| 1. |
- Nguyen, Anh Tung, 1995-
(författare)
-
Security Allocation in Networked Control Systems
- 2023
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. Consequently, the critical infrastructure is put at risk of suffering operation disruption and even physical damage that would inflict financial costs as well as pose a hazard to human health. Therefore, security is crucial to the sustained efficient operation of critical infrastructure. This thesis develops a framework for evaluating and improving the security of networked control systems in the face of cyberattacks. The considered security problem involves two strategic agents, namely a malicious adversary and a defender, pursuing their specific and conflicting goals. The defender aims to efficiently allocate defense resources with the purpose of detecting malicious activities. Meanwhile, the malicious adversary simultaneously conducts cyber attacks and remains stealthy to the defender. We tackle the security problem by proposing a game-theoretic framework and characterizing its main components: the payoff function, the action space, and the available information for each agent. Especially, the payoff function is characterized based on the output-to-output gain security metric that fully explores the worst-case attack impact. Then, we investigate the properties of the game and how to efficiently compute its equilibrium. Given the combinatorial nature of the defender’s actions, one important challenge is to alleviate the computational burden. To overcome this challenge, the thesis contributes several system- and graph-theoretic conditions that enable the defender to shrink the action space, efficiently allocating the defense resources. The effectiveness of the proposed framework is validated through numerical examples.
|
|
| 2. |
- Teixeira, André
(författare)
-
Toward Cyber-Secure and Resilient Networked Control Systems
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Resilience is the ability to maintain acceptable levels of operation in the presence of abnormal conditions. It is an essential property in industrial control systems, which are the backbone of several critical infrastructures. The trend towards using pervasive information technology systems, such as the Internet, results in control systems becoming increasingly vulnerable to cyber threats. Traditional cyber security does not consider the interdependencies between the physical components and the cyber systems. On the other hand, control-theoretic approaches typically deal with independent disturbances and faults, thus they are not tailored to handle cyber threats. Theory and tools to analyze and build control system resilience are, therefore, lacking and in need to be developed. This thesis contributes towards a framework for analyzing and building resilient control systems.First, a conceptual model for networked control systems with malicious adversaries is introduced. In this model, the adversary aims at disrupting the system behavior while remaining undetected by an anomaly detector The adversary is constrained in terms of the available model knowledge, disclosure resources, and disruption capabilities. These resources may correspond to the anomaly detector’s algorithm, sniffers of private data, and spoofers of control commands, respectively.Second, we address security and resilience under the perspective of risk management, where the notion of risk is defined in terms of a threat’s scenario, impact, and likelihood. Quantitative tools to analyze risk are proposed. They take into account both the likelihood and impact of threats. Attack scenarios with high impact are identified using the proposed tools, e.g., zero-dynamics attacks are analyzed in detail. The problem of revealing attacks is also addressed. Their stealthiness is characterized, and how to detect them by modifying the system’s structure is also described.As our third contribution, we propose distributed fault detection and isolation schemes to detect physical and cyber threats on interconnected second-order linear systems. A distributed scheme based on unknown input observers is designed to jointly detect and isolate threats that may occur on the network edges or nodes. Additionally, we propose a distributed scheme based on local models and measurements that is resilient to changes outside the local subsystem. The complexity of the proposed methods is decreased by reducing the number of monitoring nodes and by characterizing the minimum amount of model information and measurements needed to achieve fault detection and isolation.Finally, we tackle the problem of distributed reconfiguration under sensor and actuator faults. In particular, we consider a control system with redundant sensors and actuators cooperating to recover from the removal of individual nodes. The proposed scheme minimizes a quadratic cost while satisfying a model-matching condition, which maintains the nominal closed-loop behavior after faults. Stability of the closed-loop system under the proposed scheme is analyzed.
|
|
| 3. |
- Coimbatore Anand, Sribalaji, 1994-
(författare)
-
Risk-Based Analysis and Design of Secure Control Systems
- 2024
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Networked Control Systems (NCSs) are integral to many critical infrastructures such as power grids, transportation, and production systems. The resilient operation of such NCS against cyber-attacks is essential for society, and risk management presents an effective framework for addressing these security challenges. The risk management framework encompasses two steps: risk assessment and risk mitigation. The risk assessment step aims to quantify the risk, whereas the risk mitigation step focuses on designing mitigation strategies. This thesis leverages the risk management framework to analyze and design NCSs that are resilient to cyber-attacks. In particular, this thesis aims to address the following research challenges. Firstly, we aim to assess the risk of attack scenarios that are realistic (risk assessment step). In particular, we consider adversaries and operators with different levels of knowledge about the NCS. For instance, an adversary or operator may possess complete knowledge of the system dynamics or have only partial knowledge with varying degrees of uncertainty. Hence, we describe a systematic approach to assess the risk considering the interplay between the knowledge levels of adversaries and operators.Secondly, we aim to design the NCS to minimize the risk of attacks (risk mitigation step). We explore three different strategies to minimize the risk: (a) controller/detector design, (b) security measure allocation, and (c) system architecture design. In the first strategy, we design the controller and detector gains to minimize the risk of attacks. Here, risk is characterized by the performance loss caused by stealthy attacks on the NCS. In the second strategy, we consider a distributed NCS where certain distributed devices can be secured from attacks by deploying secure sensors and actuators. Then, we aim to strategically determine the devices to secure and mitigate the risk of attacks effectively. Finally, inspired by digital watermarking, we explore the idea of introducing watermarks in NCS to detect attacks efficiently. Throughout the thesis, we provide various numerical examples to depict the efficacy of risk assessment and risk mitigation algorithms. We also provide numerous discussions and avenues for future research directions.
|
|
| 4. |
- Abdalmoaty, Mohamed, 1986-, et al.
(författare)
-
Privacy and Security in Network Controlled Systems via Dynamic Masking
- 2023
-
Ingår i: IFAC-PapersOnLine. - : Elsevier. - 2405-8963. ; 56:2, s. 991-996
-
Tidskriftsartikel (refereegranskat)abstract
- In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system using system identification techniques (privacy), and then performs a data injection attack (security). In particular, we consider an adversary conducting zero-dynamics attacks (ZDA) which maximizes the performance cost of the system whilst staying undetected. Using the proposed architecture, we show that it is possible to (i) introduce significant bias in the system estimates obtained by the adversary: thus providing privacy, and (ii) efficiently detect attacks when the adversary performs a ZDA using the identified system: thus providing security. Through numerical simulations, we illustrate the efficacy of the proposed architecture
|
|
| 5. |
- Arghavani, Abbas, et al.
(författare)
-
A Game-theoretic Approach to Covert Communications in the Presence of Multiple Colluding Wardens
- 2021
-
Ingår i: 2021 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781728195056
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we address the problem of covert communication under the presence of multiple wardens with a finite blocklength. The system consists of Alice, who aims to covertly transmit to Bob with the help of a jammer. The system also consists of a Fusion Center (FC), which combines all the wardens' information and decides on the presence or absence of Alice. Both Alice and jammer vary their signal power randomly to confuse the FC. In contrast, the FC randomly changes its threshold to confuse Alice. The main focus of the paper is to study the impact of employing multiple wardens on the trade-off between the probability of error at the FC and the outage probability at Bob. Hence, we formulate the probability of error and the outage probability under the assumption that the channels from Alice and jammer to Bob are subject to Rayleigh fading, while we assume that the channels from Alice and jammer to the wardens are not subject to fading. Then, we utilize a two-player zero-sum game approach to model the interaction between joint Alice and jammer as one player and the FC as the second player. We derive the pay-off function that can be efficiently computed using linear programming to find the optimal distributions of transmitting and jamming powers as well as thresholds used by the FC. The benefit of using a cooperative jammer is shown by means of analytical results and numerical simulations to neutralize the advantage of using multiple wardens at the FC.
|
|
| 6. |
- Chockalingam, Sabarathinam, et al.
(författare)
-
Bayesian network model to distinguish between intentional attacks and accidental technical failures : a case study of floodgates
- 2021
-
Ingår i: Cybersecurity. - : Springer Nature. - 2523-3246. ; 4:1
-
Tidskriftsartikel (refereegranskat)abstract
- Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.
|
|
| 7. |
- Chockalingam, Sabarathinam, et al.
(författare)
-
Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures
- 2023
-
Ingår i: Journal of Information Security and Applications. - : ELSEVIER. - 2214-2134 .- 2214-2126. ; 75
-
Tidskriftsartikel (refereegranskat)abstract
- Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain.
|
|
| 8. |
- Coimbatore Anand, Sribalaji, et al.
(författare)
-
Risk assessment and optimal allocation of security measures under stealthy false data injection attacks
- 2022
-
Ingår i: 2022 IEEE Conference on Control Technology and Applications (CCTA). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665473392 - 9781665473385 ; , s. 1347-1353
-
Konferensbidrag (refereegranskat)abstract
- This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the adversary. The worst-case attack impact is characterized by the recently proposed output-to-output gain. We observe that the risk assessment problem corresponds to an infinite non-convex robust optimization problem. To this end, we use dissipative system theory and the scenario approach to approximate the risk-assessment problem into a convex problem and also provide probabilistic certificates on approximation. Secondly, we con-sider the problem of security measure allocation. We consider an operator with a constraint on the security budget. Under this constraint, we propose an algorithm to optimally allocate the security measures using the calculated risk such that the resulting Value-at-risk is minimized. Finally, we illustrate the results through a numerical example. The numerical example also illustrates that the security allocation using the Value-at-risk, and the impact on the nominal system may have different outcomes: thereby depicting the benefit of using risk metrics.
|
|
| 9. |
- Coimbatore Anand, Sribalaji, et al.
(författare)
-
Risk Assessment of Stealthy Attacks on Uncertain Control Systems
- 2024
-
Ingår i: IEEE Transactions on Automatic Control. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9286 .- 1558-2523. ; 69:5, s. 3214-3221
-
Tidskriftsartikel (refereegranskat)abstract
- In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering the data injection attacks that aim at maximizing the impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge attacker. The risk is formulated using a well-established risk metric, namely the maximum expected loss. Under this setup, the risk assessment problem corresponds to an untractable infinite nonconvex optimization problem. To address this limitation, we adopt the framework of scenario-based optimization to approximate the infinite nonconvex optimization problem by a sampled nonconvex optimization problem. Then, based on the framework of dissipative system theory and S-procedure, the sampled nonconvex risk assessment problem is formulated as an equivalent convex semidefinite program. Additionally, we derive the necessary and sufficient conditions for the risk to be bounded. Finally, we illustrate the results through numerical simulation of a hydro-turbine power system.
|
|
| 10. |
- Coimbatore Anand, Sribalaji, et al.
(författare)
-
Risk-averse controller design against data injection attacks on actuators for uncertain control systems
- 2022
-
Ingår i: 2022 AMERICAN CONTROL CONFERENCE (ACC). - : IEEE. - 9781665451963 ; , s. 5037-5042
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impact of attacks. The worst-case attack impact is characterized using the recently proposed output-to-output l(2)-gain (OOG). We formulate the design problem and observe that it is non-convex and hard to solve. Using the framework of scenariobased optimization and a convex proxy for the OOG, we propose a convex optimization problem that approximately solves the design problem with probabilistic certificates. Finally, we illustrate the results through a numerical example.
|
|
