IEEE/CAA Journal of Automatica Sinica
Citation: | H. B. Guo, J. Sun, and Z.-H. Pang, “Residual-based false data injection attacks against multi-sensor estimation systems,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 5, pp. 1181–1191, May 2023. doi: 10.1109/JAS.2023.123441 |
This paper investigates the security issue of multi-sensor remote estimation systems. An optimal stealthy false data injection (FDI) attack scheme based on historical and current residuals, which only tampers with the measurement residuals of partial sensors due to limited attack resources, is proposed to maximally degrade system estimation performance. The attack stealthiness condition is given, and then the estimation error covariance in compromised state is derived to quantify the system performance under attack. The optimal attack strategy is obtained by solving several convex optimization problems which maximize the trace of the compromised estimation error covariance subject to the stealthiness condition. Moreover, due to the constraint of attack resources, the selection principle of the attacked sensor is provided to determine which sensor is attacked so as to hold the most impact on system performance. Finally, simulation results are presented to verify the theoretical analysis.
[1] |
X. M. Zhang, Q.-L. Han, X. H. Ge, D. R. Ding, L. Ding, D. Yue, and C. Peng, “Networked control systems: A survey of trends and techniques,” IEEE/CAA J. Autom. Sinica, vol. 7, no. 1, pp. 1–17, Jan. 2020. doi: 10.1109/JAS.2019.1911861
|
[2] |
C. Song, L. Liu, G. Feng, Y. Fan, and S. Y. Xu, “Coverage control for heterogeneous mobile sensor networks with bounded position measurement errors,” Automatica, vol. 120, p. 109118, Oct. 2020. doi: 10.1016/j.automatica.2020.109118
|
[3] |
D. R. Ding, Q.-L. Han, X. H. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 1, pp. 176–190, Jan. 2021. doi: 10.1109/TSMC.2020.3041121
|
[4] |
Z. H. Pang, C. D. Bai, G. P. Liu, Q.-L. Han, and X. M. Zhang, “A novel networked predictive control method for systems with random communication constraints,” J. Syst. Sci. Complex., vol. 34, no. 4, pp. 1364–1378, Feb. 2021. doi: 10.1007/s11424-021-0160-y
|
[5] |
J. Hu, C. Q. Jia, H. Yu, and H. J. Liu, “Dynamic event-triggered state estimation for nonlinear coupled output complex networks subject to innovation constraints,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 941–944, May 2022. doi: 10.1109/JAS.2022.105581
|
[6] |
G. Y. Wu, G. Wang, J. Sun, and J. Chen, “Optimal partial feedback attacks in cyber-physical power systems,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3919–3926, Sept. 2020. doi: 10.1109/TAC.2020.2981915
|
[7] |
Z. H. Pang, W. C. Luo, G. P. Liu, and Q.-L. Han, “Observer-based incremental predictive control of networked multi-agent systems with random delays and packet dropouts,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 1, pp. 426–430, Jan. 2021.
|
[8] |
C. B. Zheng, Z. H. Pang, J. X. Wang, J. Sun, G. P. Liu, and Q.-L. Han, “Null-space-based time-varying formation control of uncertain nonlinear second-order multi-agent systems with collision avoidance,” IEEE Trans. Ind. Electron., to be published
|
[9] |
J. Chen, J. Sun, and G. Wang, “From unmanned systems to autonomous intelligent systems,” Engineering, vol. 12, pp. 16–19, May 2022. doi: 10.1016/j.eng.2021.10.007
|
[10] |
W. L. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
|
[11] |
Z. H. Pang, L. Z. Fan, Z. Dong, Q.-L. Han, and G. P. Liu, “False data injection attacks against partial sensor measurements of networked control systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 69, no. 1, pp. 149–153, Jan. 2022.
|
[12] |
H. B. Guo, J. Sun, Z. H. Pang, and G. P. Liu, “Event-based optimal stealthy false data-injection attacks against remote state estimation systems,” IEEE Trans. Cybern., 2023.
|
[13] |
W. Y. Xu, Z. D. Wang, L. Hu, and J. Kurths, “State estimation under joint false data injection attacks: Dealing with constraints and insecurity,” IEEE Trans. Autom. Control, vol. 67, no. 12, pp. 6745–6753, Dec. 2022. doi: 10.1109/TAC.2021.3131145
|
[14] |
F. Y. Hou, J. Sun, Q. L. Yang, and Z. H. Pang, “Deep reinforcement learning for optimal denial-of-service attacks scheduling,” Sci. China Inf. Sci., vol. 65, no. 6, p. 162201, Jun. 2022. doi: 10.1007/s11432-020-3027-0
|
[15] |
X. H. Ge, Q.-L. Han, M. Y. Zhong, and X. M. Zhang, “Distributed Krein space-based attack detection over sensor networks under deception attacks,” Automatica, vol. 109, p. 108557, Nov. 2019. doi: 10.1016/j.automatica.2019.108557
|
[16] |
D. Ye and T. Y. Zhang, “Summation detector for false data-injection attack in cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 6, pp. 2338–2345, Jun. 2020. doi: 10.1109/TCYB.2019.2915124
|
[17] |
Z. H. Pang, L. Z. Fan, J. Sun, K. Liu, and G. P. Liu, “Detection of stealthy false data injection attacks against networked control systems via active data modification,” Inf. Sci., vol. 546, pp. 192–205, Feb. 2021. doi: 10.1016/j.ins.2020.06.074
|
[18] |
H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “An output-coding-based detection scheme against replay attacks in cyber-physical systems,” IEEE Trans. Circuits Syst. II: Express Briefs, vol. 68, no. 10, pp. 3306–3310, Oct. 2021.
|
[19] |
J. Zhang, L. Pan, Q.-L. Han, C. Chen, S. Wen, and Y. Xiang, “Deep learning based attack detection for cyber-physical system cybersecurity: A survey,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 3, pp. 377–391, Mar. 2022. doi: 10.1109/JAS.2021.1004261
|
[20] |
H. B. Guo, Z. H. Pang, J. Sun, and J. Li, “Detection of stealthy false data injection attacks against cyber-physical systems: A stochastic coding scheme,” J. Syst. Sci. Complex., vol. 35, no. 5, pp. 1668–1684, Aug. 2022. doi: 10.1007/s11424-022-1005-z
|
[21] |
Y. L. Mo and B. Sinopoli, “Secure estimation in the presence of integrity attacks,” IEEE Trans. Autom. Control, vol. 60, no. 4, pp. 1145–1151, Apr. 2015. doi: 10.1109/TAC.2014.2350231
|
[22] |
W. Ao, Y. D. Song, and C. Y. Wen, “Distributed secure state estimation and control for CPSs under sensor attacks,” IEEE Trans. Cybern., vol. 50, no. 1, pp. 259–269, Jan. 2020. doi: 10.1109/TCYB.2018.2868781
|
[23] |
H. C. Xiao, D. R. Ding, H. L. Dong, and G. L. Wei, “Adaptive event-triggered state estimation for large-scale systems subject to deception attacks,” Sci. China Inf. Sci., vol. 65, no. 2, p. 122207, Feb. 2022. doi: 10.1007/s11432-020-3142-5
|
[24] |
D. Zhang, C. Deng, and G. Feng, “Resilient cooperative output regulation for nonlinear multi-agent systems under DoS attacks,” IEEE Trans. Autom. Control, vol. 68, no. 4, pp. 2521–2528, Apr. 2023.
|
[25] |
Z. H. Pang and G. P. Liu, “Design and implementation of secure networked predictive control systems under deception attacks,” IEEE Trans. Control Syst. Technol., vol. 20, no. 5, pp. 1334–1342, Sept. 2012. doi: 10.1109/TCST.2011.2160543
|
[26] |
S. Feng, A. Cetinkaya, H. Ishii, P. Tesi, and C. De Persis, “Networked control under DoS attacks: Tradeoffs between resilience and data rate,” IEEE Trans. Autom. Control, vol. 66, no. 1, pp. 460–467, Jan. 2021. doi: 10.1109/TAC.2020.2981083
|
[27] |
B. Chen, Y. W. Tan, Z. Sun, and L. Yu, “Attack-resilient control against FDI attacks in cyber-physical systems,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 6, pp. 1099–1102, Jun. 2022. doi: 10.1109/JAS.2022.105641
|
[28] |
W. J. Liu, J. Sun, G. Wang, F. Bullo, and J. Chen, “Resilient control under quantization and denial-of-service: Codesigning a deadbeat controller and transmission protocol,” IEEE Trans. Autom. Control, vol. 67, no. 8, pp. 3879–3891, Jun. 2022. doi: 10.1109/TAC.2021.3107145
|
[29] |
X. H. Ge, Q.-L. Han, Q. Wu, and X. M. Zhang, “Resilient and safe platooning control of connected automated vehicles against intermittent denial-of-service attacks,” IEEE/CAA J. Autom. Sinica, 2022.
|
[30] |
E. Kung, S. Dey, and L. Shi, “The performance and limitations of ϵ-stealthy attacks on higher order systems,” IEEE Trans. Autom. Control, vol. 62, no. 2, pp. 941–947, Feb. 2017. doi: 10.1109/TAC.2016.2565379
|
[31] |
C. Z. Bai, V. Gupta, and F. Pasqualetti, “On Kalman filtering with compromised sensors: Attack stealthiness and performance bounds,” IEEE Trans. Autom. Control, vol. 62, no. 12, pp. 6641–6648, Dec. 2017. doi: 10.1109/TAC.2017.2714903
|
[32] |
Z. H. Pang, G. P. Liu, D. H. Zhou, F. Y. Hou, and D. H. Sun, “Two-channel false data injection attacks against output tracking control of networked systems,” IEEE Trans. Ind. Electron., vol. 63, no. 5, pp. 3242–3251, May 2016. doi: 10.1109/TIE.2016.2535119
|
[33] |
Z. Pang, Y. Fu, H. Guo, and J. Sun, “Analysis of stealthy false data injection attacks against networked control systems: Three case studies,” J. Syst. Sci. Complex, 2023.
|
[34] |
Y. Chen, S. Kar, and J. M. F. Moura, “Cyber-physical attacks with control objectives,” IEEE Trans. Autom. Control, vol. 63, no. 5, pp. 1418–1425, May 2018. doi: 10.1109/TAC.2017.2741778
|
[35] |
Y. Chen, S. Kar, and J. M. F. Moura, “Optimal attack strategies subject to detection constraints against cyber-physical systems,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 1157–1168, Sept. 2018. doi: 10.1109/TCNS.2017.2690399
|
[36] |
Q. R. Zhang, K. Liu, Y. Q. Xia, and A. Y. Ma, “Optimal stealthy deception attack against cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 9, pp. 3963–3972, Sept. 2020. doi: 10.1109/TCYB.2019.2912622
|
[37] |
Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Optimal linear cyber-attack on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 4–13, Mar. 2017. doi: 10.1109/TCNS.2016.2570003
|
[38] |
Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case stealthy innovation-based linear attack on remote state estimation,” Automatica, vol. 89, pp. 117–124, Mar. 2018. doi: 10.1016/j.automatica.2017.11.018
|
[39] |
Y. G. Li and G. H. Yang, “Optimal stealthy false data injection attacks in cyber-physical systems,” Inf. Sci., vol. 481, pp. 474–490, May 2019. doi: 10.1016/j.ins.2019.01.001
|
[40] |
J. Shang, H. Yu, and T. W. Chen, “Worst-case stealthy innovation-based linear attacks on remote state estimation under Kullback-Leibler divergence,” IEEE Trans. Autom. Control, vol. 67, no. 11, pp. 6082–6089, Nov. 2022. doi: 10.1109/TAC.2021.3125430
|
[41] |
Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case innovation-Based integrity attacks with side information on remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 6, no. 1, pp. 48–59, Mar. 2019. doi: 10.1109/TCNS.2018.2793664
|
[42] |
Y. G. Li and G. H. Yang, “Optimal stealthy innovation-based attacks with historical data in cyber-physical systems,” IEEE Trans. Syst.,Man,Cybern.: Syst., vol. 51, no. 6, pp. 3401–3411, Jun. 2021. doi: 10.1109/TSMC.2019.2924976
|
[43] |
J. Shang and T. W. Chen, “Optimal stealthy integrity attacks on remote state estimation: The maximum utilization of historical data,” Automatica, vol. 128, p. 109555, Jun. 2021. doi: 10.1016/j.automatica.2021.109555
|
[44] |
H. X. Liu, Y. Q. Ni, L. H. Xie, and K. H. Johansson, “How vulnerable is innovation-based remote state estimation: Fundamental limits under linear attacks,” Automatica, vol. 136, p. 110079, Feb. 2022. doi: 10.1016/j.automatica.2021.110079
|
[45] |
Y. Z. Li, L. Shi, and T. W. Chen, “Detection against linear deception attacks on multi-sensor remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 3, pp. 846–856, Sept. 2018. doi: 10.1109/TCNS.2017.2648508
|
[46] |
Z. Y. Guo, D. W. Shi, K. H. Johansson, and L. Shi, “Worst-case analysis of innovation-based linear attack on remote state estimation with resource constraint,” in Proc. IEEE 55th Conf. Decision and Control, Las Vegas, USA, 2016, pp. 6303–6308.
|
[47] |
H. B. Guo, J. Sun, and Z. H. Pang, “Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems,” ISA Trans., vol. 127, pp. 32–40, Aug. 2022. doi: 10.1016/j.isatra.2022.02.045
|
[48] |
Z. H. Pang, L. Z. Fan, H. B. Guo, Y. T. Shi, R. Q. Chai, J. Sun, and G. P. Liu, “Security of networked control systems subject to deception attacks: A survey,” Int. J. Syst. Sci., vol. 53, no. 16, pp. 3577–3598, Nov. 2022. doi: 10.1080/00207721.2022.2143735
|
[49] |
C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944
|