A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 10 Issue 5
May  2023

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 15.3, Top 1 (SCI Q1)
    CiteScore: 23.5, Top 2% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
H. B. Guo, J. Sun, and  Z.-H. Pang,  “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441
Citation: H. B. Guo, J. Sun, and  Z.-H. Pang,  “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441

Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems

doi: 10.1109/JAS.2023.123441
Funds:  This work was supported by the National Natural Science Foundation of China (61925303, 62173034, 62088101, U20B2073, 62173002), the National Key Research and Development Program of China (2021YFB1714800), and Beijing Natural Science Foundation (4222045)
More Information
  • This paper investigates the security issue of multi-sensor remote estimation systems. An optimal stealthy false data injection (FDI) attack scheme based on historical and current residuals, which only tampers with the measurement residuals of partial sensors due to limited attack resources, is proposed to maximally degrade system estimation performance. The attack stealthiness condition is given, and then the estimation error covariance in compromised state is derived to quantify the system performance under attack. The optimal attack strategy is obtained by solving several convex optimization problems which maximize the trace of the compromised estimation error covariance subject to the stealthiness condition. Moreover, due to the constraint of attack resources, the selection principle of the attacked sensor is provided to determine which sensor is attacked so as to hold the most impact on system performance. Finally, simulation results are presented to verify the theoretical analysis.

     

  • loading
  • [1]
    X. M. Zhang, Q.-L. Han, X. H. Ge, D. R. Ding, L. Ding, D. Yue, and C. Peng, “Networked control systems: A survey of trends and techniques,” IEEE/CAA J. Autom. Sinica, vol. 7, no. 1, pp. 1–17, Jan. 2020. doi: 10.1109/JAS.2019.1911861
    [2]
    C. Song, L. Liu, G. Feng, Y. Fan, and S. Y. Xu, “Coverage control for heterogeneous mobile sensor networks with bounded position measurement errors,” Automatica, vol. 120, p. 109118, Oct. 2020. doi: 10.1016/j.automatica.2020.109118
    [3]
    D. R. Ding, Q.-L. Han, X. H. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 1, pp. 176–190, Jan. 2021. doi: 10.1109/TSMC.2020.3041121
    [4]
    Z. H. Pang, C. D. Bai, G. P. Liu, Q.-L. Han, and X. M. Zhang, “A novel networked predictive control method for systems with random communication constraints,” J. Syst. Sci. Complex., vol. 34, no. 4, pp. 1364–1378, Feb. 2021. doi: 10.1007/s11424-021-0160-y
    [5]
    J. Hu, C. Q. Jia, H. Yu, and H. J. Liu, “Dynamic event-triggered state estimation for nonlinear coupled output complex networks subject to innovation constraints,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 941–944, May 2022. doi: 10.1109/JAS.2022.105581
    [6]
    G. Y. Wu, G. Wang, J. Sun, and J. Chen, “Optimal partial feedback attacks in cyber-physical power systems,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3919–3926, Sept. 2020. doi: 10.1109/TAC.2020.2981915
    [7]
    Z. H. Pang, W. C. Luo, G. P. Liu, and Q.-L. Han, “Observer-based incremental predictive control of networked multi-agent systems with random delays and packet dropouts,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 1, pp. 426–430, Jan. 2021.
    [8]
    C. B. Zheng, Z. H. Pang, J. X. Wang, J. Sun, G. P. Liu, and Q.-L. Han, “Null-space-based time-varying formation control of uncertain nonlinear second-order multi-agent systems with collision avoidance,” IEEE Trans. Ind. Electron., to be published
    [9]
    J. Chen, J. Sun, and G. Wang, “From unmanned systems to autonomous intelligent systems,” Engineering, vol. 12, pp. 16–19, May 2022. doi: 10.1016/j.eng.2021.10.007
    [10]
    W. L. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
    [11]
    Z. H. Pang, L. Z. Fan, Z. Dong, Q.-L. Han, and G. P. Liu, “False data injection attacks against partial sensor measurements of networked control systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 69, no. 1, pp. 149–153, Jan. 2022.
    [12]
    H. B. Guo, J. Sun, Z. H. Pang, and G. P. Liu, “Event-based optimal stealthy false data-injection attacks against remote state estimation systems,” IEEE Trans. Cybern., 2023.
    [13]
    W. Y. Xu, Z. D. Wang, L. Hu, and J. Kurths, “State estimation under joint false data injection attacks: Dealing with constraints and insecurity,” IEEE Trans. Autom. Control, vol. 67, no. 12, pp. 6745–6753, Dec. 2022. doi: 10.1109/TAC.2021.3131145
    [14]
    F. Y. Hou, J. Sun, Q. L. Yang, and Z. H. Pang, “Deep reinforcement learning for optimal denial-of-service attacks scheduling,” Sci. China Inf. Sci., vol. 65, no. 6, p. 162201, Jun. 2022. doi: 10.1007/s11432-020-3027-0
    [15]
    X. H. Ge, Q.-L. Han, M. Y. Zhong, and X. M. Zhang, “Distributed Krein space-based attack detection over sensor networks under deception attacks,” Automatica, vol. 109, p. 108557, Nov. 2019. doi: 10.1016/j.automatica.2019.108557
    [16]
    D. Ye and T. Y. Zhang, “Summation detector for false data-injection attack in cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 6, pp. 2338–2345, Jun. 2020. doi: 10.1109/TCYB.2019.2915124
    [17]
    Z. H. Pang, L. Z. Fan, J. Sun, K. Liu, and G. P. Liu, “Detection of stealthy false data injection attacks against networked control systems via active data modification,” Inf. Sci., vol. 546, pp. 192–205, Feb. 2021. doi: 10.1016/j.ins.2020.06.074
    [18]
    H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “An output-coding-based detection scheme against replay attacks in cyber-physical systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 10, pp. 3306–3310, Oct. 2021.
    [19]
    J. Zhang, L. Pan, Q.-L. Han, C. Chen, S. Wen, and Y. Xiang, “Deep learning based attack detection for cyber-physical system cybersecurity: A survey,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 3, pp. 377–391, Mar. 2022. doi: 10.1109/JAS.2021.1004261
    [20]
    H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “Detection of stealthy false data injection attacks against cyber-physical systems: A stochastic coding scheme,” J. Syst. Sci. Complex., vol. 35, no. 5, pp. 1668–1684, Aug. 2022. doi: 10.1007/s11424-022-1005-z
    [21]
    Y. L. Mo and B. Sinopoli, “Secure estimation in the presence of integrity attacks,” IEEE Trans. Autom. Control, vol. 60, no. 4, pp. 1145–1151, Apr. 2015. doi: 10.1109/TAC.2014.2350231
    [22]
    W. Ao, Y. D. Song, and C. Y. Wen, “Distributed secure state estimation and control for CPSs under sensor attacks,” IEEE Trans. Cybern., vol. 50, no. 1, pp. 259–269, Jan. 2020. doi: 10.1109/TCYB.2018.2868781
    [23]
    H. C. Xiao, D. R. Ding, H. L. Dong, and G. L. Wei, “Adaptive event-triggered state estimation for large-scale systems subject to deception attacks,” Sci. China Inf. Sci., vol. 65, no. 2, p. 122207, Feb. 2022. doi: 10.1007/s11432-020-3142-5
    [24]
    D. Zhang, C. Deng, and G. Feng, “Resilient cooperative output regulation for nonlinear multi-agent systems under DoS attacks,” IEEE Trans. Autom. Control, vol. 68, no. 4, pp. 2521–2528, Apr. 2023.
    [25]
    Z. H. Pang and G. P. Liu, “Design and implementation of secure networked predictive control systems under deception attacks,” IEEE Trans. Control Syst. Technol., vol. 20, no. 5, pp. 1334–1342, Sept. 2012. doi: 10.1109/TCST.2011.2160543
    [26]
    S. Feng, A. Cetinkaya, H. Ishii, P. Tesi, and C. De Persis, “Networked control under DoS attacks: Tradeoffs between resilience and data rate,” IEEE Trans. Autom. Control, vol. 66, no. 1, pp. 460–467, Jan. 2021. doi: 10.1109/TAC.2020.2981083
    [27]
    B. Chen, Y. W. Tan, Z. Sun, and L. Yu, “Attack-resilient control against FDI attacks in cyber-physical systems,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 6, pp. 1099–1102, Jun. 2022. doi: 10.1109/JAS.2022.105641
    [28]
    W. J. Liu, J. Sun, G. Wang, F. Bullo, and J. Chen, “Resilient control under quantization and denial-of-service: Codesigning a deadbeat controller and transmission protocol,” IEEE Trans. Autom. Control, vol. 67, no. 8, pp. 3879–3891, Jun. 2022. doi: 10.1109/TAC.2021.3107145
    [29]
    X. H. Ge, Q.-L. Han, Q. Wu, and X. M. Zhang, “Resilient and safe platooning control of connected automated vehicles against intermittent denial-of-service attacks,” IEEE/CAA J. Autom. Sinica, 2022.
    [30]
    E. Kung, S. Dey, and L. Shi, “The performance and limitations of ϵ-stealthy attacks on higher order systems,” IEEE Trans. Autom. Control, vol. 62, no. 2, pp. 941–947, Feb. 2017. doi: 10.1109/TAC.2016.2565379
    [31]
    C. Z. Bai, V. Gupta, and F. Pasqualetti, “On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds,” IEEE Trans. Autom. Control, vol. 62, no. 12, pp. 6641–6648, Dec. 2017. doi: 10.1109/TAC.2017.2714903
    [32]
    Z. H. Pang, G. P. Liu, D. H. Zhou, F. Y. Hou, and D. H. Sun, “Two-channel false data injection attacks against output tracking control of networked systems,” IEEE Trans. Ind. Electron., vol. 63, no. 5, pp. 3242–3251, May 2016. doi: 10.1109/TIE.2016.2535119
    [33]
    Z. Pang, Y. Fu, H. Guo, and J. Sun, “Analysis of stealthy false data injection attacks against networked control systems: Three case studies,” J. Syst. Sci. Complex, 2023.
    [34]
    Y. Chen, S. Kar, and J. M. F. Moura, “Cyber-physical attacks with control objectives,” IEEE Trans. Autom. Control, vol. 63, no. 5, pp. 1418–1425, May 2018. doi: 10.1109/TAC.2017.2741778
    [35]
    Y. Chen, S. Kar, and J. M. F. Moura, “Optimal attack strategies subject to detection constraints against cyber-physical systems,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 1157–1168, Sept. 2018. doi: 10.1109/TCNS.2017.2690399
    [36]
    Q. R. Zhang, K. Liu, Y. Q. Xia, and A. Y. Ma, “Optimal stealthy deception attack against cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 9, pp. 3963–3972, Sept. 2020. doi: 10.1109/TCYB.2019.2912622
    [37]
    Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Optimal linear cyber-attack on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 4–13, Mar. 2017. doi: 10.1109/TCNS.2016.2570003
    [38]
    Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case stealthy innovation-based linear attack on remote state estimation,” Automatica, vol. 89, pp. 117–124, Mar. 2018. doi: 10.1016/j.automatica.2017.11.018
    [39]
    Y. G. Li and G. H. Yang, “Optimal stealthy false data injection attacks in cyber-physical systems,” Inf. Sci., vol. 481, pp. 474–490, May 2019. doi: 10.1016/j.ins.2019.01.001
    [40]
    J. Shang, H. Yu, and T. W. Chen, “Worst-case stealthy innovation-based linear attacks on remote state estimation under Kullback-Leibler divergence,” IEEE Trans. Autom. Control, vol. 67, no. 11, pp. 6082–6089, Nov. 2022. doi: 10.1109/TAC.2021.3125430
    [41]
    Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case innovation-Based integrity attacks with side information on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 6, no. 1, pp. 48–59, Mar. 2019. doi: 10.1109/TCNS.2018.2793664
    [42]
    Y. G. Li and G. H. Yang, “Optimal stealthy innovation-based attacks with historical data in cyber-physical systems,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 6, pp. 3401–3411, Jun. 2021. doi: 10.1109/TSMC.2019.2924976
    [43]
    J. Shang and T. W. Chen, “Optimal stealthy integrity attacks on remote state estimation: The maximum utilization of historical data,” Automatica, vol. 128, p. 109555, Jun. 2021. doi: 10.1016/j.automatica.2021.109555
    [44]
    H. X. Liu, Y. Q. Ni, L. H. Xie, and K. H. Johansson, “How vulnerable is innovation-based remote state estimation: Fundamental limits under linear attacks,” Automatica, vol. 136, p. 110079, Feb. 2022. doi: 10.1016/j.automatica.2021.110079
    [45]
    Y. Z. Li, L. Shi, and T. W. Chen, “Detection against linear deception attacks on multi-sensor remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 846–856, Sept. 2018. doi: 10.1109/TCNS.2017.2648508
    [46]
    Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case analysis of innovation-based linear attack on remote state estimation with resource constraint,” in Proc. IEEE 55th Conf. Decision and Control, Las Vegas, USA, 2016, pp. 6303–6308.
    [47]
    H. B. Guo, J. Sun, and Z. H. Pang, “Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems,” ISA Trans., vol. 127, pp. 32–40, Aug. 2022. doi: 10.1016/j.isatra.2022.02.045
    [48]
    Z. H. Pang, L. Z. Fan, H. B. Guo, Y. T. Shi, R. Q. Chai, J. Sun, and G. P. Liu, “Security of networked control systems subject to deception attacks: A survey,” Int. J. Syst. Sci., vol. 53, no. 16, pp. 3577–3598, Nov. 2022. doi: 10.1080/00207721.2022.2143735
    [49]
    C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(9)

    Article Metrics

    Article views (477) PDF downloads(84) Cited by()

    Highlights

    • This paper investigates the security issue of multi-sensor remote state estimation in cyber-physical systems and proposes a novel stealthy FDI attack scheme by using historical and current residuals
    • Different from existing works only using real-time residuals to design attack signals, this paper utilizes both historical and current residuals to construct attack signals to tamper with the measurement residuals of partial sensors. The attack impact on system estimation performance is improved
    • Due to limited attack resources, malicious attackers only can falsify the measurement residuals of partial sensors. However, existing attack schemes using historical and current residuals for single-sensor systems would lose stealthiness when attacking one of the transmission channels of a multi-sensor system, which is greatly solved in this paper

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return