Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems

Haibin Guo; Jian Sun; Zhong-Hua Pang

doi:10.1109/JAS.2023.123441

Volume 10 Issue 5

May 2023

IEEE/CAA Journal of Automatica Sinica

JCR Impact Factor: 11.8, Top 4% (SCI Q1)

CiteScore: 17.6, Top 3% (Q1)
Google Scholar h5-index: 77， TOP 5

Turn off MathJax

Article Contents

Article Navigation > IEEE/CAA Journal of Automatica Sinica > 2023 > 10(5): 1181-1191

H. B. Guo, J. Sun, and Z.-H. Pang, “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441

Citation:

H. B. Guo, J. Sun, and Z.-H. Pang, “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441

Citation:

PDF( 1196 KB)

Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems

doi: 10.1109/JAS.2023.123441

Haibin Guo^1
,,
Jian Sun^1
,,
Zhong-Hua Pang^{2
,
,}

1.
National Key Laboratory of Autonomous Intelligent Unmanned Systems, School of Automation, Beijing Institute of Technology, Beijing 100081, China. J. Sun is also with the Beijing Institute of Technology Chongqing Innovation Center, Chongqing 401120, China
2.
Key Laboratory of Fieldbus Technology and Automation of Beijing, North China University of Technology, Beijing 100144, China

Funds: This work was supported by the National Natural Science Foundation of China (61925303, 62173034, 62088101, U20B2073, 62173002), the National Key Research and Development Program of China (2021YFB1714800), and Beijing Natural Science Foundation (4222045)

More Information

Author Bio:
Haibin Guo received the B.Sc. degree in applied physics from the Shandong University of Science and Technology in 2017. He is currently pursuing the Ph.D. degree in control science and engineering at the National Key Laboratory of Autonomous Intelligent Unmanned Systems, School of Automation, Beijing Institute of Technology. His research interests include networked control systems, attack modeling and detection, and security of cyber-physical systems

Jian Sun (Senior Member, IEEE) received the B.Eng. degree in electrical engineering from the Jilin Institute of Technology in 2001, the M.Eng. degree in mechatronical engineering from the Changchun Institute of Optics, Fine Mechanics and Physics, Chinese Academy of Sciences (CAS) in 2004, and the Ph.D. degree in control theory and control engineering from the Institute of Automation, CAS, in 2007. From 2008 to 2009, he was a Research Fellow with the University of Glamorgan, UK. From 2007 to 2010, he was a Postdoctoral Research Fellow with the Beijing Institute of Technology. In 2010, he joined the School of Automation, Beijing Institute of Technology, where he has been a Professor since 2013. His research interests include networked control systems, time-delay systems, and security of cyber-physical systems. He is an Editorial Board Member of the IEEE Transactions on Systems, Man and Cybernetics: Systems, and the Journal of Systems Science and Complexity

Zhong-Hua Pang (Senior Member, IEEE) received the B.Eng. degree in automation and M.Eng. degree in control theory and control engineering from the Qingdao University of Science and Technology, in 2002 and 2005, respectively, and the Ph.D. degree in control theory and control engineering from the Institute of Automation, Chinese Academy of Sciences in 2011. He was a Postdoctoral Research Fellow with the Tsinghua University, from September 2011 to February 2014, a Visiting Scholar at the University of South Wales, UK from Nov. 2016 to Oct. 2017, and a Visiting Scholar at the Swinburne University of Technology, Australia from July 2019 to August 2019 and from January 2020 to March 2020, respectively. Since 2014, he has been with the North China University of Technology, first as an Associate Professor and since 2017 as a Professor. His research interests include networked control systems, multi-agent systems, security of cyber-physical systems, and data-driven control systems
Corresponding author: Zhong-Hua Pang, e-mail: zhonghua.pang@ia.ac.cn
Received Date: 2022-10-14
Revised Date: 2022-12-13
Accepted Date: 2023-01-11

Available Online: 2023-03-22

Abstract

Abstract

This paper investigates the security issue of multi-sensor remote estimation systems. An optimal stealthy false data injection (FDI) attack scheme based on historical and current residuals, which only tampers with the measurement residuals of partial sensors due to limited attack resources, is proposed to maximally degrade system estimation performance. The attack stealthiness condition is given, and then the estimation error covariance in compromised state is derived to quantify the system performance under attack. The optimal attack strategy is obtained by solving several convex optimization problems which maximize the trace of the compromised estimation error covariance subject to the stealthiness condition. Moreover, due to the constraint of attack resources, the selection principle of the attacked sensor is provided to determine which sensor is attacked so as to hold the most impact on system performance. Finally, simulation results are presented to verify the theoretical analysis.
- Cyber-physical systems (CPSs),
- false data injection (FDI) attacks,
- remote state estimation,
- stealthy attacks

FullText(HTML)

References(49)

References

[1]	X. M. Zhang, Q.-L. Han, X. H. Ge, D. R. Ding, L. Ding, D. Yue, and C. Peng, “Networked control systems: A survey of trends and techniques,” IEEE/CAA J. Autom. Sinica, vol. 7, no. 1, pp. 1–17, Jan. 2020. doi: 10.1109/JAS.2019.1911861
[2]	C. Song, L. Liu, G. Feng, Y. Fan, and S. Y. Xu, “Coverage control for heterogeneous mobile sensor networks with bounded position measurement errors,” Automatica, vol. 120, p. 109118, Oct. 2020. doi: 10.1016/j.automatica.2020.109118
[3]	D. R. Ding, Q.-L. Han, X. H. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 1, pp. 176–190, Jan. 2021. doi: 10.1109/TSMC.2020.3041121
[4]	Z. H. Pang, C. D. Bai, G. P. Liu, Q.-L. Han, and X. M. Zhang, “A novel networked predictive control method for systems with random communication constraints,” J. Syst. Sci. Complex., vol. 34, no. 4, pp. 1364–1378, Feb. 2021. doi: 10.1007/s11424-021-0160-y
[5]	J. Hu, C. Q. Jia, H. Yu, and H. J. Liu, “Dynamic event-triggered state estimation for nonlinear coupled output complex networks subject to innovation constraints,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 941–944, May 2022. doi: 10.1109/JAS.2022.105581
[6]	G. Y. Wu, G. Wang, J. Sun, and J. Chen, “Optimal partial feedback attacks in cyber-physical power systems,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3919–3926, Sept. 2020. doi: 10.1109/TAC.2020.2981915
[7]	Z. H. Pang, W. C. Luo, G. P. Liu, and Q.-L. Han, “Observer-based incremental predictive control of networked multi-agent systems with random delays and packet dropouts,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 1, pp. 426–430, Jan. 2021.
[8]	C. B. Zheng, Z. H. Pang, J. X. Wang, J. Sun, G. P. Liu, and Q.-L. Han, “Null-space-based time-varying formation control of uncertain nonlinear second-order multi-agent systems with collision avoidance,” IEEE Trans. Ind. Electron., to be published
[9]	J. Chen, J. Sun, and G. Wang, “From unmanned systems to autonomous intelligent systems,” Engineering, vol. 12, pp. 16–19, May 2022. doi: 10.1016/j.eng.2021.10.007
[10]	W. L. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
[11]	Z. H. Pang, L. Z. Fan, Z. Dong, Q.-L. Han, and G. P. Liu, “False data injection attacks against partial sensor measurements of networked control systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 69, no. 1, pp. 149–153, Jan. 2022.
[12]	H. B. Guo, J. Sun, Z. H. Pang, and G. P. Liu, “Event-based optimal stealthy false data-injection attacks against remote state estimation systems,” IEEE Trans. Cybern., 2023.
[13]	W. Y. Xu, Z. D. Wang, L. Hu, and J. Kurths, “State estimation under joint false data injection attacks: Dealing with constraints and insecurity,” IEEE Trans. Autom. Control, vol. 67, no. 12, pp. 6745–6753, Dec. 2022. doi: 10.1109/TAC.2021.3131145
[14]	F. Y. Hou, J. Sun, Q. L. Yang, and Z. H. Pang, “Deep reinforcement learning for optimal denial-of-service attacks scheduling,” Sci. China Inf. Sci., vol. 65, no. 6, p. 162201, Jun. 2022. doi: 10.1007/s11432-020-3027-0
[15]	X. H. Ge, Q.-L. Han, M. Y. Zhong, and X. M. Zhang, “Distributed Krein space-based attack detection over sensor networks under deception attacks,” Automatica, vol. 109, p. 108557, Nov. 2019. doi: 10.1016/j.automatica.2019.108557
[16]	D. Ye and T. Y. Zhang, “Summation detector for false data-injection attack in cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 6, pp. 2338–2345, Jun. 2020. doi: 10.1109/TCYB.2019.2915124
[17]	Z. H. Pang, L. Z. Fan, J. Sun, K. Liu, and G. P. Liu, “Detection of stealthy false data injection attacks against networked control systems via active data modification,” Inf. Sci., vol. 546, pp. 192–205, Feb. 2021. doi: 10.1016/j.ins.2020.06.074
[18]	H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “An output-coding-based detection scheme against replay attacks in cyber-physical systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 10, pp. 3306–3310, Oct. 2021.
[19]	J. Zhang, L. Pan, Q.-L. Han, C. Chen, S. Wen, and Y. Xiang, “Deep learning based attack detection for cyber-physical system cybersecurity: A survey,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 3, pp. 377–391, Mar. 2022. doi: 10.1109/JAS.2021.1004261
[20]	H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “Detection of stealthy false data injection attacks against cyber-physical systems: A stochastic coding scheme,” J. Syst. Sci. Complex., vol. 35, no. 5, pp. 1668–1684, Aug. 2022. doi: 10.1007/s11424-022-1005-z
[21]	Y. L. Mo and B. Sinopoli, “Secure estimation in the presence of integrity attacks,” IEEE Trans. Autom. Control, vol. 60, no. 4, pp. 1145–1151, Apr. 2015. doi: 10.1109/TAC.2014.2350231
[22]	W. Ao, Y. D. Song, and C. Y. Wen, “Distributed secure state estimation and control for CPSs under sensor attacks,” IEEE Trans. Cybern., vol. 50, no. 1, pp. 259–269, Jan. 2020. doi: 10.1109/TCYB.2018.2868781
[23]	H. C. Xiao, D. R. Ding, H. L. Dong, and G. L. Wei, “Adaptive event-triggered state estimation for large-scale systems subject to deception attacks,” Sci. China Inf. Sci., vol. 65, no. 2, p. 122207, Feb. 2022. doi: 10.1007/s11432-020-3142-5
[24]	D. Zhang, C. Deng, and G. Feng, “Resilient cooperative output regulation for nonlinear multi-agent systems under DoS attacks,” IEEE Trans. Autom. Control, vol. 68, no. 4, pp. 2521–2528, Apr. 2023.
[25]	Z. H. Pang and G. P. Liu, “Design and implementation of secure networked predictive control systems under deception attacks,” IEEE Trans. Control Syst. Technol., vol. 20, no. 5, pp. 1334–1342, Sept. 2012. doi: 10.1109/TCST.2011.2160543
[26]	S. Feng, A. Cetinkaya, H. Ishii, P. Tesi, and C. De Persis, “Networked control under DoS attacks: Tradeoffs between resilience and data rate,” IEEE Trans. Autom. Control, vol. 66, no. 1, pp. 460–467, Jan. 2021. doi: 10.1109/TAC.2020.2981083
[27]	B. Chen, Y. W. Tan, Z. Sun, and L. Yu, “Attack-resilient control against FDI attacks in cyber-physical systems,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 6, pp. 1099–1102, Jun. 2022. doi: 10.1109/JAS.2022.105641
[28]	W. J. Liu, J. Sun, G. Wang, F. Bullo, and J. Chen, “Resilient control under quantization and denial-of-service: Codesigning a deadbeat controller and transmission protocol,” IEEE Trans. Autom. Control, vol. 67, no. 8, pp. 3879–3891, Jun. 2022. doi: 10.1109/TAC.2021.3107145
[29]	X. H. Ge, Q.-L. Han, Q. Wu, and X. M. Zhang, “Resilient and safe platooning control of connected automated vehicles against intermittent denial-of-service attacks,” IEEE/CAA J. Autom. Sinica, 2022.
[30]	E. Kung, S. Dey, and L. Shi, “The performance and limitations of ϵ-stealthy attacks on higher order systems,” IEEE Trans. Autom. Control, vol. 62, no. 2, pp. 941–947, Feb. 2017. doi: 10.1109/TAC.2016.2565379
[31]	C. Z. Bai, V. Gupta, and F. Pasqualetti, “On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds,” IEEE Trans. Autom. Control, vol. 62, no. 12, pp. 6641–6648, Dec. 2017. doi: 10.1109/TAC.2017.2714903
[32]	Z. H. Pang, G. P. Liu, D. H. Zhou, F. Y. Hou, and D. H. Sun, “Two-channel false data injection attacks against output tracking control of networked systems,” IEEE Trans. Ind. Electron., vol. 63, no. 5, pp. 3242–3251, May 2016. doi: 10.1109/TIE.2016.2535119
[33]	Z. Pang, Y. Fu, H. Guo, and J. Sun, “Analysis of stealthy false data injection attacks against networked control systems: Three case studies,” J. Syst. Sci. Complex, 2023.
[34]	Y. Chen, S. Kar, and J. M. F. Moura, “Cyber-physical attacks with control objectives,” IEEE Trans. Autom. Control, vol. 63, no. 5, pp. 1418–1425, May 2018. doi: 10.1109/TAC.2017.2741778
[35]	Y. Chen, S. Kar, and J. M. F. Moura, “Optimal attack strategies subject to detection constraints against cyber-physical systems,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 1157–1168, Sept. 2018. doi: 10.1109/TCNS.2017.2690399
[36]	Q. R. Zhang, K. Liu, Y. Q. Xia, and A. Y. Ma, “Optimal stealthy deception attack against cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 9, pp. 3963–3972, Sept. 2020. doi: 10.1109/TCYB.2019.2912622
[37]	Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Optimal linear cyber-attack on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 4–13, Mar. 2017. doi: 10.1109/TCNS.2016.2570003
[38]	Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case stealthy innovation-based linear attack on remote state estimation,” Automatica, vol. 89, pp. 117–124, Mar. 2018. doi: 10.1016/j.automatica.2017.11.018
[39]	Y. G. Li and G. H. Yang, “Optimal stealthy false data injection attacks in cyber-physical systems,” Inf. Sci., vol. 481, pp. 474–490, May 2019. doi: 10.1016/j.ins.2019.01.001
[40]	J. Shang, H. Yu, and T. W. Chen, “Worst-case stealthy innovation-based linear attacks on remote state estimation under Kullback-Leibler divergence,” IEEE Trans. Autom. Control, vol. 67, no. 11, pp. 6082–6089, Nov. 2022. doi: 10.1109/TAC.2021.3125430
[41]	Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case innovation-Based integrity attacks with side information on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 6, no. 1, pp. 48–59, Mar. 2019. doi: 10.1109/TCNS.2018.2793664
[42]	Y. G. Li and G. H. Yang, “Optimal stealthy innovation-based attacks with historical data in cyber-physical systems,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 6, pp. 3401–3411, Jun. 2021. doi: 10.1109/TSMC.2019.2924976
[43]	J. Shang and T. W. Chen, “Optimal stealthy integrity attacks on remote state estimation: The maximum utilization of historical data,” Automatica, vol. 128, p. 109555, Jun. 2021. doi: 10.1016/j.automatica.2021.109555
[44]	H. X. Liu, Y. Q. Ni, L. H. Xie, and K. H. Johansson, “How vulnerable is innovation-based remote state estimation: Fundamental limits under linear attacks,” Automatica, vol. 136, p. 110079, Feb. 2022. doi: 10.1016/j.automatica.2021.110079
[45]	Y. Z. Li, L. Shi, and T. W. Chen, “Detection against linear deception attacks on multi-sensor remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 846–856, Sept. 2018. doi: 10.1109/TCNS.2017.2648508
[46]	Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case analysis of innovation-based linear attack on remote state estimation with resource constraint,” in Proc. IEEE 55th Conf. Decision and Control, Las Vegas, USA, 2016, pp. 6303–6308.
[47]	H. B. Guo, J. Sun, and Z. H. Pang, “Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems,” ISA Trans., vol. 127, pp. 32–40, Aug. 2022. doi: 10.1016/j.isatra.2022.02.045
[48]	Z. H. Pang, L. Z. Fan, H. B. Guo, Y. T. Shi, R. Q. Chai, J. Sun, and G. P. Liu, “Security of networked control systems subject to deception attacks: A survey,” Int. J. Syst. Sci., vol. 53, no. 16, pp. 3577–3598, Nov. 2022. doi: 10.1080/00207721.2022.2143735
[49]	C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

Supplements(0)

Cited By

Proportional views

Proportional views

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

Figures(9)

Get Citation

PDF

XML

Article Metrics

Article views (429) PDF downloads(83)

Highlights

This paper investigates the security issue of multi-sensor remote state estimation in cyber-physical systems and proposes a novel stealthy FDI attack scheme by using historical and current residuals
Different from existing works only using real-time residuals to design attack signals, this paper utilizes both historical and current residuals to construct attack signals to tamper with the measurement residuals of partial sensors. The attack impact on system estimation performance is improved
Due to limited attack resources, malicious attackers only can falsify the measurement residuals of partial sensors. However, existing attack schemes using historical and current residuals for single-sensor systems would lose stealthiness when attacking one of the transmission channels of a multi-sensor system, which is greatly solved in this paper

Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems

doi: 10.1109/JAS.2023.123441

Abstract

References

Proportional views

Catalog

通讯作者: 陈斌, bchen63@163.com

Article Metrics

Highlights

Export File

Citation

Format

Content