| 1. |
- Farokhi, Farhad, et al.
(author)
-
Optimal State Estimation with Measurements Corrupted by Laplace Noise
- 2016
-
In: 2016 IEEE 55th Conference on Decision and Control, CDC 2016. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781509018376 ; , s. 302-307
-
Conference paper (peer-reviewed)abstract
- Optimal state estimation for linear discrete-time systems is considered. Motivated by the literature on differential privacy, the measurements are assumed to be corrupted by Laplace noise. The optimal least mean square error estimate of the state is approximated using a randomized method. The method relies on that the Laplace noise can be rewritten as Gaussian noise scaled by Rayleigh random variable. The probability of the event that the distance between the approximation and the best estimate is smaller than a constant is determined as function of the number of parallel Kalman filters that is used in the randomized method. This estimator is then compared with the optimal linear estimator, the maximum a posteriori (MAP) estimate of the state, and the particle filter.
|
|
| 2. |
- Gracy, Sebin, et al.
(author)
-
Actuator Security Index for Structured Systems
- 2020
-
In: Proceedings 2020 American Control Conference, ACC 2020, Denver, CO, USA, July 1-3, 2020. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 2993-2998
-
Conference paper (peer-reviewed)abstract
- Given a network with a set of vulnerable actuators (and sensors), the security index of an actuator equals the minimum number of sensors and actuators that needs to be compromised so as to conduct a perfectly undetectable attack using the said actuator. This paper deals with the problem of computing actuator security indices for discrete-time LTI network systems, using a structured systems framework. We show that the actuator security index is generic, that is for almost all realizations the actuator security index remains the same. We refer to such an index as generic security index (generic index) of an actuator. Given that the security index quantifies the vulnerability of a network, the generic index is quite valuable for large scale energy systems. Our second contribution is to provide graph-theoretic conditions for computing the generic index. The said conditions are in terms of existence of linkings on appropriately-defined directed (sub)graphs. Based on these conditions, we present an algorithm for computing the generic index.
|
|
| 3. |
- Gracy, Sebin, et al.
(author)
-
Security index based on perfectly undetectable attacks : Graph-theoretic conditions
- 2021
-
In: Automatica. - : Elsevier BV. - 0005-1098 .- 1873-2836. ; 134
-
Journal article (peer-reviewed)abstract
- The notion of security index quantifies the least effort involved in conducting perfectly undetectable attacks. Thus, the security index enables a systems operator to assess the vulnerability of a component, informs sensor placement strategies, and helps in deciding the feasibility of secure estimators and fault detectors. In this paper, we investigate the (possible) variation in this index as a consequence of variation in the system parameters. To this end, we adopt a structured systems approach, typically represented by a directed graph, with the edges of the said graph being in one-to-one correspondence with the system parameters. We first show that the security index is generic. That is, for almost all choices of edge weights, the security index of a component remains the same. We refer to such an index as the generic security index. Secondly, we derive graph-theoretic conditions (and based on those an algorithm) for computing the generic security index. Third, we provide graph-theoretic conditions for computing lower (resp. upper) bounds on the values that the security index of a component can take for all nonzero choices of the edge weights of the directed graph. Finally, we provide a brute force search method for calculating the said bounds.
|
|
| 4. |
|
|
| 5. |
- Milosevic, Jezdimir, et al.
(author)
-
A Network Monitoring Game with Heterogeneous Component Criticality Levels
- 2019
-
In: Proceedings of the IEEE Conference on Decision and Control. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728113982 ; , s. 4379-4384
-
Conference paper (peer-reviewed)abstract
- We consider an attacker-operator game for monitoring a large-scale network that is comprised of components that differ in their criticality levels. In this zero-sum game, the operator seeks to position a limited number of sensors to monitor the network against the attacker who strategically targets a network component. The operator (resp. attacker) seeks to minimize (resp. maximize) the network loss. To study the properties of mixed-strategy Nash Equilibria of this game, we first study two simple instances: When component sets monitored from individual sensor locations are mutually disjoint; When only a single sensor is positioned, but with possibly overlapping monitoring component sets. Our analysis reveals new insights on how criticality levels impact the players equilibrium strategies. Next, we extend a previously developed approach to obtain an approximate Nash equilibrium in the general case. This approach uses solutions to minimum set cover and maximum set packing problems to construct an approximate Nash equilibrium. Finally, we implement a column generation procedure to improve this solution and numerically evaluate the performance of our approach.
|
|
| 6. |
- Milosevic, Jezdimir, et al.
(author)
-
A Security Index for Actuators Based on Perfect Undetectability : Properties and Approximation
- 2019
-
In: 2018 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781538665961 ; , s. 235-241
-
Conference paper (peer-reviewed)abstract
- A novel security index based on the definition of perfect undetectability is proposed. The index is a tool that can help a control system operator to localize the most vulnerable actuators in the network. In particular, the security index of actuator i represents the minimal number of sensors and actuators that needs to be compromised in addition to i, such that a perfectly undetectable attack is possible. A method for computing this index for small scale systems is derived, and difficulties with the index once the system is of large scale are outlined. An upper bound for the index that overcomes these difficulties is then proposed. The theoretical developments are illustrated on a numerical example.
|
|
| 7. |
- Milosevic, Jezdimir, et al.
(author)
-
Actuator Security Indices Based on Perfect Undetectability : Computation, Robustness, and Sensor Placement
- 2020
-
In: IEEE Transactions on Automatic Control. - : IEEE. - 0018-9286 .- 1558-2523. ; 65:9, s. 3816-3831
-
Journal article (peer-reviewed)abstract
- We propose an actuator security index that can be used to localize and protect vulnerable actuators in a networked control system. Particularly, the security index of an actuator equals to the minimum number of sensors and actuators that need to be compromised, such that a perfectly undetectable attack against that actuator can be conducted. We derive a method for computing the index in small-scale systems and show that the index can potentially be increased by placing additional sensors. The difficulties that appear once the system is of a large-scale are then outlined: The index is NP-hard to compute, sensitive with respect to system variations, and based on the assumption that the attacker knows the entire system model. To overcome these difficulties, a robust security index is introduced. The robust index can characterize actuators vulnerable in any system realization, can be calculated in polynomial time, and can be related to limited model knowledge attackers. Additionally, we analyze two sensor placement problems with the objective to increase the robust indices. We show that the problems have submodular structures, so their suboptimal solutions with performance guarantees can be computed in polynomial time. Finally, we illustrate the theoretical developments through examples.
|
|
| 8. |
- Milosevic, Jezdimir, et al.
(author)
-
Analysis and Mitigation of Bias Injection Attacks Against a Kalman Filter
- 2017
-
In: IFAC-PapersOnLine. - : Elsevier. - 2405-8963. ; 50:1, s. 8393-8398
-
Journal article (peer-reviewed)abstract
- In this paper, we consider a state estimation problem for stochastic linear dynamical systems in the presence of bias injection attacks. A Kalman filter is used as an estimator, and a chi-squared test is used to detect anomalies. We first show that the impact of the worst-case bias injection attack in a stochastic setting can be analyzed by a deterministic quadratically constrained quadratic program, which has an analytical solution. Based on this result, we propose a criterion for selecting sensors to secure in order to mitigate the attack impact. Furthermore, we derive a condition on the necessary number of sensors to secure in order for the impact to be less than a desired threshold.
|
|
| 9. |
- Milošević, Jezdimir, et al.
(author)
-
Exploiting Submodularity in Security Measure Allocation for Industrial Control Systems
- 2017
-
In: Proceedings of the 1st ACM Workshop on the Internet of Safe Things. - New York, NY, USA : ACM. ; , s. 64-69
-
Conference paper (peer-reviewed)abstract
- Industrial control systems are cyber-physical systems that are used to operate critical infrastructures such as smart grids, traffic systems, industrial facilities, and water distribution networks. The digitalization of these systems increases their efficiency and decreases their cost of operation, but also makes them more vulnerable to cyber-attacks. In order to protect industrial control systems from cyber-attacks, the installation of multiple layers of security measures is necessary. In this paper, we study how to allocate a large number of security measures under a limited budget, such as to minimize the total risk of cyber-attacks. The security measure allocation problem formulated in this way is a combinatorial optimization problem subject to a knapsack (budget) constraint. The formulated problem is NP-hard, therefore we propose a method to exploit submodularity of the objective function so that polynomial time algorithms can be applied to obtain solutions with guaranteed approximation bounds. The problem formulation requires a preprocessing step in which attack scenarios are selected, and impacts and likelihoods of these scenarios are estimated. We discuss how the proposed method can be applied in practice.
|
|
| 10. |
- Milosevic, Jezdimir, 1991-
(author)
-
Model Based Impact Analysis and Security Measure Allocation for Control Systems
- 2018
-
Licentiate thesis (other academic/artistic)abstract
- Improvement of cyber-security of industrial control systems is of utmost importance for our society. It has been recognized that many security vulnerabilities can be found in these systems, which if exploited may lead to dire consequences. For instance, successful cyber-attacks against industrial control systems may cause loss of electricity, lead to shortage of drinkable water,or disrupt oil and gas production. Deploying security measures to protect industrial control systems may be costly. Thus, it is expected that we would not be able to prevent all the security vulnerabilities that we find within the systems. In this thesis, we consider two problems related to this issue. The first one is how to determine which combinations of vulnerabilities are the most critical to be prevented. An important part of this classification is estimating the impact of cyber-attacks conducted using these vulnerabilities, which is the first major problem considered in the thesis. The budget for deploying security measures can then be focused on preventing the most critical combinations of vulnerabilities that are found. How to do this in an optimal way once the number of vulnerabilities and measures is large is the second major problem considered. As our first contribution, we outline a framework for estimating the attack impact in industrial control systems. Here, we consider industrial control systems that have both control and monitoring tasks. For industrial control systems with control tasks, we propose a framework to estimate the impact of several attack strategies. We prove that the estimation of the impact of all possible strategies is reducible to solving a set of convex minimization problems. The solvers for convex minimization problems are well known, so the exact value of the attack impact can be obtained easily. For industrial control systems with monitoring tasks, we analyze the impact of a bias injection attack strategy. We prove that the attack impact can be obtained as the solution of a quadratically constrained quadratic program, for which the exact solution can be found efficiently. We also introduce a lower bound of the attack impact in terms of the number of compromised sensors. The theoretical findings are illustrated in numerical examples. As our second contribution, we propose a flexible modeling framework for allocating security measures. Our framework is suitable for dynamical models of industrial control systems, and can be used in cases when the number of vulnerabilities and measures is large. The advantages of our framework are the following. Firstly, the framework includes an algorithm for efficiently finding the most dangerous vulnerabilities in the system. Secondly, the problem of eliminating these vulnerabilities can provably be casted as a minimization of a linear function subject to a submodular constraint. This implies that the suboptimal solution of the problem, with guaranteed performance, can be found using a fast greedy algorithm. The applicability of the framework is demonstrated through simulations on an industrial control system used for regulating temperature within a building
|
|
