privacy framework, and demonstrated effectiveness using an IEEE 39-bus system.

VI. Conclusions and Future Works

The security issue in CPSs is a multidisciplinary topic that requires collaboration of experts from diverse fields, including computer engineering, cryptography, communication, and others. Moreover, domain-specific knowledge from vulnerable industrial sectors, such as energy pipelines and smart grids, is also essential for us to comprehensively understand the execution of these attacks and the mechanisms required for effective protection. This paper discussed the current research status on the design of cyber-attacks against RSE and the corresponding defensive countermeasures. The relevant problems with single-sensor scenarios as well as different variants have been reviewed from both attackers’ and defenders’ perspectives. It is observed that optimization-related tools and algorithms play a central role in the majority of existing studies.

Though many elegant results have been derived, the applicability of these methods in enhancing the security of real-world systems has not been adequately verified. Almost all existing studies validate the effectiveness of proposed methods using a simplified process model. The design of cyber-attacks against state estimators are discussed in smart grids [1], remotely piloted vehicles [77], and IEEE 6 bus power systems [70]; the defensive countermeasures can be found in unmanned aerial vehicles [83], the Tennessee Eastman challenge problem [85], [109], water distribution systems [44], [88], IEEE 39-bus systems [94], [142], aircraft [97], [108], smart grids [98], [102], and artificial neural networks [121]. Specifically, Ding et al. outlined a secure state estimation framework for water distribution systems in the presence of unknown disturbance inputs, measurement noises, and malicious attacks [44]. The process was modeled by an LTV system and the secure state estimation problem was cast into the feasibility of a recursive convex optimization problem subject to a series of LMIs. In the future, more efforts are needed to verify the effectiveness of these techniques in practical systems.

In the following, a few topics that have not been sufficiently investigated in existing work are presented.

A Data-Driven Design

Most of the existing studies, whether focusing on the design of optimal attacks or defensive measures, presume that a dynamic model is available to both adversaries and defenders. Nonetheless in practical systems, an accurate system model is difficult or even impossible to obtain, especially for large and complex industrial processes. This is particularly difficult for attackers who usually have only limited access to system knowledge. Therefore, studying cyber-security with partial knowledge of system parameters or pure data-driven methods is a meaningful topic [143]–[147].

B Robust Design

In the model-based approaches to cybersecurity, a majority of them consider the cases that the model possessed by attackers and defenders to be accurate. Based on this assumption, one can design strictly stealthy attacks and countermeasures. However, in practical cases, uncertainties in the model parameters have a great impact on the stealthiness property. In the deterministic framework for designing integrity attacks, the boundness of residuals is achieved by the cancellation of two unbounded attack signals in the direction of unstable eigenvectors. Therefore, even a minor inconsistency in calculating these eigenvectors can prevent the attacks from maintaining residuals within bounded limits consistently. Future research should explore robust stealthiness and defensive measures in the context of model uncertainties [148], [149]. A representative study is presented in [149], where a novel class of resilient estimation algorithms is designed when there exist uncertainties in system matrices.

C Imperfect Transmission Channels

The majority of existing results assume that, under nominal conditions, the transmission channel is perfect without delays and packet dropouts. However, the influence of such imperfections on the design of optimal attacks and defensive measures has not been thoroughly studied yet. Future endeavors could be dedicated to analyzing the effects of cyber-attacks in imperfect wireless links. This investigation will enhance the applicability of the related theoretical research to real-world systems.

D Modern Industrial Alarm Systems

Industrial alarm systems are commonly used to provide timely alerts when faults occur in industrial processes. Nowadays, most alarm systems are designed to minimize the impact of faults and improve the effectiveness of corrective responses for field workers [150]. As has been pointed out by many industrial experts, there is an urgent requirement to safeguard industrial facilities from cyber-attacks. In future work, it would be valuable to create an integrated platform that combines alarm management tools and fault/attack detection algorithms. This integration aims to prompt the delivery of alerts in case of any abnormal events by making full utilization of available information from different sources and leveraging techniques in different disciplines.

References(150)

References

[1]	Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Trans. Inf. Syst. Secur., vol. 14, no. 1, p. 13, May 2011.
[2]	S. Amin, X. Litrico, S. Sastry, and A. M. Bayen, “Cyber security of water SCADA systems–Part I: Analysis and experimentation of stealthy deception attacks,” IEEE Trans. Control Syst. Technol., vol. 21, no. 5, pp. 1963–1970, Sept. 2013. doi: 10.1109/TCST.2012.2211873
[3]	M. Xie, D. Ding, X. Ge, Q.-L. Han, H. Dong, and Y. Song, “Distributed platooning control of automated vehicles subject to replay attacks based on proportional integral observers,” IEEE/CAA J. Autom. Sinica, 2022. DOI: 10.1109/JAS.2022.105941
[4]	N. Dey, A. S. Ashour, F. Shi, S. J. Fong, and J. M. R. S. Tavares, “Medical cyber-physical systems: A survey,” J. Med. Syst., vol. 42, no. 4, p. 74, Apr. 2018. doi: 10.1007/s10916-018-0921-x
[5]	R. Langner, “StuxNet: Dissecting a cyberwarfare weapon,” IEEE Secur. Priv., vol. 9, no. 3, pp. 49–51, May–Jun. 2011. doi: 10.1109/MSP.2011.67
[6]	G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong, “The 2015 Ukraine blackout: Implications for false data injection attacks,” IEEE Trans. Power Syst., vol. 32, no. 4, pp. 3317–3318, Jul. 2017. doi: 10.1109/TPWRS.2016.2631891
[7]	Z. Wang, B. Zhao, and R. S. Blum, “An overview of cybersecurity for natural gas networks: Attacks, attack assessment, and attack detection,” in Security in Cyber-Physical Systems: Foundations and Applications, A. I. Awad, S. Furnell, M. Paprzycki, and S. K. Sharma, Eds. Cham, Germany: Springer, 2021, pp. 255–285.
[8]	A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, Jan. 2015. doi: 10.1016/j.automatica.2014.10.067
[9]	S. M. Dibaji, M. Pirani, D. B. Flamholz, A. M. Annaswamy, K. H. Johansson, and A. Chakrabortty, “A systems and control perspective of CPS security,” Annu. Rev. Control, vol. 47, pp. 394–411, Jan. 2019. doi: 10.1016/j.arcontrol.2019.04.011
[10]	Y. Suo, R. Chai, S. Chai, I. M. D. Farhan, Y. Xia, and G.-P. Liu, “Attack detection and secure state estimation of collectively observable cyber-physical systems under false data injection attacks,” IEEE Trans. Automat. Control, 2023. DOI: 10.1109/TAC.2023.3316160
[11]	Y. Li, S. Zhu, C. Chen, and X. Guan, “Optimal denial-of-service attack strategy on state estimation over infinite-time horizon,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 8, pp. 2860–2864, Aug. 2021.
[12]	G. K. Befekadu, V. Gupta, and P. J. Antsaklis, “Risk-sensitive control under Markov modulated denial-of-service (DoS) attack strategies,” IEEE Trans. Automat. Control, vol. 60, no. 12, pp. 3299–3304, Dec. 2015. doi: 10.1109/TAC.2015.2416926
[13]	R. Zhang and P. Venkitasubramaniam, “Stealthy control signal attacks in linear quadratic Gaussian control systems: Detectability reward tradeoff,” IEEE Trans. Inf. Forensics Secur., vol. 12, no. 7, pp. 1555–1570, Jul. 2017. doi: 10.1109/TIFS.2017.2668220
[14]	C.-Z. Bai, V. Gupta, and F. Pasqualetti, “On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds,” IEEE Trans. Automat. Control, vol. 62, no. 12, pp. 6641–6648, Dec. 2017. doi: 10.1109/TAC.2017.2714903
[15]	Y. Mo and B. Sinopoli, “False data injection attacks in control systems,” in Proc. 1st Workshop on Secure Control Systems, Stockholm, Sweden, 2010, pp. 1–6.
[16]	T. M. Hoang, H. Q. Ngo, T. Q. Duong, H. D. Tuan, and A. Marshall, “Cell-free massive MIMO networks: Optimal power control against active eavesdropping,” IEEE Trans. Commun., vol. 66, no. 10, pp. 4724–4737, Oct. 2018. doi: 10.1109/TCOMM.2018.2837132
[17]	H. Fang, L. Xu, Y. Zou, X. Wang, and K. K. R. Choo, “Three-stage Stackelberg game for defending against full-duplex active eavesdropping attacks in cooperative communication,” IEEE Trans. Veh. Technol., vol. 67, no. 11, pp. 10788–10799, Nov. 2018. doi: 10.1109/TVT.2018.2868900
[18]	Y. Z. Lun, A. D’Innocenzo, I. Malavolta, and M. D. Di Benedetto, “Cyber-physical systems security: A systematic mapping study,” arXiv preprint arXiv: 1605.09641, 2016.
[19]	T. Macaulay and B. L. Singer, Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS. Boca Raton, USA: CRC Press, 2012.
[20]	F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Automat. Control, vol. 58, no. 11, pp. 2715–2729, Nov. 2013. doi: 10.1109/TAC.2013.2266831
[21]	M. B. Salem, S. Hershkop, and S. J. Stolfo, “A survey of insider attack detection research,” in Insider Attack and Cyber Security: Beyond the Hacker, S. J. Stolfo, S. M. Bellovin, A. D. Keromytis, S. Hershkop, S. W. Smith, and S. Sinclair, Eds. New York, USA: Springer, 2008, pp. 69–90.
[22]	Z. Guo, D. Shi, K. H. Johansson, and L. Shi, “Optimal linear cyber-attack on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 4–13, Mar. 2017. doi: 10.1109/TCNS.2016.2570003
[23]	J. Zhou, Y. Luo, Y. Liu, and W. Yang, “Eavesdropping strategies for remote state estimation under communication constraints,” IEEE Trans. Inf. Forensics Secur., vol. 18, pp. 2250–2261, Apr. 2023. doi: 10.1109/TIFS.2023.3265343
[24]	S. X. Ding, Model-Based Fault Diagnosis Techniques: Design Schemes, Algorithms, and Tools. Berlin, Germany: Springer, 2008.
[25]	Y. Liu and G.-H. Yang, “Event-triggered distributed state estimation for cyber-physical systems under DoS attacks,” IEEE Trans. Cybern., vol. 52, no. 5, pp. 3620–3631, May 2022. doi: 10.1109/TCYB.2020.3015507
[26]	X. Zhao, L. Liu, M. V. Basin, and Z. Fei, “Event-triggered reverse attacks on remote state estimation,” IEEE Trans. Automat. Control, 2023. DOI: 10.1109/TAC.2023.3273811
[27]	P. Cheng, Z. Yang, J. Chen, Y. Qi, and L. Shi, “An event-based stealthy attack on remote state estimation,” IEEE Trans. Automat. Control, vol. 65, no. 10, pp. 4348–4355, Oct. 2020. doi: 10.1109/TAC.2019.2956021
[28]	H. Song, H. Yao, P. Shi, D. Zhang, and L. Yu, “Distributed secure state estimation of multi-sensor systems subject to two-channel hybrid attacks,” IEEE Trans. Signal Inf. Process. Netw., vol. 8, pp. 1049–1058, 2022.
[29]	W. Yang, Y. Zhang, G. Chen, C. Yang, and L. Shi, “Distributed filtering under false data injection attacks,” Automatica, vol. 102, pp. 34–44, Apr. 2019. doi: 10.1016/j.automatica.2018.12.027
[30]	M. Niu, G. Wen, Y. Lv, and G. Chen, “Innovation-based stealthy attack against distributed state estimation over sensor networks,” Automatica, vol. 152, p. 110962, Jun. 2023. doi: 10.1016/j.automatica.2023.110962
[31]	Y. Li, L. Shi, and T. Chen, “Detection against linear deception attacks on multi-sensor remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 846–856, Sept. 2018. doi: 10.1109/TCNS.2017.2648508
[32]	Y. Li, Y. Yang, Z. Zhao, J. Zhou, and D. E. Quevedo, “Deception attacks on remote estimation with disclosure and disruption resources,” IEEE Trans. Automat. Control, vol. 68, no. 7, pp. 4096–4112, Jul. 2023.
[33]	J. Liu, W. Suo, L. Zha, E. Tian, and X. Xie, “Security distributed state estimation for nonlinear networked systems against DoS attacks,” Int. J. Robust Nonlinear Control, vol. 30, no. 3, pp. 1156–1180, Feb. 2020. doi: 10.1002/rnc.4815
[34]	J. Liu, T. Yin, M. Shen, X. Xie, and J. Cao, “State estimation for cyber-physical systems with limited communication resources, sensor saturation and denial-of-service attacks,” ISA Trans., vol. 104, pp. 101–114, Sept. 2020. doi: 10.1016/j.isatra.2018.12.032
[35]	J. Zhou, J. Shang, and T. Chen, “On information fusion in optimal linear FDI attacks against remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 10, no. 4, pp. 2085–2096, Dec. 2023. doi: 10.1109/TCNS.2023.3260041
[36]	Y. Li, L. Shi, P. Cheng, J. Chen, and D. E. Quevedo, “Jamming attacks on remote state estimation in cyber-physical systems: A game-theoretic approach,” IEEE Trans. Automat. Control, vol. 60, no. 10, pp. 2831–2836, Oct. 2015. doi: 10.1109/TAC.2015.2461851
[37]	Y. Li, D. E. Quevedo, S. Dey, and L. Shi, “SINR-based DoS attack on remote state estimation: A game-theoretic approach,” IEEE Trans. Control Netw. Syst., vol. 4, no. 3, pp. 632–642, Sept. 2017. doi: 10.1109/TCNS.2016.2549640
[38]	S. Gao, H. Zhang, Z. Wang, C. Huang, and H. Yan, “Optimal injection attack strategy for cyber-physical systems under resource constraint: A game approach,” IEEE Trans. Control Netw. Syst., vol. 10, no. 2, pp. 636–646, Jun. 2023. doi: 10.1109/TCNS.2022.3203909
[39]	W. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
[40]	K. Dehghanpour, Z. Wang, J. Wang, Y. Yuan, and F. Bu, “A survey on state estimation techniques and challenges in smart distribution systems,” IEEE Trans. Smart Grid, vol. 10, no. 2, pp. 2312–2322, Mar. 2019. doi: 10.1109/TSG.2018.2870600
[41]	M. S. Mahmoud, M. M. Hamdan, and U. A. Baroudi, “Modeling and control of cyber-physical systems subject to cyber attacks: A survey of recent advances and challenges,” Neurocomputing, vol. 338, pp. 101–115, Apr. 2019. doi: 10.1016/j.neucom.2019.01.099
[42]	S. Tan, J. M. Guerrero, P. Xie, R. Han, and J. C. Vasquez, “Brief survey on attack detection methods for cyber-physical systems,” IEEE Syst. J., vol. 14, no. 4, pp. 5329–5339, Dec. 2020. doi: 10.1109/JSYST.2020.2991258
[43]	D. Zhang, Q.-G. Wang, G. Feng, Y. Shi, and A. V. Vasilakos, “A survey on attack detection, estimation and control of industrial cyber-physical systems,” ISA Trans., vol. 116, pp. 1–16, Oct. 2021. doi: 10.1016/j.isatra.2021.01.036
[44]	D. Ding, Q.-L. Han, X. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Syst. Man Cybern. Syst., vol. 51, no. 1, pp. 176–190, Jan. 2021. doi: 10.1109/TSMC.2020.3041121
[45]	D. Zhang, G. Feng, Y. Shi, and D. Srinivasan, “Physical safety and cyber security analysis of multi-agent systems: A survey of recent advances,” IEEE/CAA J. Autom. Sinica, vol. 8, no. 2, pp. 319–333, Feb. 2021. doi: 10.1109/JAS.2021.1003820
[46]	C. N. Hadjicostis, S. Lafortune, F. Lin, and R. Su, “Cybersecurity and supervisory control: A tutorial on robust state estimation, attack synthesis, and resilient control,” in Proc. 61st Conf. Decision and Control, Cancun, Mexico, 2022, pp. 3020–3040.
[47]	C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J., vol. 28, no. 4, pp. 656–715, Oct. 1949. doi: 10.1002/j.1538-7305.1949.tb00928.x
[48]	Y.-G. Li and G.-H. Yang, “Optimal stealthy innovation-based attacks with historical data in cyber-physical systems,” IEEE Trans. Syst. Man Cybern. Syst., vol. 51, no. 6, pp. 3401–3411, Jun. 2021. doi: 10.1109/TSMC.2019.2924976
[49]	J. Shang and T. Chen, “Optimal stealthy integrity attacks on remote state estimation: The maximum utilization of historical data,” Automatica, vol. 128, p. 109555, Jun. 2021. doi: 10.1016/j.automatica.2021.109555
[50]	Y.-G. Li and G.-H. Yang, “Optimal stealthy false data injection attacks in cyber-physical systems,” Inf. Sci., vol. 481, pp. 474–490, May 2019. doi: 10.1016/j.ins.2019.01.001
[51]	Z. Guo, D. Shi, K. H. Johansson, and L. Shi, “Worst-case innovation-based integrity attacks with side information on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 6, no. 1, pp. 48–59, Mar. 2019. doi: 10.1109/TCNS.2018.2793664
[52]	Z. Guo, D. Shi, K. H. Johansson, and L. Shi, “Worst-case stealthy innovation-based linear attack on remote state estimation,” Automatica, vol. 89, pp. 117–124, Mar. 2018. doi: 10.1016/j.automatica.2017.11.018
[53]	Y.-G. Li and G.-H. Yang, “Optimal innovation-based deception attacks with side information against remote state estimation in cyber-physical systems,” Neurocomputing, vol. 500, pp. 461–470, Aug. 2022. doi: 10.1016/j.neucom.2022.05.085
[54]	J. Shang, H. Yu, and T. Chen, “Worst-case stealthy innovation-based linear attacks on remote state estimation under Kullback-Leibler divergence,” IEEE Trans. Automat. Control, vol. 67, no. 11, pp. 6082–6089, Nov. 2022. doi: 10.1109/TAC.2021.3125430
[55]	X.-X. Ren, G.-H. Yang, and X.-G. Zhang, “Optimal stealthy attack with historical data on cyber-physical systems,” Automatica, vol. 151, p. 110895, May 2023. doi: 10.1016/j.automatica.2023.110895
[56]	J. Zhou, J. Shang, and T. Chen, “Optimal deception attacks against remote state estimation: An information-based approach,” IEEE Trans. Automat. Control, vol. 68, no. 7, pp. 3947–3962, Jul. 2023.
[57]	J. Zhou, J. Shang, and T. Chen, “Optimal deception attacks on remote state estimators equipped with interval anomaly detectors,” Automatica, vol. 148, p. 110723, Feb. 2023. doi: 10.1016/j.automatica.2022.110723
[58]	J. Zhou, J. Shang, and T. Chen, “Deception attacks on Kalman filtering with interval estimation performance loss,” IFAC-PapersOnLine, vol. 55, no. 35, pp. 7–12, Nov. 2022. doi: 10.1016/j.ifacol.2022.11.282
[59]	H. Guo, J. Sun, and Z.-H. Pang, “Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems,” ISA Trans., vol. 127, pp. 32–40, Aug. 2022. doi: 10.1016/j.isatra.2022.02.045
[60]	H. Guo, J. Sun, and Z.-H. Pang, “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441
[61]	F. Li and Y. Tang, “False data injection attack for cyber-physical systems with resource constraint,” IEEE Trans. Cybern., vol. 50, no. 2, pp. 729–738, Feb. 2020. doi: 10.1109/TCYB.2018.2871951
[62]	X. Ren, J. Wu, S. Dey, and L. Shi, “Attack allocation on remote state estimation in multi-systems: Structural results and asymptotic solution,” Automatica, vol. 87, pp. 184–194, Jan. 2018. doi: 10.1016/j.automatica.2017.09.021
[63]	H. Xu, Y. Yang, J. Shang, J. Fu, and Y. Li, “Integrity attacks on remote estimation with spatial-temporal information sources,” Automatica, vol. 155, p. 111172, Sept. 2023. doi: 10.1016/j.automatica.2023.111172
[64]	J. Shang, H. Yu, and T. Chen, “Worst-case stealthy attacks on stochastic event-based state estimation,” IEEE Trans. Automat. Control, vol. 67, no. 4, pp. 2052–2059, Apr. 2022. doi: 10.1109/TAC.2021.3071948
[65]	H. Guo, J. Sun, Z.-H. Pang, and G.-P. Liu, “Event-based optimal stealthy false data-injection attacks against remote state estimation systems,” IEEE Trans. Cybern., vol. 53, no. 10, pp. 6714–6724, Oct. 2023. doi: 10.1109/TCYB.2023.3255583
[66]	C.-Z. Bai, F. Pasqualetti, and V. Gupta, “Data-injection attacks in stochastic control systems: Detectability and performance tradeoffs,” Automatica, vol. 82, pp. 251–260, Aug. 2017. doi: 10.1016/j.automatica.2017.04.047
[67]	Y.-G. Li and G.-H. Yang, “Worst-case ϵ-stealthy false data injection attacks in cyber-physical systems,” Inf. Sci., vol. 515, pp. 352–364, Apr. 2020. doi: 10.1016/j.ins.2019.12.029
[68]	Y.-G. Li and G.-H. Yang, “Optimal deception attacks against remote state estimation in cyber-physical systems,” J. Frank. Inst., vol. 357, no. 3, pp. 1832–1852, Feb. 2020. doi: 10.1016/j.jfranklin.2019.11.001
[69]	L. Hu, Z. Wang, Q.-L. Han, and X. Liu, “State estimation under false data injection attacks: Security analysis and system protection,” Automatica, vol. 87, pp. 176–183, Jan. 2018. doi: 10.1016/j.automatica.2017.09.028
[70]	T.-Y. Zhang and D. Ye, “False data injection attacks with complete stealthiness in cyber-physical systems: A self-generated approach,” Automatica, vol. 120, p. 109117, Oct. 2020. doi: 10.1016/j.automatica.2020.109117
[71]	H. Shim, J. Back, Y. Eun, G. Park, and J. Kim, “Zero-dynamics attack, variations, and countermeasures,” in Security and Resilience of Control Systems: Theory and Applications, H. Ishii and Q. Zhu, Eds. Cham, Germany: Springer, 2022, pp. 31–61.
[72]	Q. Zhang, K. Liu, Z. Pang, Y. Xia, and T. Liu, “Reachability analysis of cyber-physical systems under stealthy attacks,” IEEE Trans. Cybern., vol. 52, no. 6, pp. 4926–4934, Jun. 2022. doi: 10.1109/TCYB.2020.3025307
[73]	C. Kwon, W. Liu, and I. Hwang, “Security analysis for cyber-physical systems against stealthy deception attacks,” in Proc. American Control Conf., Washington, USA, 2013, pp. 3344–3349.
[74]	Y. Mo and B. Sinopoli, “On the performance degradation of cyber-physical systems under stealthy integrity attacks,” IEEE Trans. Automat. Control, vol. 61, no. 9, pp. 2618–2624, Sept. 2016. doi: 10.1109/TAC.2015.2498708
[75]	C. Murguia, I. Shames, J. Ruths, and D. Nešić, “Security metrics and synthesis of secure control systems,” Automatica, vol. 115, p. 108757, May 2020. doi: 10.1016/j.automatica.2019.108757
[76]	H. Wang, K. Liu, D. Han, and Y. Xia, “Vulnerability analysis of distributed state estimation under joint deception attacks,” Automatica, vol. 157, p. 111274, Nov. 2023. doi: 10.1016/j.automatica.2023.111274
[77]	T. Chen, L. Wang, Z. Liu, W. Wang, and H. Su, “Optimal stealthy attack to remote estimator for estimation error regulation,” in Proc. American Control Conf., San Diego, USA, 2023, pp. 1998–2003.
[78]	D. Cheng, J. Shang, and T. Chen, “Finite-horizon strictly stealthy deterministic attacks on cyber-physical systems,” IEEE Control Syst. Lett., vol. 6, pp. 1640–1645, 2022. doi: 10.1109/LCSYS.2021.3130077
[79]	H. Liu, Y. Ni, L. Xie, and K. H. Johansson, “How vulnerable is innovation-based remote state estimation: Fundamental limits under linear attacks,” Automatica, vol. 136, p. 110079, Feb. 2022. doi: 10.1016/j.automatica.2021.110079
[80]	Y. Ni, Z. Guo, Y. Mo, and L. Shi, “On the performance analysis of reset attack in cyber-physical systems,” IEEE Trans. Automat. Control, vol. 65, no. 1, pp. 419–425, Jan. 2020. doi: 10.1109/TAC.2019.2914655
[81]	X.-L. Wang, G.-H. Yang, and D. Zhang, “Optimal stealth attack strategy design for linear cyber-physical systems,” IEEE Trans. Cybern., vol. 52, no. 1, pp. 472–480, Jan. 2022. doi: 10.1109/TCYB.2020.2975042
[82]	H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for cyber-physical systems under adversarial attacks,” IEEE Trans. Automat. Control, vol. 59, no. 6, pp. 1454–1467, Jun. 2014. doi: 10.1109/TAC.2014.2303233
[83]	Y. H. Chang, Q. Hu, and C. J. Tomlin, “Secure estimation based Kalman filter for cyber-physical systems against sensor attacks,” Automatica, vol. 95, pp. 399–412, Sept. 2018. doi: 10.1016/j.automatica.2018.06.010
[84]	Y. Mo, S. Weerakkody, and B. Sinopoli, “Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs,” IEEE Control Syst. Mag., vol. 35, no. 1, pp. 93–109, Feb. 2015.
[85]	Y. Mo, R. Chabukswar, and B. Sinopoli, “Detecting integrity attacks on SCADA systems,” IEEE Trans. Control Syst. Technol., vol. 22, no. 4, pp. 1396–1407, Jul. 2014. doi: 10.1109/TCST.2013.2280899
[86]	S. Weerakkody, Y. Mo, and B. Sinopoli, “Detecting integrity attacks on control systems using robust physical watermarking,” in Proc. 53rd IEEE Conf. Decision and Control, Los Angeles, USA, 2014, pp. 3757–3764.
[87]	C. Wang, J. Huang, D. Wang, and F. Li, “A secure strategy for a cyber physical system with multi-sensor under linear deception attack,” J. Frank. Inst., vol. 358, no. 13, pp. 6666–6683, Sept. 2021. doi: 10.1016/j.jfranklin.2021.06.029
[88]	C. M. Ahmed, V. R. Palleti, and V. K. Mishra, “A practical physical watermarking approach to detect replay attacks in a CPS,” J. Process Control, vol. 116, pp. 136–146, Aug. 2022. doi: 10.1016/j.jprocont.2022.06.002
[89]	M. Porter, P. Hespanhol, A. Aswani, M. Johnson-Roberson, and R. Vasudevan, “Detecting generalized replay attacks via time-varying dynamic watermarking,” IEEE Trans. Automat. Control, vol. 66, no. 8, pp. 3502–3517, Aug. 2021. doi: 10.1109/TAC.2020.3022756
[90]	H. Liu, Y. Mo, J. Yan, L. Xie, and K. H. Johansson, “An online approach to physical watermark design,” IEEE Trans. Automat. Control, vol. 65, no. 9, pp. 3895–3902, Sept. 2020. doi: 10.1109/TAC.2020.2971994
[91]	F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas, “Coding schemes for securing cyber-physical systems against stealthy data injection attacks,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 106–117, Mar. 2017. doi: 10.1109/TCNS.2016.2573039
[92]	J. Shang, M. Chen, and T. Chen, “Optimal linear encryption against stealthy attacks on remote state estimation,” IEEE Trans. Automat. Control, vol. 66, no. 8, pp. 3592–3607, Aug. 2021. doi: 10.1109/TAC.2020.3024143
[93]	J. Shang, J. Zhou, and T. Chen, “Single-dimensional encryption against innovation-based stealthy attacks on remote state estimation,” Automatica, vol. 136, p. 110015, Feb. 2022. doi: 10.1016/j.automatica.2021.110015
[94]	J. Tian, R. Tan, X. Guan, Z. Xu, and T. Liu, “Moving target defense approach to detecting StuxNet-like attacks,” IEEE Trans. Smart Grid, vol. 11, no. 1, pp. 291–300, Jan. 2020. doi: 10.1109/TSG.2019.2921245
[95]	S. Weerakkody and B. Sinopoli, “Detecting integrity attacks on control systems using a moving target approach,” in Proc. 54th IEEE Conf. Decision and Control, Osaka, Japan, 2015, pp. 5820–5826.
[96]	P. Griffioen, S. Weerakkody, and B. Sinopoli, “A moving target defense for securing cyber-physical systems,” IEEE Trans. Automat. Control, vol. 66, no. 5, pp. 2016–2031, May 2021. doi: 10.1109/TAC.2020.3005686
[97]	A. Kanellopoulos and K. G. Vamvoudakis, “A moving target defense control framework for cyber-physical systems,” IEEE Trans. Automat. Control, vol. 65, no. 3, pp. 1029–1043, Mar. 2020. doi: 10.1109/TAC.2019.2915746
[98]	K. Manandhar, X. Cao, F. Hu, and Y. Liu, “Detection of faults and attacks including false data injection attack in smart grid using Kalman filter,” IEEE Trans. Control Netw. Syst., vol. 1, no. 4, pp. 370–379, Dec. 2014. doi: 10.1109/TCNS.2014.2357531
[99]	R. Tunga, C. Murguia, and J. Ruths, “Tuning windowed chi-squared detectors for sensor attacks,” in Proc. Annu. American Control Conf., Milwaukee, USA, 2018, pp. 1752–1757.
[100]	D. Ye and T.-Y. Zhang, “Summation detector for false data-injection attack in cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 6, pp. 2338–2345, Jun. 2020. doi: 10.1109/TCYB.2019.2915124
[101]	Z. Guo, D. Shi, D. E. Quevedo, and L. Shi, “Secure state estimation against integrity attacks: A Gaussian mixture model approach,” IEEE Trans. Signal Process., vol. 67, no. 1, pp. 194–207, Jan. 2019. doi: 10.1109/TSP.2018.2879037
[102]	D. B. Rawat and C. Bajracharya, “Detection of false data injection attacks in smart grid communication systems,” IEEE Signal Process. Lett., vol. 22, no. 10, pp. 1652–1656, Oct. 2015. doi: 10.1109/LSP.2015.2421935
[103]	X. Ge, Q.-L. Han, M. Zhong, and X.-M. Zhang, “Distributed Krein space-based attack detection over sensor networks under deception attacks,” Automatica, vol. 109, p. 108557, Nov. 2019. doi: 10.1016/j.automatica.2019.108557
[104]	X. Ge, Q.-L. Han, X.-M. Zhang, D. Ding, and F. Yang, “Resilient and secure remote monitoring for a class of cyber-physical systems against attacks,” Inf. Sci., vol. 512, pp. 1592–1605, Feb. 2020. doi: 10.1016/j.ins.2019.10.057
[105]	W.-A. Zhang, L. Yu, and D. He, “Sequential fusion estimation for sensor networks with deceptive attacks,” IEEE Trans. Aerosp. Electron. Syst., vol. 56, no. 3, pp. 1829–1843, Jun. 2020. doi: 10.1109/TAES.2019.2936750
[106]	A. Chattopadhyay and U. Mitra, “Security against false data-injection attack in cyber-physical systems,” IEEE Trans. Control Netw. Syst., vol. 7, no. 2, pp. 1015–1027, Jun. 2020. doi: 10.1109/TCNS.2019.2927594
[107]	L. An and G.-H. Yang, “Distributed secure state estimation for cyber-physical systems under sensor attacks,” Automatica, vol. 107, pp. 526–538, Sept. 2019. doi: 10.1016/j.automatica.2019.06.019
[108]	Z. Zhao, Y. Xu, Y. Li, Z. Zhen, Y. Yang, and Y. Shi, “Data-driven attack detection and identification for cyber-physical systems under sparse sensor attacks,” IEEE Trans. Automat. Control, vol. 68, no. 10, pp. 6330–6337, Oct. 2023. doi: 10.1109/TAC.2022.3230360
[109]	D. Shi, Z. Guo, K. H. Johansson, and L. Shi, “Causality countermeasures for anomaly detection in cyber-physical systems,” IEEE Trans. Automat. Control, vol. 63, no. 2, pp. 386–401, Feb. 2018. doi: 10.1109/TAC.2017.2714646
[110]	Y. Li, D. Shi, and T. Chen, “False data injection attacks on networked control systems: A Stackelberg game analysis,” IEEE Trans. Automat. Control, vol. 63, no. 10, pp. 3503–3509, Oct. 2018. doi: 10.1109/TAC.2018.2798817
[111]	W. Yang, D. Li, H. Zhang, Y. Tang, and W. X. Zheng, “An encoding mechanism for secrecy of remote state estimation,” Automatica, vol. 120, p. 109116, Oct. 2020. doi: 10.1016/j.automatica.2020.109116
[112]	F. Tao and D. Ye, “Secure state estimation against eavesdropping attacks based on time-varying coding and noise-adding,” IEEE Trans. Netw. Sci. Eng., vol. 11, no. 1, pp. 174–184, Jan.-Feb. 2024. doi: 10.1109/TNSE.2023.3293106
[113]	L. Zou, Z. Wang, B. Shen, H. Dong, and G. Lu, “Encrypted finite-horizon energy-to-peak state estimation for time-varying systems under eavesdropping attacks: Tackling secrecy capacity,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 4, pp. 985–996, Apr. 2023. doi: 10.1109/JAS.2023.123393
[114]	J. Shang and T. Chen, “Linear encryption against eavesdropping on remote state estimation,” IEEE Trans. Automat. Control, vol. 68, no. 7, pp. 4413–4419, Jul. 2023.
[115]	H. Yuan, Y. Xia, and H. Yang, “Resilient state estimation of cyber-physical system with multichannel transmission under DoS attack,” IEEE Trans. Syst. Man Cybern. Syst., vol. 51, no. 11, pp. 6926–6937, Nov. 2021. doi: 10.1109/TSMC.2020.2964586
[116]	K. Ding, Y. Li, D. E. Quevedo, S. Dey, and L. Shi, “A multi-channel transmission schedule for remote state estimation under DoS attacks,” Automatica, vol. 78, pp. 194–201, Apr. 2017. doi: 10.1016/j.automatica.2016.12.020
[117]	K. Ding, X. Ren, D. E. Quevedo, S. Dey, and L. Shi, “DoS attacks on remote state estimation with asymmetric information,” IEEE Trans. Control Netw. Syst., vol. 6, no. 2, pp. 653–666, Jun. 2019. doi: 10.1109/TCNS.2018.2867157
[118]	R.-R. Liu, F. Hao, and H. Yu, “Optimal DoS attack scheduling for multi-sensor remote state estimation over interference channels,” J. Frank. Inst., vol. 358, no. 9, pp. 5136–5162, Jun. 2021. doi: 10.1016/j.jfranklin.2021.04.014
[119]	Y.-C. Sun and G.-H. Yang, “Event-triggered remote state estimation for cyber-physical systems under malicious DoS attacks,” Inf. Sci., vol. 602, pp. 43–56, Jul. 2022. doi: 10.1016/j.ins.2022.04.033
[120]	H. Song, D. Ding, H. Dong, and X. Yi, “Distributed filtering based on Cauchy-kernel-based maximum correntropy subject to randomly occurring cyber-attacks,” Automatica, vol. 135, p. 110004, Jan. 2022. doi: 10.1016/j.automatica.2021.110004
[121]	Y. Qu and K. Pang, “State estimation for a class of artificial neural networks subject to mixed attacks: A set-membership method,” Neurocomputing, vol. 411, pp. 239–246, Oct. 2020. doi: 10.1016/j.neucom.2020.06.020
[122]	H. Lin, J. Lam, and Z. Wang, “Secure state estimation for systems under mixed cyber-attacks: Security and performance analysis,” Inf. Sci., vol. 546, pp. 943–960, Feb. 2021. doi: 10.1016/j.ins.2020.08.124
[123]	Y. Guan and X. Ge, “Distributed attack detection and secure estimation of networked cyber-physical systems against false data injection attacks and jamming attacks,” IEEE Trans. Signal Inf. Process. Netw., vol. 4, no. 1, pp. 48–59, Mar. 2018.
[124]	H. Zhang, P. Cheng, L. Shi, and J. Chen, “Optimal DoS attack policy against remote state estimation,” in Proc. 52nd IEEE Conf. Decision and Control, Firenze, Italy, 2013, pp. 5444–5449.
[125]	H. Zhang, P. Cheng, L. Shi, and J. Chen, “Optimal denial-of-service attack scheduling with energy constraint,” IEEE Trans. Automat. Control, vol. 60, no. 11, pp. 3023–3028, Nov. 2015. doi: 10.1109/TAC.2015.2409905
[126]	C. Yang, W. Yang, and H. Shi, “DoS attack in centralised sensor network against state estimation,” IET Control Theory Appl., vol. 12, no. 9, pp. 1244–1253, Jun. 2018. doi: 10.1049/iet-cta.2017.0819
[127]	J. Qin, M. Li, J. Wang, L. Shi, Y. Kang, and W. X. Zheng, “Optimal denial-of-service attack energy management against state estimation over an SINR-based network,” Automatica, vol. 119, p. 109090, Sept. 2020. doi: 10.1016/j.automatica.2020.109090
[128]	H. Zhang, Y. Qi, J. Wu, L. Fu, and L. He, “DoS attack energy management against remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 1, pp. 383–394, Mar. 2018. doi: 10.1109/TCNS.2016.2614099
[129]	H. Zhang, Y. Qi, H. Zhou, J. Zhang, and J. Sun, “Testing and defending methods against DoS attack in state estimation,” Asian J. Control, vol. 19, no. 4, pp. 1295–1305, Jul. 2017. doi: 10.1002/asjc.1441
[130]	B. Sinopoli, L. Schenato, M. Franceschetti, K. Poolla, M. I. Jordan, and S. S. Sastry, “Kalman filtering with intermittent observations,” IEEE Trans. Automat. Control, vol. 49, no. 9, pp. 1453–1464, Sept. 2004. doi: 10.1109/TAC.2004.834121
[131]	L. Peng, L. Shi, X. Cao, and C. Sun, “Optimal attack energy allocation against remote state estimation,” IEEE Trans. Automat. Control, vol. 63, no. 7, pp. 2199–2205, Jul. 2018. doi: 10.1109/TAC.2017.2775344
[132]	R. Liu, F. Hao, and H. Yu, “Optimal SINR-based DoS attack scheduling for remote state estimation via adaptive dynamic programming approach,” IEEE Trans. Syst. Man Cybern. Syst., vol. 51, no. 12, pp. 7622–7632, Dec. 2021. doi: 10.1109/TSMC.2020.2981478
[133]	J. Chen, C. Dou, L. Xiao, and Z. Wang, “Fusion state estimation for power systems under DoS attacks: A switched system approach,” IEEE Trans. Syst. Man Cybern. Syst., vol. 49, no. 8, pp. 1679–1687, Aug. 2019. doi: 10.1109/TSMC.2019.2895912
[134]	M. Naghnaeian and Y. Xuan, “Optimal state estimation under the denial-of-service attack: An operator approach,” in Proc. American Control Conf., Denver, USA, 2020, pp. 5334–5339.
[135]	K. Ding, X. Ren, A. S. Leong, D. E. Quevedo, and L. Shi, “Remote state estimation in the presence of an active eavesdropper,” IEEE Trans. Automat. Control, vol. 66, no. 1, pp. 229–244, Jan. 2021. doi: 10.1109/TAC.2020.2980730
[136]	Y. Han, L. Duan, and R. Zhang, “Jamming-assisted eavesdropping over parallel fading channels,” IEEE Trans. Inf. Forensics Secur., vol. 14, no. 9, pp. 2486–2499, Sept. 2019. doi: 10.1109/TIFS.2019.2901821
[137]	B. Li, Y. Yao, H. Zhang, and Y. Lv, “Energy efficiency of proactive cooperative eavesdropping over multiple suspicious communication links,” IEEE Trans. Veh. Technol., vol. 68, no. 1, pp. 420–430, Jan. 2019. doi: 10.1109/TVT.2018.2880768
[138]	A. Tsiamis, K. Gatsis, and G. J. Pappas, “State estimation with secrecy against eavesdroppers,” IFAC-PapersOnLine, vol. 50, no. 1, pp. 8385–8392, Jul. 2017. doi: 10.1016/j.ifacol.2017.08.1563
[139]	A. S. Leong, D. E. Quevedo, D. Dolz, and S. Dey, “Transmission scheduling for remote state estimation over packet dropping links in the presence of an eavesdropper,” IEEE Trans. Automat. Control, vol. 64, no. 9, pp. 3732–3739, Sept. 2019. doi: 10.1109/TAC.2018.2883246
[140]	L. Wang, X. Cao, B. Sun, H. Zhang, and C. Sun, “Optimal schedule of secure transmissions for remote state estimation against eavesdropping,” IEEE Trans. Industr. Inform., vol. 17, no. 3, pp. 1987–1997, Mar. 2021. doi: 10.1109/TII.2020.2995385
[141]	L. Wang, X. Cao, H. Zhang, C. Sun, and W. X. Zheng, “Transmission scheduling for privacy-optimal encryption against eavesdropping attacks on remote state estimation,” Automatica, vol. 137, p. 110145, Mar. 2022. doi: 10.1016/j.automatica.2021.110145
[142]	L. Sun, D. Ding, H. Dong, and X. Bai, “Privacy-preserving distributed economic dispatch for microgrids based on state decomposition with added noises,” IEEE Trans. Smart Grid, 2023. DOI: 10.1109/TSG.2023.3324138
[143]	X. Huang, D. Zhai, and J. Dong, “Adaptive integral sliding-mode control strategy of data-driven cyber-physical systems against a class of actuator attacks,” IET Control Theory Appl., vol. 12, no. 10, pp. 1440–1447, Jul. 2018. doi: 10.1049/iet-cta.2017.1278
[144]	A.-Y. Lu and G.-H. Yang, “False data injection attacks against state estimation without knowledge of estimators,” IEEE Trans. Automat. Control, vol. 67, no. 9, pp. 4529–4540, Sept. 2022. doi: 10.1109/TAC.2022.3161259
[145]	J. Kim, L. Tong, and R. J. Thomas, “Subspace methods for data attack on state estimation: A data driven approach,” IEEE Trans. Signal Process., vol. 63, no. 5, pp. 1102–1114, Mar. 2015. doi: 10.1109/TSP.2014.2385670
[146]	S. Gao, H. Zhang, Z. Wang, C. Huang, and H. Yan, “Data-driven injection attack strategy for linear cyber-physical systems: An input-output data-based approach,” IEEE Trans. Netw. Sci. Eng., vol. 10, no. 6, pp. 4082–4095, Nov.-Dec. 2023.
[147]	Y. Yuan and Y. Mo, “Security for cyber-physical systems: Secure control against known-plaintext attack,” Sci. China Technol. Sci., vol. 63, no. 9, pp. 1637–1646, Sept. 2020. doi: 10.1007/s11431-020-1621-y
[148]	F. Hou and J. Sun, “Fasle data injection attacks in cyber-physical systems based on inaccurate model,” in Proc. 43rd Annu. Conf. Industrial Electronics Society, Beijing, China, 2017, pp. 5791–5796.
[149]	P. Duan, G. Lv, Z. Duan, and Y. Lv, “Resilient state estimation for complex dynamic networks with system model perturbation,” IEEE Trans. Control Netw. Syst., vol. 8, no. 1, pp. 135–146, Mar. 2021. doi: 10.1109/TCNS.2020.3035759
[150]	W. Hu, S. L. Shah, and T. Chen, “Framework for a smart data analytics platform towards process monitoring and alarm management,” Comput. Chem. Eng., vol. 114, pp. 225–244, Jun. 2018. doi: 10.1016/j.compchemeng.2017.10.010

[1]	Limei Liang, Rong Su, Haotian Xu. Distributed State and Fault Estimation for Cyber-Physical Systems Under DoS Attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(1): 261-263. doi: 10.1109/JAS.2024.124527
[2]	Yu-Ang Wang, Zidong Wang, Lei Zou, Bo Shen, Hongli Dong. Detection of Perfect Stealthy Attacks on Cyber-Physical Systems Subject to Measurement Quantizations: A Watermark-Based Strategy[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(1): 114-125. doi: 10.1109/JAS.2024.124815
[3]	Jiaxing Li, Zidong Wang, Jun Hu, Hongli Dong, Hongjian Liu. Cubature Kalman Fusion Filtering Under Amplify-and-Forward Relays With Randomly Varying Channel Parameters[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(2): 356-368. doi: 10.1109/JAS.2024.124590
[4]	Zhaoyang He, Naiqi Wu, Rong Su, Zhiwu Li. Cyber-Attacks With Resource Constraints on Discrete Event Systems Under Supervisory Control[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(3): 585-595. doi: 10.1109/JAS.2024.124596
[5]	Jiajun Cheng, Haonan Chen, Zhirui Xue, Yulong Huang, Yonggang Zhang. An Online Exploratory Maximum Likelihood Estimation Approach to Adaptive Kalman Filtering[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(1): 228-254. doi: 10.1109/JAS.2024.125001
[6]	Haibin Guo, Zhong-Hua Pang, Chao Li. Side Information-Based Stealthy False Data Injection Attacks Against Multi-Sensor Remote Estimation[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(4): 1054-1056. doi: 10.1109/JAS.2023.124086
[7]	Bogang Qu, Zidong Wang, Bo Shen, Hongli Dong, Hongjian Liu. Anomaly-Resistant Decentralized State Estimation Under Minimum Error Entropy With Fiducial Points for Wide-Area Power Systems[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(1): 74-87. doi: 10.1109/JAS.2023.123795
[8]	Weiwei Sun, Xinci Gao, Lusong Ding, Xiangyu Chen. Distributed Fault Estimation for Nonlinear Systems With Sensor Saturation and Deception Attacks Using Stochastic Communication Protocols[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(8): 1865-1876. doi: 10.1109/JAS.2023.124161
[9]	Xiaoting Du, Lei Zou, Maiying Zhong. Set-Membership Filtering Approach to Dynamic Event-Triggered Fault Estimation for a Class of Nonlinear Time-Varying Complex Networks[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(3): 638-648. doi: 10.1109/JAS.2023.124119
[10]	Dan You, Shouguang Wang. Non-Deterministic Liveness-Enforcing Supervisor Tolerant to Sensor-Reading Modification Attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(1): 240-248. doi: 10.1109/JAS.2023.123702
[11]	Ke Li, Shunyi Zhao, Biao Huang, Fei Liu. Bayesian Filtering for High-Dimensional State-Space Models With State Partition and Error Compensation[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(5): 1239-1249. doi: 10.1109/JAS.2023.124137
[12]	Mahdi Taheri, Khashayar Khorasani, Nader Meskin. On Zero Dynamics and Controllable Cyber-Attacks in Cyber-Physical Systems and Dynamic Coding Schemes as Their Countermeasures[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(11): 2191-2203. doi: 10.1109/JAS.2024.124692
[13]	Bo Shen, Xuelin Wang, Lei Zou. Maximum Correntropy Kalman Filtering for Non-Gaussian Systems With State Saturations and Stochastic Nonlinearities[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(5): 1223-1233. doi: 10.1109/JAS.2023.123195
[14]	Haibin Guo, Jian Sun, Zhong-Hua Pang. Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(5): 1181-1191. doi: 10.1109/JAS.2023.123441
[15]	Kritika Bansal, Pankaj Mukhija. Aperiodic Sampled-Data Control of Distributed Networked Control Systems Under Stochastic Cyber-Attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2020, 7(4): 1064-1073. doi: 10.1109/JAS.2020.1003249
[16]	Ganggui Qu, Dong Shen. Stochastic Iterative Learning Control With Faded Signals[J]. IEEE/CAA Journal of Automatica Sinica, 2019, 6(5): 1196-1208. doi: 10.1109/JAS.2019.1911696
[17]	Huazhen Fang, Ning Tian, Yebin Wang, MengChu Zhou, Mulugeta A. Haile. Nonlinear Bayesian Estimation: From Kalman Filtering to a Broader Horizon[J]. IEEE/CAA Journal of Automatica Sinica, 2018, 5(2): 401-417. doi: 10.1109/JAS.2017.7510808
[18]	Xiao Lu, Linglong Wang, Haixia Wang, Xianghua Wang. Kalman Filtering for Delayed Singular Systems with Multiplicative Noise[J]. IEEE/CAA Journal of Automatica Sinica, 2016, 3(1): 51-58.
[19]	Yumei Li, Holger Voos, Mohamed Darouach, Changchun Hua. An Algebraic Detection Approach for Control Systems under Multiple Stochastic Cyber-attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2015, 2(3): 258-266.
[20]	Haiyang Yu, Yisha Liu, Wei Wang. Distributed Sparse Signal Estimation in Sensor Networks Using H_∞-Consensus Filtering[J]. IEEE/CAA Journal of Automatica Sinica, 2014, 1(2): 149-154.

Supplements(0)

Cited By

Proportional views

Proportional views

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

Figures(3) / Tables(3)

Get Citation

PDF

XML

Article Metrics

Article views (521) PDF downloads(152)

Highlights

An overview of recent advances in cyber-attacks and defensive countermeasures is presented, with a specific focus on integrity attacks against RSE
A detailed review of typical attack detection and resilient estimation algorithms is included, illustrating the latest defensive measures safeguarding RSE from adversaries
Some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers’ and defenders’ perspectives