SwePub - search: WFRF:(Teixeira André Associate...

Enumeration	Reference	Cover	Find
1.	Nguyen, Anh Tung, 1995- (author) Security Allocation in Networked Control Systems 2023 Licentiate thesis (other academic/artistic)abstract Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. Consequently, the critical infrastructure is put at risk of suffering operation disruption and even physical damage that would inflict financial costs as well as pose a hazard to human health. Therefore, security is crucial to the sustained efficient operation of critical infrastructure. This thesis develops a framework for evaluating and improving the security of networked control systems in the face of cyberattacks. The considered security problem involves two strategic agents, namely a malicious adversary and a defender, pursuing their specific and conflicting goals. The defender aims to efficiently allocate defense resources with the purpose of detecting malicious activities. Meanwhile, the malicious adversary simultaneously conducts cyber attacks and remains stealthy to the defender. We tackle the security problem by proposing a game-theoretic framework and characterizing its main components: the payoff function, the action space, and the available information for each agent. Especially, the payoff function is characterized based on the output-to-output gain security metric that fully explores the worst-case attack impact. Then, we investigate the properties of the game and how to efficiently compute its equilibrium. Given the combinatorial nature of the defender’s actions, one important challenge is to alleviate the computational burden. To overcome this challenge, the thesis contributes several system- and graph-theoretic conditions that enable the defender to shrink the action space, efficiently allocating the defense resources. The effectiveness of the proposed framework is validated through numerical examples.
2.	Teixeira, André (author) Toward Cyber-Secure and Resilient Networked Control Systems 2014 Doctoral thesis (other academic/artistic)abstract Resilience is the ability to maintain acceptable levels of operation in the presence of abnormal conditions. It is an essential property in industrial control systems, which are the backbone of several critical infrastructures. The trend towards using pervasive information technology systems, such as the Internet, results in control systems becoming increasingly vulnerable to cyber threats. Traditional cyber security does not consider the interdependencies between the physical components and the cyber systems. On the other hand, control-theoretic approaches typically deal with independent disturbances and faults, thus they are not tailored to handle cyber threats. Theory and tools to analyze and build control system resilience are, therefore, lacking and in need to be developed. This thesis contributes towards a framework for analyzing and building resilient control systems.First, a conceptual model for networked control systems with malicious adversaries is introduced. In this model, the adversary aims at disrupting the system behavior while remaining undetected by an anomaly detector The adversary is constrained in terms of the available model knowledge, disclosure resources, and disruption capabilities. These resources may correspond to the anomaly detector’s algorithm, sniffers of private data, and spoofers of control commands, respectively.Second, we address security and resilience under the perspective of risk management, where the notion of risk is defined in terms of a threat’s scenario, impact, and likelihood. Quantitative tools to analyze risk are proposed. They take into account both the likelihood and impact of threats. Attack scenarios with high impact are identified using the proposed tools, e.g., zero-dynamics attacks are analyzed in detail. The problem of revealing attacks is also addressed. Their stealthiness is characterized, and how to detect them by modifying the system’s structure is also described.As our third contribution, we propose distributed fault detection and isolation schemes to detect physical and cyber threats on interconnected second-order linear systems. A distributed scheme based on unknown input observers is designed to jointly detect and isolate threats that may occur on the network edges or nodes. Additionally, we propose a distributed scheme based on local models and measurements that is resilient to changes outside the local subsystem. The complexity of the proposed methods is decreased by reducing the number of monitoring nodes and by characterizing the minimum amount of model information and measurements needed to achieve fault detection and isolation.Finally, we tackle the problem of distributed reconfiguration under sensor and actuator faults. In particular, we consider a control system with redundant sensors and actuators cooperating to recover from the removal of individual nodes. The proposed scheme minimizes a quadratic cost while satisfying a model-matching condition, which maintains the nominal closed-loop behavior after faults. Stability of the closed-loop system under the proposed scheme is analyzed.
3.	Coimbatore Anand, Sribalaji, 1994- (author) Risk-Based Analysis and Design of Secure Control Systems 2024 Doctoral thesis (other academic/artistic)abstract Networked Control Systems (NCSs) are integral to many critical infrastructures such as power grids, transportation, and production systems. The resilient operation of such NCS against cyber-attacks is essential for society, and risk management presents an effective framework for addressing these security challenges. The risk management framework encompasses two steps: risk assessment and risk mitigation. The risk assessment step aims to quantify the risk, whereas the risk mitigation step focuses on designing mitigation strategies. This thesis leverages the risk management framework to analyze and design NCSs that are resilient to cyber-attacks. In particular, this thesis aims to address the following research challenges. Firstly, we aim to assess the risk of attack scenarios that are realistic (risk assessment step). In particular, we consider adversaries and operators with different levels of knowledge about the NCS. For instance, an adversary or operator may possess complete knowledge of the system dynamics or have only partial knowledge with varying degrees of uncertainty. Hence, we describe a systematic approach to assess the risk considering the interplay between the knowledge levels of adversaries and operators.Secondly, we aim to design the NCS to minimize the risk of attacks (risk mitigation step). We explore three different strategies to minimize the risk: (a) controller/detector design, (b) security measure allocation, and (c) system architecture design. In the first strategy, we design the controller and detector gains to minimize the risk of attacks. Here, risk is characterized by the performance loss caused by stealthy attacks on the NCS. In the second strategy, we consider a distributed NCS where certain distributed devices can be secured from attacks by deploying secure sensors and actuators. Then, we aim to strategically determine the devices to secure and mitigate the risk of attacks effectively. Finally, inspired by digital watermarking, we explore the idea of introducing watermarks in NCS to detect attacks efficiently. Throughout the thesis, we provide various numerical examples to depict the efficacy of risk assessment and risk mitigation algorithms. We also provide numerous discussions and avenues for future research directions.
4.	Abdalmoaty, Mohamed, 1986-, et al. (author) Privacy and Security in Network Controlled Systems via Dynamic Masking 2023 In: IFAC-PapersOnLine. - : Elsevier. - 2405-8963. ; 56:2, s. 991-996 Journal article (peer-reviewed)abstract In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system using system identification techniques (privacy), and then performs a data injection attack (security). In particular, we consider an adversary conducting zero-dynamics attacks (ZDA) which maximizes the performance cost of the system whilst staying undetected. Using the proposed architecture, we show that it is possible to (i) introduce significant bias in the system estimates obtained by the adversary: thus providing privacy, and (ii) efficiently detect attacks when the adversary performs a ZDA using the identified system: thus providing security. Through numerical simulations, we illustrate the efficacy of the proposed architecture
5.	Arghavani, Abbas, et al. (author) A Game-theoretic Approach to Covert Communications in the Presence of Multiple Colluding Wardens 2021 In: 2021 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781728195056 Conference paper (peer-reviewed)abstract In this paper, we address the problem of covert communication under the presence of multiple wardens with a finite blocklength. The system consists of Alice, who aims to covertly transmit to Bob with the help of a jammer. The system also consists of a Fusion Center (FC), which combines all the wardens' information and decides on the presence or absence of Alice. Both Alice and jammer vary their signal power randomly to confuse the FC. In contrast, the FC randomly changes its threshold to confuse Alice. The main focus of the paper is to study the impact of employing multiple wardens on the trade-off between the probability of error at the FC and the outage probability at Bob. Hence, we formulate the probability of error and the outage probability under the assumption that the channels from Alice and jammer to Bob are subject to Rayleigh fading, while we assume that the channels from Alice and jammer to the wardens are not subject to fading. Then, we utilize a two-player zero-sum game approach to model the interaction between joint Alice and jammer as one player and the FC as the second player. We derive the pay-off function that can be efficiently computed using linear programming to find the optimal distributions of transmitting and jamming powers as well as thresholds used by the FC. The benefit of using a cooperative jammer is shown by means of analytical results and numerical simulations to neutralize the advantage of using multiple wardens at the FC.
6.	Chockalingam, Sabarathinam, et al. (author) Bayesian network model to distinguish between intentional attacks and accidental technical failures : a case study of floodgates 2021 In: Cybersecurity. - : Springer Nature. - 2523-3246. ; 4:1 Journal article (peer-reviewed)abstract Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.
7.	Chockalingam, Sabarathinam, et al. (author) Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures 2023 In: Journal of Information Security and Applications. - : ELSEVIER. - 2214-2134 .- 2214-2126. ; 75 Journal article (peer-reviewed)abstract Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain.
8.	Coimbatore Anand, Sribalaji, et al. (author) Risk assessment and optimal allocation of security measures under stealthy false data injection attacks 2022 In: 2022 IEEE Conference on Control Technology and Applications (CCTA). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665473392 - 9781665473385 ; , s. 1347-1353 Conference paper (peer-reviewed)abstract This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the adversary. The worst-case attack impact is characterized by the recently proposed output-to-output gain. We observe that the risk assessment problem corresponds to an infinite non-convex robust optimization problem. To this end, we use dissipative system theory and the scenario approach to approximate the risk-assessment problem into a convex problem and also provide probabilistic certificates on approximation. Secondly, we con-sider the problem of security measure allocation. We consider an operator with a constraint on the security budget. Under this constraint, we propose an algorithm to optimally allocate the security measures using the calculated risk such that the resulting Value-at-risk is minimized. Finally, we illustrate the results through a numerical example. The numerical example also illustrates that the security allocation using the Value-at-risk, and the impact on the nominal system may have different outcomes: thereby depicting the benefit of using risk metrics.
9.	Coimbatore Anand, Sribalaji, et al. (author) Risk-averse controller design against data injection attacks on actuators for uncertain control systems 2022 In: 2022 AMERICAN CONTROL CONFERENCE (ACC). - : IEEE. - 9781665451963 ; , s. 5037-5042 Conference paper (peer-reviewed)abstract In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impact of attacks. The worst-case attack impact is characterized using the recently proposed output-to-output l(2)-gain (OOG). We formulate the design problem and observe that it is non-convex and hard to solve. Using the framework of scenariobased optimization and a convex proxy for the OOG, we propose a convex optimization problem that approximately solves the design problem with probabilistic certificates. Finally, we illustrate the results through a numerical example.
10.	Coimbatore Anand, Sribalaji, et al. (author) Risk-based Security Measure Allocation Against Actuator Attacks 2023 In: IEEE Open Journal of Control Systems. - 2694-085X. ; , s. 1-12 Journal article (peer-reviewed)
11.	Coimbatore Anand, Sribalaji, et al. (author) Stealthy Cyber-Attack Design Using Dynamic Programming 2021 In: 2021 60th IEEE Conference On Decision And Control (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665436595 ; , s. 3474-3479 Conference paper (peer-reviewed)abstract This paper addresses the issue of data injection attacks on control systems. We consider attacks which aim at maximizing system disruption while staying undetected in the finite horizon. The maximum possible disruption caused by such attacks is formulated as a non-convex optimization problem whose dual problem is a convex semi-definite program. We show that the duality gap is zero using S-lemma. To determine the optimal attack vector, we formulate a soft-constrained optimization problem using the Lagrangian dual function. The framework of dynamic programming for indefinite cost functions is used to solve the soft-constrained optimization problem and determine the attack vector. Using the Karush-Kuhn-Tucker conditions, we also provide necessary and sufficient conditions under which the obtained attack vector is optimal to the primal problem. Finally, we illustrate the results through numerical examples.
12.	Ferrari, Riccardo M. G., et al. (author) Detection of Cyber-Attacks : A Multiplicative Watermarking Scheme 2021. - 486 In: Safety, Security and Privacy for Cyber-Physical Systems. - Cham : Springer Publishing Company. - 9783030650476 - 9783030650483 ; , s. 173-201 Book chapter (other academic/artistic)abstract This chapter addresses the problem of detecting stealthy data injection attacks on sensor measurements in a networked control system. A multiplicative watermarking scheme is proposed, where the data from each sensor is post-processed by a time-varying filter called watermark generator. At the controller’s side, the watermark is removed from each channel by another filter, called the watermark remover, thus reconstructing the original signal. The parameters of each remover are matched to those of the corresponding generator, and are supposed to be a shared secret not known by the attacker. The rationale for time-varying watermarks is to allow model-based schemes to detect otherwise stealthy attacks by constantly introducing mismatches between the actual and the nominal dynamics used by the detector. A specific model-based diagnosis algorithm is designed to this end. Under the proposed watermarking scheme, the robustness and the detectability properties of the model-based detector are analyzed and guidelines for designing the watermarking filters are derived. Distinctive features of the proposed approach, with respect to other solutions like end-to-end encryption, are that the scheme is lightweight enough to be applied also to legacy control systems, the absence of side-effects such as delays, and the possibility of utilizing a robust controller to operate the closed-loop system in the event of the transmitter and receiver losing synchronization of their watermarking filters. The results are illustrated through numerical examples.
13.	Ferrari, Riccardo M. G., et al. (author) Introduction to the Book 2021 In: Safety, Security and Privacy for Cyber-Physical Systems. - Cham : Springer. - 9783030650476 - 9783030650483 ; , s. 1-8 Book chapter (other academic/artistic)abstract In this introductory chapter, we illustrate the book’s motivation and objective. In particular, the book takes its raison d’être from the need for protecting Cyber-Physical Systems (CPSs) against threats originating either in the cyber or in the physical domain. Exploring the concepts of safety, security, and privacy for CPSs thus emerged as the natural goal to reach. In order to better support this objective and to help the reader to navigate the book contents, a taxonomy of the above-mentioned concepts is introduced, based on a set of three triads, including the well-known Confidentiality, Integrity, and Availability triad which was introduced in the Information Technology security literature.
14.	Gallo, Alexander J., et al. (author) Design of multiplicative watermarking against covert attacks 2021 In: 2021 60th IEEE CConference On Decision And Control (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665436595 ; , s. 4176-4181 Conference paper (peer-reviewed)abstract This paper addresses the design of an active cyber-attack detection architecture based on multiplicative watermarking, allowing for detection of covert attacks. We propose an optimal design problem, relying on the so-called output-to-output l(2)-gain, which characterizes the maximum gain between the residual output of a detection scheme and some performance output. Although optimal, this control problem is non-convex. Hence, we propose an algorithm to design the watermarking filters by solving the problem suboptimally via LMIs. We show that, against covert attacks, the output-to-output l(2)-gain is unbounded without watermarking, and we provide a sufficient condition for boundedness in the presence of watermarks.
15.	Gallo, Alexander J. (author) Switching Multiplicative Watermark Design against Covert Attacks 2024 Journal article (peer-reviewed)
16.	Knorn, Steffi, et al. (author) Effects of jamming attacks on a control system with energy harvesting 2019 In: IEEE Control Systems Letters. - : Institute of Electrical and Electronics Engineers (IEEE). - 2475-1456. ; 3:4, s. 829-834 Journal article (peer-reviewed)abstract We consider the problem of control and remote state estimation with battery constraints and energy harvesting at the sensor (transmitter) under DoS/jamming attacks. We derive the optimal non-causal energy allocation policy that depends on current properties of the channel and on future energy usage. The performance of this policy is analyzed under jamming attacks on the wireless channel, in which the assumed and the true channel gains differ, and we show that the resulting control cost is not monotonic with respect to the assumed channel gain used in the transmission policy. Additionally, we show that, in case there exists a stabilizing policy, then the optimal causal policy ensures stability of the estimation process. The results were illustrated for non-causal and causal energy allocation policies under different jamming attacks.
17.	Li, Zishuo, et al. (author) Secure State Estimation with Asynchronous Measurements against Malicious Measurement-Data and Time-Stamp Manipulation 2023 In: 2023 62nd IEEE Conference on Decision and Control, CDC 2023. - : Institute of Electrical and Electronics Engineers (IEEE). - 9798350301243 - 9798350301250 ; , s. 7073-7080 Conference paper (peer-reviewed)abstract This paper proposes a secure state estimation scheme with asynchronous non-periodic measurements for con-tinuous LTI systems under false data attacks on measurement transmission channels. Each sensor transmits the measurement information in a triple comprised of its sensor index, the time-stamp, and the measurement value to the fusion center via unprotected communication channels. A malicious attacker can corrupt a subset of sensors by (i) manipulating the time-stamp and the measurement value, (ii) blocking transmitted measurement triples, or (iii) injecting fake measurement triples. To deal with such attacks, we propose a secure state estimator by designing decentralized local estimators and fusing all the local states by the median operator. The local estimators receive the sampled measurements and update their local state in an asynchronous manner, while the fusion center triggers the fusion and generates a secure estimation in the presence of a local update. We prove that local estimators of benign sensors are unbiased with stable error covariance. Moreover, the fused secure estimation error has bounded expectation and covariance against at most p corrupted sensors as long as the system is 2p-sparse observable. The efficacy of the proposed scheme is demonstrated through a benchmark example of the IEEE 14-bus system.
18.	Naha, Arunava, et al. (author) Deception Attack Detection using Reduced Watermarking 2021 In: ECC 2021. - : Institute of Electrical and Electronics Engineers (IEEE). - 9789463842365 - 9781665479455 ; , s. 74-80 Conference paper (peer-reviewed)abstract The addition of physical watermarking to the control input is a well-adopted technique to detect the data deception attacks on the cyber-physical systems. However, the addition of the watermarking increases the control cost. On the other hand, the attack might be a rare event. In this paper, we propose to reduce the control cost when the system is not under attack by adding the watermarking as and when needed depending on a posterior probability of attack. We first formulate a stochastic optimal control problem, and then solve it using dynamic programming by keeping a balance between the detection delay, false alarm rate (FAR), and the reduction in control cost. We numerically find two thresholds from the value iterations, Th e and Th d , Th d is greater than Th e , for the posterior probability of attack p k . If p k is greater than or equal to Th e , then the watermarking signal is added for the (k+1)-th instant of time. On the other hand, if p k greater than or equal to Th d , then we declare that the system is under attack. We have provided simulation results to illustrate our approach. For the example system model considered in this paper, we have achieved a considerable reduction in the control cost during the normal operation compared to the case where watermarking is always present without sacrificing much in the detection delay.
19.	Naha, Arunava, et al. (author) Quickest detection of deception attacks on cyber-physical systems with a parsimonious watermarking policy 2023 In: Automatica. - : Elsevier BV. - 0005-1098 .- 1873-2836. ; 155 Journal article (peer-reviewed)abstract Adding a physical watermarking signal to the control input of a networked control system increases the detection probability of data deception attacks at the expense of increased control cost. This paper proposes a parsimonious policy to limit the average number of watermarking events when the attack is not present, which in turn reduces the control cost. We model the system as a stochastic optimal control problem and apply dynamic programming to minimize the average detection delay (ADD) for fixed upper bounds on false alarm rate (FAR) and an average number of watermarking events (ANW) before the attack. Under practical circumstances, the optimal solution results in a two threshold policy on the posterior probability of attack, derived from the Shiryaev statistics for sequential change detection and assuming the change point is a random variable. We derive asymptotically approximate analytical expressions of ADD and FAR, applying the non-linear renewal theory for non-independent and identically distributed data. The derived expressions reveal that ADD reduces with the increase in the Kullback-Leibler divergence (KLD) between the post-and pre-attack distributions of the test statistics. Therefore, we further design the optimal watermarking that maximizes the KLD for a fixed increase in the control cost. The relationship between the ANW and the increase in control cost is also derived. Simulation studies are performed to illustrate and validate the theoretical results.
20.	Naha, Arunava, et al. (author) Quickest physical watermarking-based detection of measurement replacement attacks in networked control systems 2023 In: European Journal of Control. - : Elsevier. - 0947-3580 .- 1435-5671. ; 71 Journal article (peer-reviewed)abstract In this paper, we propose and analyze an attack detection scheme for securing the physical layer of a networked control system (NCS) with a wireless sensor network against attacks where the adversary replaces the true observations with stationary false data. An independent and identically distributed watermarking signal is added to the optimal linear quadratic Gaussian (LQG) control inputs, and a cumulative sum (CUSUM) test is carried out using the joint distribution of the innovation signal and the watermarking signal for quickest attack detection. We derive the expressions of the supremum of the average detection delay (SADD) for a multi-input and multi-output (MIMO) system under the optimal and sub-optimal CUSUM tests. The SADD is asymptotically inversely proportional to the expected Kullback–Leibler divergence (KLD) under certain conditions. The expressions for the MIMO case are simplified for multi-input and single-output systems and explored further to distil design insights. We provide insights into the design of an optimal watermarking signal to maximize KLD for a given fixed increase in LQG control cost when there is no attack. Furthermore, we investigate how the attacker and the control system designer can accomplish their respective objectives by changing the relative power of the attack signal and the watermarking signal. Simulations and numerical studies are carried out to validate the theoretical results.
21.	Naha, Arunava, et al. (author) Sequential detection of Replay attacks 2023 In: IEEE Transactions on Automatic Control. - : IEEE. - 0018-9286 .- 1558-2523 .- 2334-3303. ; 68:3, s. 1941-1948 Journal article (peer-reviewed)abstract One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this article, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilient detection using cumulative sum (CUSUM) test on the joint statistics of the innovation signal and the watermarking signal, whereas existing work considers only the marginal distribution of the innovation signal. We derive the expression of the Kullback-Liebler divergence (KLD) between the two joint distributions before and after the replay attack, which is, asymptotically, inversely proportional to the detection delay. We perform a structural analysis of the derived KLD expression and suggest a technique to improve the KLD for the systems with relative degree greater than one. A scheme to find the optimal watermarking signal variance for a fixed increase in the control cost to maximize the KLD under the CUSUM test is presented. We provide various numerical simulation results to support our theory. The proposed method is also compared with a state-of-the-art method based on the Neyman-Pearson detector, illustrating the smaller detection delay of the proposed sequential detector.
22.	Naha, Arunava, et al. (author) Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy 2022 In: 2022 American Control Conference (ACC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665451963 - 9781665494809 - 9781665451970 ; , s. 4868-4875 Conference paper (peer-reviewed)abstract In this paper, we have proposed a technique for Bayesian sequential detection of replay attacks on networked control systems with a constraint on the average number of watermarking (ANW) events used during normal system operations. Such a constraint limits the increase in the control cost due to watermarking. To determine the optimal sequence regarding the addition or otherwise of watermarking signals, first, we formulate an infinite horizon stochastic optimal control problem with a termination state. Then applying the value iteration approach, we find an optional policy that minimizes the average detection delay (ADD) for fixed upper bounds on the false alarm rate (FAR) and ANW. The optimal policy turns out to be a two thresholds policy on the posterior probability of attack. We derive approximate expressions of ADD and FAR as functions of the two derived thresholds and a few other parameters. A simulation study on a single-input single-output system illustrates that the proposed method improves the control cost considerably at the expense of small increases in ADD. We also perform simulation studies to validate the derived theoretical results.
23.	Naha, Arunava, et al. (author) Structural analyses of a parsimonious watermarking policy for data deception attack detection in networked control systems 2022 In: 2022 IEEE 61st Conference on Decision and Control (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665467612 - 9781665467605 - 9781665467629 ; , s. 7648-7655 Conference paper (peer-reviewed)abstract In this paper, we perform structural analyses of a parsimonious watermarking policy, which minimizes the average detection delay (ADD) to detect data deception attacks on networked control systems (NCS) for a fixed upper bound on the false alarm rate (FAR). The addition of physical watermarking to the control input of a NCS increases the probability of attack detections with an increase in the control cost. Therefore, we formulate the problem of data deception attack detection for NCS with the facility to add physical watermarking as a stochastic optimal control problem. Then we solve the problem by applying dynamic programming value iterations and find a parsimonious watermarking policy that decides to add watermarking and detects attacks based on the estimated posterior probability of attack. We analyze the optimal policy structure and find that it can be a one, two or three threshold policy depending on a few parameter values. Simulation studies show that the optimal policy for a practical range of parameter values is a two-threshold policy on the posterior probability of attack. Derivation of a threshold-based policy from the structural analysis of the value iteration method reduces the computational complexity during the runtime implementation and offers better structural insights. Furthermore, such an analysis provides a guideline for selecting the parameter values to meet the design requirements.
24.	Nguyen, Anh Tung, et al. (author) A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems 2022 In: IFAC-PapersOnLine. - : Elsevier. - 2405-8963. ; 55:13, s. 49-54 Journal article (peer-reviewed)abstract This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to monitor the system and detect the presence of the adversary. On the other hand, the adversary selects a single vertex through which to conduct a cyber-attack that maximally disrupts the target vertex while remaining undetected by the detector. As our first contribution, for a given pair of attack and monitor vertices and a known target vertex, the game payoff function is defined as the output-to-output gain of the respective system. Then, the paper characterizes the set of feasible actions by the detector that ensures bounded values of the game payoff. Finally, an algebraic sufficient condition is proposed to examine whether a given vertex belongs to the set of feasible monitor vertices. The optimal sensor placement is then determined by computing the mixed-strategy Nash equilibrium of the zero-sum game through linear programming. The approach is illustrated via a numerical example of a 10-vertex networked control system with a given target vertex.
25.	Nguyen, Anh Tung, et al. (author) Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks 2023 Conference paper (peer-reviewed)abstract This paper proposes a game-theoretic method to address the problem of optimal detector placement in a networked control system under cyber-attacks. The networked control system is composed of interconnected agents where each agent is regulated by its local controller over unprotected communication, which leaves the system vulnerable to malicious cyber-attacks. To guarantee a given local performance, the defender optimally selects a single agent on which to place a detector at its local controller with the purpose of detecting cyber-attacks. On the other hand, an adversary optimally chooses a single agent on which to conduct a cyber-attack on its input with the aim of maximally worsening the local performance while remaining stealthy to the defender. First, we present a necessary and sufficient condition to ensure that the maximal attack impact on the local performance is bounded, which restricts the possible actions of the defender to a subset of available agents. Then, by considering the maximal attack impact on the local performance as a game payoff, we cast the problem of finding optimal actions of the defender and the adversary as a zero-sum game. Finally, with the possible action sets of the defender and the adversary, an algorithm is devoted to determining the Nash equilibria of the zero-sum game that yield the optimal detector placement. The proposed method is illustrated on an IEEE benchmark for power systems.
26.	Nguyen, Anh Tung, 1995-, et al. (author) Security Allocation in Networked Control Systems under Stealthy Attacks Other publication (other academic/artistic)abstract This paper considers the problem of security allocation in a networked control system under stealthy attacks in which the system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack to maximally disrupt the local performance while remaining undetected. On the other hand, a defender selects several vertices on which to allocate defense resources against the adversary. First, the objectives of the adversary and the defender with uncertain targets are formulated in probabilistic ways, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to a subset of available vertex sets. Then, we cast the problem of security allocation in a Stackelberg game-theoretic framework. Finally, the contribution of this paper is highlighted by utilizing the proposed admissible actions of the defender in the context of large-scale networks. A numerical example of a 50-vertex networked control system is presented to validate the obtained results.
27.	Ramos, Guilherme, et al. (author) On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms 2023 In: 2023 62nd IEEE Conference on Decision and Control, (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9798350301243 - 9798350301250 ; , s. 8026-8031 Conference paper (peer-reviewed)abstract There can be none. In this paper, we address the problem of a set of discrete-time networked agents reaching average consensus privately and resiliently in the presence of a subset of attacked agents. Existing approaches to the problem rely on trade-offs between accuracy, privacy, and resilience, sacrificing one for the others. We show that a separation-like principle for privacy-preserving and resilient discrete-time average consensus is possible. Specifically, we propose a scheme that combines strategies from resilient average consensus and private average consensus, which yields both desired properties. The proposed scheme has polynomial time-complexity on the number of agents and the maximum number of attacked agents. In other words, each agent that is not under attack is able to detect and discard the values of the attacked agents, reaching the average consensus of non-attacked agents while keeping each agent's initial state private. Finally, we demonstrate the effectiveness of the proposed method with numerical results.
28.	Rostampour, Vahab, et al. (author) Privatized Distributed Anomaly Detection for Large-Scale Nonlinear Uncertain Systems 2021 In: IEEE Transactions on Automatic Control. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9286 .- 1558-2523. ; 66:11, s. 5299-5313 Journal article (peer-reviewed)abstract In this article two limitations in current distributed model based approaches for anomaly detection in large-scale uncertain nonlinear systems are addressed. The first limitation regards the high conservativeness of deterministic detection thresholds, against which a novel family of set-based thresholds is proposed. Such set-based thresholds are defined in a way to guarantee robustness in a user-defined probabilistic sense, rather than a deterministic sense. They are obtained by solving a chance-constrained optimization problem, thanks to a randomization technique based on the Scenario Approach. The second limitation regards the requirement, in distributed anomaly detection architectures, for different parties to regularly communicate local measurements. In settings where these parties want to preserve their privacy, communication may be undesirable. In order to preserve privacy and still allow for distributed detection to be implemented, a novel privacy-preserving mechanism is proposed and a so-called privatized communication protocol is introduced. Theoretical guarantees on the achievable level of privacy, along with a characterization of the robustness properties of the proposed distributed threshold set design, taking into account the privatized communication scheme, are provided. Finally, simulation studies are included to illustrate our theoretical developments.
29.	Teixeira, André, Associate Professor, et al. (author) Distributed Sensor and Actuator Reconfiguration for Fault-Tolerant Networked Control Systems 2018 In: IEEE Transactions on Control of Network Systems. - : Institute of Electrical and Electronics Engineers (IEEE). - 2325-5870. ; 5:4, s. 1517-1528 Journal article (peer-reviewed)abstract In this paper, we address the problem of distributed reconfiguration of networked control systems upon the removal of misbehaving sensors and actuators. In particular, we consider systems with redundant sensors and actuators cooperating to recover from faults. Reconfiguration is performed while minimizing a steady-state estimation error covariance and quadratic control cost. A model-matching condition is imposed on the reconfiguration scheme. It is shown that the reconfiguration and its underlying computation can be distributed. Using an average dwell-time approach, the stability of the distributed reconfiguration scheme under finite-time termination is analyzed. The approach is illustrated in a numerical example.
30.	Teixeira, André M. H., Associate Professor, 1986- (author) Security Metrics for Control Systems 2021 In: Safety, Security and Privacy for Cyber-Physical Systems. - Cham : Springer. - 9783030650476 - 9783030650483 ; , s. 99-121 Book chapter (other academic/artistic)abstract In this chapter, we consider stealthy cyber- and physical attacks against control systems, where malicious adversaries aim at maximizing the impact on control performance, while simultaneously remaining undetected. As an initial goal, we develop security-related metrics to quantify the impact of stealthy attacks on the system. The key novelty of these metrics is that they jointly consider impact and detectability of attacks, unlike classical sensitivity metrics in robust control and fault detection. The final objective of this work is to use such metrics to guide the design of optimal resilient controllers and detectors against stealthy attacks, akin to the classical design of optimal robust controllers. We report preliminary investigations on the design of resilient observer-based controllers and detectors, which are supported and illustrated through numerical examples.
31.	Tosun, Fatih Emre, et al. (author) Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbance 2022 In: 2022 AMERICAN CONTROL CONFERENCE (ACC). - : IEEE. - 9781665451963 ; , s. 1398-1405 Conference paper (peer-reviewed)abstract The artificial pancreas is an emerging concept of closed-loop insulin delivery that aims to tightly regulate the blood glucose levels in patients with type 1 diabetes. This paper considers bias injection attacks on the glucose sensor deployed in an artificial pancreas. Modern glucose sensors transmit measurements through wireless communication that are vulnerable to cyber-attacks, which must be timely detected and mitigated. To this end, we propose a model-based anomaly detection scheme using a Kalman filter and a chi(2) test. One key challenge is to distinguish cyber-attacks from large unknown disturbances arising from meal intake. This challenge is addressed by an online meal estimator, and a novel time-varying detection threshold. More precisely, we show that the ordinary least squares is the optimal unbiased estimator of the meal size under certain modelling assumptions. Moreover, we derive a novel time-varying threshold for the chi(2) detector to avoid false alarms during meal ingestion. The results are validated by means of numerical simulations.
32.	Tosun, Fatih Emre, et al. (author) Quickest detection of bias injection attacks on the glucose sensor in the artificial pancreas under meal disturbances 2024 In: Journal of Process Control. - : Elsevier. - 0959-1524 .- 1873-2771. ; 135 Journal article (peer-reviewed)abstract Modern glucose sensors deployed in closed -loop insulin delivery systems, so-called artificial pancreas use wireless communication channels. While this allows a flexible system design, it also introduces vulnerability to cyberattacks. Timely detection and mitigation of attacks are imperative for device safety. However, large unknown meal disturbances are a crucial challenge in determining whether the sensor has been compromised or the sensor glucose trajectories are normal. We address this issue from a control -theoretic security perspective. In particular, a time -varying Kalman filter is employed to handle the sporadic meal intakes. The filter prediction error is then statistically evaluated to detect anomalies if present. We compare two state-of-the-art online anomaly detection algorithms, namely the ï¿œï¿œï¿œï¿œï¿œï¿œ2 and CUSUM tests. We establish a robust optimal detection rule for unknown bias injections. Even if the optimality holds only for the restrictive case of constant bias injections, we show that the proposed model -based anomaly detection scheme is also effective for generic non -stealthy sensor deception attacks through numerical simulations.
33.	Tosun, Fatih Emre, et al. (author) Robust Sequential Detection of Non-stealthy Sensor Deception Attacks in an Artificial Pancreas System 2023 In: 2023 62nd IEEE Conference on Decision and Control (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). - 9798350301243 - 9798350301250 ; , s. 2827-2832 Conference paper (peer-reviewed)abstract This paper considers deterministic sensor deception attacks in closed-loop insulin delivery. Since the quality of decision-making in control systems heavily relies on accurate sensor measurements, timely detection of attacks is imperative. To this end, we consider a model-based anomaly detection scheme based on Kalman filtering and sequential change detection. In particular, we derive the minimax robust CUSUM and Shewhart tests that minimizes the worst-case mean detection delay and maximizes the instant detection rate, respectively. As a byproduct of our analysis, we show that the notorious.2 test shares an interesting optimality property with the twosided Shewhart test. Finally, we show that one-sided sequential detectors can significantly improve sensor anomaly detection for preventing overnight hypoglycemia which can be fatal.
34.	Wigren, Torbjörn, et al. (author) Delay Attack and Detection in Feedback Linearized Control Systems 2024 In: Proceedings of European Control Conference. ; , s. 1569-1576 Conference paper (peer-reviewed)
35.	Wigren, Torbjörn, et al. (author) Feedback Path Delay Attacks and Detection 2023 In: Proceedings of the 62nd IEEE Conference on Decision and Control (CDC). - Singapore : Institute of Electrical and Electronics Engineers (IEEE). - 9798350301243 - 9798350301250 ; , s. 3864-3871 Conference paper (peer-reviewed)abstract The paper discusses delay injection attacks on regulator loops and suggests joint recursive prediction error identification of delay and dynamics for supervision and attack detection. The control system is assumed to be operated either in open- or closed-loop mode. It is shown why delay insertion in the feedback path before the user switches to closed-loop operation is advantageous to disguise the attack. The detection performance is evaluated numerically for a linearized automotive cruise control feedback loop.
36.	Wigren, Torbjörn, et al. (author) On-line Identification of Delay Attacks in Networked Servo Control 2023 In: Prep. IFAC World Congress. - : IFAC Papers Online. ; , s. 1041-1047 Conference paper (peer-reviewed)abstract The paper discusses attacks on networked control loops by increased delay, and shows how existing round trip jitter may disguise such attacks. The attackers objective need not be de-stabilization, the paper argues that making settling time requirements fail can be sufficient. To defend against such attacks, the paper proposes the use of joint recursive prediction error identification of the round trip delay and the networked closed loop dynamics. The proposed identification algorithm allows general defense, since it is designed for delayed nonlinear dynamics in state space form. Simulations show that the method is able to detect a delay attack on a printed circuit board component mounting servo loop, long before the attack reaches full effect.
37.	Zhang, Qirui, et al. (author) An Online Kullback-Leibler Divergence-Based Stealthy Attack Against Cyber-Physical Systems 2023 In: IEEE Transactions on Automatic Control. - : IEEE. - 0018-9286 .- 1558-2523. ; 68:6, s. 3672-3679 Journal article (peer-reviewed)abstract This article investigates the design of online stealthy attacks with the aim of moving the system's state to the desired target. Different from the design of offline attacks, which is only based on the system's model, to design the online attack, the attacker also estimates the system's state with the intercepted data at each instant and computes the optimal attack accordingly. To ensure stealthiness, the Kullback-Leibler divergence between the innovations with and without attacks at each instant should be smaller than a threshold. We show that the attacker should solve a convex optimization problem at each instant to compute the mean and covariance of the attack. The feasibility of the attack policy is also discussed. Furthermore, for the strictly stealthy case with zero threshold, the analytical expression of the unique optimal attack is given. Finally, a numerical example of the longitudinal flight control system is adopted to illustrate the effectiveness of the proposed attack.

Skapa referenser, mejla, bekava och länka

Permalink

Träfflista för sökning "WFRF:(Teixeira André Associate Professor) "

Refine your search

Year