- 107 views
- 157 downloads
Optimal Cyber-Attacks under Energy and Stealthiness Constraints in Cyber-Physical Systems
-
- Author / Creator
- Zhou, Jing
-
Cyber-physical systems (CPSs) integrate the cyber world and physical entities via seamless combinations of sensing, communication, and control. One typical feature of CPSs is that massive data packets are transmitted through unreliable wireless networks, which can be intercepted or manipulated by malicious agents. These cyber-attacks may lead to confidential information leakage, system performance degradation, and even serious industrial incidents. As a prerequisite, the investigation of worst-case attacks from an adversary's perspective is essential to reveal vulnerabilities of CPSs and establish a basis for subsequent development of countermeasures. Therefore, this thesis focuses on the design of worst-case attacks in industrial CPSs with energy and stealthiness constraints.
Two research topics are considered. First, we study the scenario where an adversary launches denial-of-service (DoS) attacks against control channels of a linear quadratic regulator (LQR). Owing to energy constraints, the attacker can only launch consecutive attacks with a fixed horizon to maximize the LQR control cost. Necessary and sufficient conditions are derived under which the optimality of attacking from the initial instant can be preserved despite the randomness of initial states. Second, we consider the scenario that malicious agents can intercept and modify sensor measurements of a remote state estimator, with the purpose to degrade the estimation quality while remaining undetected by anomaly detectors. This scenario is composed of three topics: i) An innovation-based linear attack fusing all available information is proposed, which clarifies a counter-intuitive issue in existing work. Explicit expressions of optimal stealthy attack coefficients are obtained without solving optimization problems numerically. ii) The optimal information-based attack that achieves the maximum greedy performance and deceives χ2 detectors is derived. For both attacks with strict and relaxed stealthiness, the optimal compromised innovation is shown to be a linear function of the conditional minimum mean-square error (MMSE) estimate of prediction errors. A unified framework and a separation principle are proposed to handle more general scenarios that the attacker has access to different levels of online information. iii) The optimal information-based stealthy attack leading to the maximum holistic performance is obtained. The compromised innovation is constructed as a linear combination of the MMSE estimates of all historical prediction errors; then the combination coefficients are obtained by solving a convex optimization problem. Moreover, the proposed attack can be generalized to deceive interval χ2 detectors with different lengths. It is shown that the worst-case attack effect is determined by both the amount of online information and the duration of the detection interval. The effectiveness of the proposed methods is demonstrated by theoretical analysis, numerical examples, as well as comparative studies with existing work. These findings lead us to a better understanding of vulnerabilities of industrial CPSs and facilitate development of protective measures.
-
- Graduation date
- Fall 2022
-
- Type of Item
- Thesis
-
- Degree
- Doctor of Philosophy
-
- License
- This thesis is made available by the University of Alberta Library with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.